Determining the ROI of XDR

For many years, defining the return on investment (ROI) for a cybersecurity project, including the ROI of Extended Detection and Response (XDR), was challenging. It was not easy to describe the actual value of many of the protections that were implemented in an organization. Too often, the explanation about how a product could improve security was a nebulous description of what might happen in the absence of that protection.

Cybersecurity professionals struggled when the C-Level executives requested quantitative metrics to justify a budgetary expense. Now, newer models of Extended Detection and Response (XDR) provide cybersecurity professionals with quantitative results to show the benefits of this approach. The quantitative findings shared below were gathered from a survey of 100 IT and security executives from within the Pulse community, conducted on behalf of Cisco.

A Critically Necessary Part of Their Infrastructure

The most prominent finding from the survey is that the majority (75%) of respondents agreed that XDR is a critical part of their security architecture. The highest-ranking component of XDR was endpoint detection and response. This has important implications, especially since so many organizations are now considering a hybrid work environment, sharing remote and traditional office-based work arrangements.

Survey responses on Extended Detection and Response solution

Faster Detection Means Faster Response

Given that endpoint protection was at the top of the XDR value equation, there was also a positive correlation in the ability to remediate threats. 75% of the survey respondents indicated that they experienced up to 30% faster response times in finding and remediating threats. That’s a significant increase in the ability to prevent the spread of threats within an organization.

graph - XDR improvement in threat detection

Faster Detection and Response Means Saved Hours

To put the value of faster detection into sharper perspective and therefore show the significant ROI of XDR, most respondents to the survey agreed that the reduction in response time resulted in saved time for their security teams. This equated to up to 30 hours—nearly one full work-week. In monetary terms, that is a significant savings. Not only is time saved with the XDR solution, but productivity was also increased, according to more than 65% of survey respondents.

Much of an analyst’s time can be wasted chasing false alarms. Reducing time spent on that task means their resources can be spent on more productive activities that more significantly and more strategically benefit the organization. Less time wasted also reduces burnout among team members.

Estimated weekly time savings from XDR solution

A Single Vendor for a Comprehensive Solution

Cost-savings can extend beyond the amount of time it takes to remediate problems. Eighty percent of our survey respondents indicated that vendor reduction results in financial savings. Nearly half (49%) answered that savings ranged from $25,000 to more than $100,000 annually.

Estimated annual savings from XDR solution

Integration Increases XDR Value

Many times, a product can possess all of the features to improve security, increase production, and add value, only to fail because it does not integrate into the existing infrastructure. Our survey showed that XDR integration improved the organization’s security posture, integrating and aggregating information from existing security tools. In fact, integration was the one feature that respondents called out as the most valuable capability within their XDR solution.

Our survey showed that XDR integration improved the organization’s security posture, integrating and aggregating information from existing security tools

Specific ROI of XDR to Present to the C-Level

If your company is like most, the C-Suite requires compelling data about how to spend money. Fortunately, with the results of the Pulse survey, there are now quantitative numbers to support the value of bolstering your security posture with an XDR approach that utilizes the features you’ll find in Cisco’s SecureX. Whether your organization consists of 10,000+ employees, or less than 1,000 employees, an XDR solution can make a difference that adds tangible value to your security organization.

Learn more about Cisco’s XDR approach

See more results from the Pulse survey:

Future of Extended Detection and Response (XDR)