the total economic impact™ of inspired elearning’s ...€¦ · costs. the organization...

A Forrester Total Economic Impact™

Study Commissioned By Inspired

eLearning

June 2019

The Total Economic Impact™ Of Inspired eLearning’s Security First Solutions

Cost Savings And Business Benefits Enabled By Inspired eLearning’s Security First Solutions

Table Of Contents Executive Summary 1

Key Findings 1

TEI Framework And Methodology 3

The Inspired eLearning Security First Solutions Customer Journey 4

Interviewed Customers 4

The Composite Organization 4

Key Business Goals And Objectives 5

Key Results 5

Analysis Of Benefits 6

License And Implementation Savings Compared To Previous Security Awareness Training Environment 6

Employee Time Savings With Inspired eLearning 7

Forrester: The Impact Of A Breach And Value Of Inspired eLearning Security First Solutions 9

Unquantified Benefits 10

Flexibility 11

Analysis Of Costs 12

Labor To Implement And Manage Inspired eLearning 12

Inspired eLearning Security First Solution Fees 13

Financial Summary 15

Inspired eLearning Security First Solutions Overview 16

Appendix A: Total Economic Impact 17

Project Director:

Bob Cormier

Vice President and Principal Consultant

1 | The Total Economic Impact™ Of Inspired eLearning’s Security First Solutions

Executive Summary

Inspired eLearning’s Security First Solutions are a multilingual, packaged

security awareness program that delivers assessments, security

awareness training, and phishing simulations through integrated learning

paths. These software-as-a-service (SaaS) solutions are designed to

enhance an organization’s security posture and drive behavioral change.

Included is a curated learning path to deliver monthly security awareness

education to each employee. You can read more in the Inspired eLearning

Security First Solutions Overview section of this study.

Inspired eLearning commissioned Forrester Consulting to conduct a Total

Economic Impact™ (TEI) study and objectively examine the potential ROI

that organizations may realize by deploying its Security First Solutions.

The purpose of this study is to provide readers and prospects with a

framework to evaluate the potential financial impact of Inspired eLearning

Security First Solutions on their organizations.

To better understand the benefits, costs, and risks associated with this

investment, Forrester conducted in-depth interviews with four customers,

averaging about two years of experience using various components of

Inspired eLearning security awareness solutions. As Forrester does for all

its TEI studies, we used data from the four interviews and created a

composite Organization to illustrate the quantifiable benefits and costs of

investing in Inspired eLearning’s Security First Solutions. The composite

Organization is in the B2C and B2B products and services business. It

does business globally, and its employees have taken part in Inspired

eLearning’s Security First Solutions for the last three years. For more

information, see The Composite Organization section.

Forrester note: Even the most sophisticated technologies and well-crafted

policies can be rendered useless when employees simply decide to — or

unknowingly — break the rules. Because of this, and because many

cybersecurity attacks are personally tailored to mimic daily, routine

actions, it’s more difficult than ever to protect your workforce against

today’s threats. Security awareness and training solutions can help.

Key Findings

Quantified benefits. The composite Organization experienced the

following risk-adjusted present-value (PV) quantified benefits, totaling

$116,986 over a three-year period (see the Analysis Of Benefits section for

more details).

› License and implementation savings compared to previous

environment security awareness training environment — $50,420.

› Employee time savings with Inspired eLearning Security First

Solutions — $44,744.

› Cost avoidance benefits of PhishProof simulation tool — $21,822.

In addition to the quantified benefits listed above, the interviewed

customers discussed several qualitative features or benefits from using

Inspired eLearning Security First Solutions (see the Unquantified Benefits

section for more details).

Costs. The Organization experienced the following PV costs totaling

$21,594 (see the Analysis Of Costs section for more details):

Selected Key Metrics License and implementation savings compared to previous security training solutions: $50,420

Employee time savings with Inspired eLearning: $44,744

Cost avoidance benefits of PhishProof simulation tool: $21,822

Total quantified benefits:

$116,986 (risk- and PV-adjusted)


› Labor to implement and manage Inspired eLearning Security

Awareness Training — $4,412 (risk- and PV-adjusted).

› Inspired eLearning Security First Solution fees — $17,182 (PV-

adjusted).

Forrester’s interviews and subsequent financial analysis found that the

Organization experienced benefits of $116,986 over three years versus

costs of $21,594, adding up to a net present value (NPV) of $95,392, with

a payback period of less than six months and an ROI of 442%.

If risk-adjusted costs, benefits, and ROI still demonstrate a compelling

business case, it raises confidence that the investment is likely to succeed

because the risks that threaten the project have been taken into

consideration and quantified. The risk-adjusted numbers should be taken

as realistic expectations, as they represent the expected value considering

risk. Assuming normal success at mitigating risk, the risk-adjusted

numbers should more closely reflect the expected outcome of

the investment.

$50.4K

$44.7K

$21.8K

License andimplementation

savings comparedto the previous

security awarenesstraining environment

Employee timesavings with

Inspired eLearningSecurity First

Solutions

Cost avoidancebenefits ofPhishProof

simulation tool

Benefits (Three-Year)

ROI 442%

Benefits PV $116,986

NPV $95,392

Payback less than six months


TEI Framework And Methodology

From the information provided in the interview, Forrester has constructed a

Total Economic Impact™ (TEI) framework for those organizations

considering investing in Inspired eLearning’s Security First Solutions.

The objective of the framework is to identify the cost, benefit, flexibility, and

risk factors that affect the investment decision. Forrester took a multistep

approach to evaluate the impact that Inspired eLearning’s Security First

Solutions can have on an organization:

DUE DILIGENCE Interviewed Inspired eLearning’s Security First Solutions stakeholders and Forrester subject matter experts to gather data relative to Security First Solutions.

CUSTOMER INTERVIEWS Interviewed four customers using Inspired eLearning security awareness training solutions to obtain data with respect to costs, benefits, and risks.

FINANCIAL MODEL FRAMEWORK Constructed a financial model representative of the interviews using the TEI methodology and risk-adjusted the financial model based on issues and concerns of the interviewed organizations.

CASE STUDY Employed four fundamental elements of TEI in modeling the impact of Inspired eLearning’s Security First Solutions: benefits, costs, flexibility, and risks. Given the increasing sophistication that enterprises have regarding ROI analyses related to IT investments, Forrester’s TEI methodology serves to provide a complete picture of the total economic impact of purchase decisions. Please see Appendix A for additional information on the TEI methodology.

The TEI methodology

helps companies

demonstrate, justify,

and realize the

tangible value of IT

initiatives to both

senior management

and other key

business

stakeholders.

DISCLOSURES

Readers should be aware of the following:

This study is commissioned by Inspired eLearning and delivered by Forrester

Consulting. It is not meant to be used as a competitive analysis.

Forrester makes no assumptions as to the potential ROI that other

organizations will receive. Forrester strongly advises that readers use their own

estimates within the framework provided in the report to determine the

appropriateness of an investment in Inspired eLearning’s Security First

Solutions.

Inspired eLearning reviewed and provided feedback to Forrester, but Forrester

maintains editorial control over the study and its findings and does not accept

changes to the study that contradict Forrester’s findings or obscure the

meaning of the study.

Inspired eLearning provided the customer names for the interviews but did not

participate in the interviews.


The Inspired eLearning Security First

Solutions Customer Journey

BEFORE AND AFTER THE INSPIRED ELEARNING SECURITY FIRST

SOLUTIONS TRAINING INVESTMENT

Interviewed Customers

For this study, Forrester conducted interviews with the four Inspired

eLearning customers described below, each requesting anonymity:

When asked to confirm Inspired eLearning’s quoted value proposition,

each customer agreed with the following: “Inspired eLearning’s security

awareness and compliance training solutions effect meaningful,

sustainable changes in my workforce. Employees are empowered to be

proactive against potential threats and regulatory violations, which leads

to positive and measurable changes to the organizational culture.”

The Composite Organization

As Forrester does for all its TEI studies, we used data from the four

customer interviews and created a composite Organization to illustrate

the quantifiable benefits and costs of investing in Inspired eLearning’s

Security First Solutions. The composite Organization is in the B2C and

B2B products and services business. It does business globally and has

between 500 and 605 employees who have taken part in Inspired

eLearning’s Security First Solutions training for the last three years. The

Organization invested in the Inspired eLearning’s Preferred SaaS

solution described as follows:

Preferred — an enterprise-quality solution designed to enhance the

Organization’s security posture by highlighting educational activities to

drive retention and behavioral change. The Organization chose a

security awareness foundational approach of up to 10 modules focused

on its most pressing security needs. It’s paired with a phishing simulation

program and knowledge assessment milestones within a turnkey

solution. Inspired eLearning’s solutions reduce the potential of human-

related breaches and reduce the operational complexity of running a

comprehensive security awareness program.

INDUSTRY EMPLOYEES TRAINED INTERVIEWEE

MONTHS USING INSPIRED

eLEARNING

Healthcare 300 HR generalist 36 months

Transportation 35 Owner 24 months

Accounting firm 500 Partner in charge of learning and

development 22 months

Technology 30 CEO 6 months

“With 100% of our employees

trained on Inspired eLearning

security awareness modules,

we gain incremental

opportunities to serve

customers within security-

conscious verticals such as

healthcare, financial services,

government and other regulated

industries. These customers

require certain security audit

controls including security

awareness training. If we

discontinued this training, it

could put a significant portion of

our business in jeopardy.”

CEO, technology company


Key Business Goals And Objectives

After extensive review processes evaluating several vendors, each

customer selected Inspired eLearning, as each believed it could satisfy

business goals and objectives in the following categories, also shared by

the Organization:

› To improve their security culture and their focus on cyber- and physical

security.

› To significantly reduce the chance of breach or compromise.

› To avoid lost employee productivity due to security incidents.

› To correct employees’ lack of awareness about security threats and

drive positive security awareness behavior.

› To have a solution that was simple to administer, monitor, and show a

return on investment with. This was because the interviewed

customers’ and the composite Organization’s resources were limited

for launching and managing a training program.

› To meet security compliance guidelines mandated by regulatory

entities and its customers including the Payment Card Industry (PCI),

the Health Insurance Portability and Accountability Act of 1996

(HIPAA), and the General Data Protection Regulation (GDPR).

› To continue to avoid regulatory compliance penalties or fines.

› To be able to measure the impact of training, which had always been a

challenge.

› To improve employee adoption and retention of the information learned

in past training modules.

Key Results

The customer interviews revealed beneficial functionality attributed to

their investments in Inspired eLearning Security First Solutions (specific

financial benefit details are available in the Analysis Of Benefits section),

as listed below:

› License and implementation savings compared to previous

environment security awareness training environments.

› Employee time savings compared to previous environment security

awareness training solutions.

› Cost avoidance benefits of PhishProof simulation tool.

In addition to the benefits listed above, the interviewed customers

discussed several qualitative features or benefits from using Inspired

eLearning Security First Solutions (see the Unquantified Benefits section

for more details).

“Inspired eLearning security

awareness training has really

opened our eyes to various

security threats we hadn’t

considered before. Training our

employees has helped us avoid

and mitigate certain threats that

could have a negative impact

on our revenue and reputation.”

Partner, accounting firm


Analysis Of Benefits

QUANTIFIED BENEFIT AND COST DATA

Note: Atr, Btr and Ctr refer to benefit totals in the tables below.

License And Implementation Savings Compared To Previous Security

Awareness Training Environment

Before its investment in Inspired eLearning, the Organization used a

combination of internally developed training materials and another

eLearning vendor’s materials. The Organization’s IT and HR managers

spent an inordinate amount of time motivating employees to take the

security training. It was a very time-consuming process to confirm that

employees had actually taken the training and if the training was

effective in reducing risk. Employees complained that the previous video

modules were not engaging as they included the same content year after

year. Adoption rates were anemic. Some interviewed customers reported

less than 50% adoption with their previous training solutions.

With Inspired eLearning, interviewed customers reported adoption rates

well over 90%, reducing the risk of a human-related breach.

In addition, each organization’s previous solution cost significantly more

from a software license and a cost-to-implement-and-maintain

perspective.

Modeling and assumptions. Based on customer interviews, the

Organization’s previous eLearning vendor’s on-premises solution license

cost $30,000 annually compared to between $6,400 and $7,563 annually

for Inspired eLearning’s Preferred Security First Solution. This saved the

Organization around $23,000 each year. In addition, the time and effort

to implement and maintain the previous solution was 208 hours initially

and 104 hours annually thereafter. In contrast, the time to implement the

Security First Solution was only 70 hours initially and 30 hours annually

thereafter. The table below calculates the savings compared to the

previous environment.

Risks. Forrester has risk-adjusted the software license and time and

effort savings downward by 25% in the table below due to interviewed

The table above shows the total of all benefits across the areas listed below, as well as present values (PVs) discounted at 10%. Over three years, the Organization expects risk-adjusted total

benefits to be a PV of nearly $117,000.

Total Benefits – The Organization

REF. BENEFIT YEAR 1 YEAR 2 YEAR 3 TOTAL PRESENT

VALUE

Atr

License and implementation savings compared to the previous security awareness training environment

$21,323 $19,916 $19,401 $60,639 $50,420

Btr Employee time savings with Inspired eLearning

$16,406 $18,047 $19,852 $54,305 $44,744

Ctr Cost avoidance benefits of PhishProof simulation tool

$8,775 $8,775 $8,775 $26,325 $21,822

Total benefits (risk-adjusted) $46,504 $46,738 $48,027 $141,269 $116,986

License and implementation savings compared to previous

training environment — 43% of total benefits

43%

three-year benefit PV

$50,420


customers having a wide range of previous environment costs and

subsequent savings with Inspired eLearning solutions.

This yielded a three-year risk-adjusted PV of $50,420.

Employee Time Savings With Inspired eLearning

Our Organization sought to use security awareness training to prepare

its workforce for recognizing and responding to phishing attacks, and to

rebrand security as a business enabler. The Organization wanted to

instill a security culture as part of its overall security strategy and as a

way to gain advocacy, support, and understanding from employees.

Using Inspired eLearning Security First Solutions, it wanted to engage

and entice employees to learn and care about security in the workplace.

The Organization wanted its initial 500 employees to participate in

security awareness training. According to customer interviews, with the

previous environment, employees spent on average 2.5 hours annually

with security awareness training materials. With Inspired eLearning,

employees spent half the time, or 1.25 hours with training materials.

Modeling and assumptions. The Organization grew its employee

population by 10% annually starting with 500 employees in Year 1, 550

employees in Year 2, and 605 in Year 3. Each of the employees saved

1.25 hours annually with Security First Solutions. At an average cost of

$35 per hour, the Organization saved between $21,875 and $26,469

License And Implementation Savings: Calculation Table

REF.

METRIC CALC./SOURCE YEAR 1 YEAR 2 YEAR 3

A1 Previous vendor’s license fees for security awareness training

Interviews $30,000 $30,000 $30,000

A2 Inspired eLearning Security First Solutions Fees - Preferred

Ft (Costs) $6,400 $6,875 $7,563

A3 Savings over previous vendor’s fees

A1-A2 $23,600 $23,125 $22,438

A4 Previous solution time and effort hours to manage training program

Interviews/hours 208 128 128

A5 Inspired eLearning time and effort hours to manage training program

Y1: E4 (Initial+Y1) Y2/Y3: E4 (Y2/Y3)

70 30 30

A6 Hours saved managing program with Inspired eLearning

A4-A5 138 98 98

A7 Average labor cost per hour Industry average $35 $35 $35

A8 Labor cost savings with Inspired eLearning

A6*A7 $4,830 $3,430 $3,430

At

License and implementation savings compared to the previous security awareness training environment

A3+A8 $28,430 $26,555 $25,868

Risk adjustment ↓25%

Atr

License and implementation savings compared to the previous security awareness training environment (risk-adjusted)

$21,323 $19,916 $19,401

Employee time savings with Inspired eLearning —

38% of total benefits

38%


$44,744


annually (not yet risk- or PV-adjusted). See the table below for savings

details.

Risks. To be conservative, Forrester has risk-adjusted (reduced) savings

below by 25% to reflect interviewed customers’ variations on the training

time spent in their pre-Inspired eLearning environments and the average

labor cost per hour.

This yielded a three-year risk-adjusted total PV of $44,744.

Cost Avoidance Benefits Of PhishProof Simulation Tool Interviewed customers that were using Inspired eLearning’s PhishProof

simulation tool were able to test, train, measure, and improve their

phishing preparedness. On average, interviewed customers sending

periodic simulated phishing attempts to their employees decreased their

phishing susceptibility rate significantly. Prior to investing in Inspired

eLearning, the Organization experienced 40 phishing-related data

breaches each year, requiring PC remediation. With periodic phishing

simulation testing, the Organization eliminated 75% of data breaches

related to phishing — an improvement that allowed the Organization to

avoid both the $250 cost to remediate each infected PC and also PC

users’ lost productivity while machines were being repaired.

Modeling and assumptions. The Organization avoided the cost of

repairing 30 PCs per year at an average remediation cost of $250 per

machine. In addition, the PC users previously lost an average of 4 hours

of productivity during each repair at a rate of $45 per hour. The

Organization avoided these costs, totaling $11,700 annually (not yet risk-

and PV-adjusted).

Risks. To be conservative, the savings below have been risk-adjusted

(reduced) by 25% to reflect interviewed customers’ variations on the time

spent remediating infected PCs, lost user productivity, and the average

Impact risk is the risk that the business or technology needs of the organization may not be met by the investment, resulting in lower overall total benefits. The greater the uncertainty, the wider the potential range of outcomes for benefit estimates.

Employee Time Savings With Inspired eLearning: Calculation Table

REF. METRIC CALC./SOURCE YEAR 1 YEAR 2 YEAR 3

B1 Number of employees taking training Organization 500 550 605

B2 Previous solution time and effort hours to take training

Hours 2.50 2.50 2.50

B3 Inspired eLearning time and effort hours to take training

Hours 1.25 1.25 1.25

B4 Hours saved managing program with Inspired eLearning

B2-B3 1.25 1.25 1.25

B5 Average labor cost per hour Interviews $35 $35 $35

Bt Employee time savings with Inspired eLearning

B1*B4*B5 $21,875 $24,063 $26,469


Btr Employee time savings with Inspired eLearning (risk-adjusted)

$16,406 $18,047 $19,852

Cost avoidance benefits of PhishProof simulation

tool — 19% of total benefits

19%


$21,822


labor cost per hour.

This yielded a three-year risk-adjusted total PV of $21,822.

Forrester: The Impact Of A Breach And Value Of Inspired eLearning Security

First Solutions

Of the four customers interviewed, only one had experienced a breach

before investing in Inspired eLearning Security First Solutions. And no

interviewed customer had experienced a breach after (or during) training

its employees using Security First Solutions. Each customer reported

sleeping better at night knowing employees had been trained on security

awareness.

Using Forrester’s internal research, we can describe the potential cost

categories of a breach.

How much would a breach cost an organization? It depends — on

actions taken prior to the breach, the circumstances of the breach itself,

and IT’s response to the breach. And not all costs are direct, immediately

incurred costs. Employee data breaches may affect morale, attrition, and

future hiring of skilled talent. Breaches of intellectual property data may

directly affect both reputation and the bottom line over several years.

There are numerous factors that contribute to costs of a breach; here’s a

sample list:

› Type of data that was compromised.

› If personal data, number of records and individuals affected.

› Cause of the breach.

› Nature and timing of public disclosure.

› Whether or not the data was encrypted.

Cost Avoidance Benefits Of PhishProof Simulation Tool: Calculation Table

REF. METRIC CALC./SOURCE YEAR 1 YEAR 2 YEAR 3

C1 Before Inspired eLearning: Number of phishing-related infected PCs

Average per year 40 40 40

C2 After Inspired eLearning training: Number of phishing-related infected PCs

Average per year 10 10 10

C3 Reduced number of infected PCs with Inspired eLearning

C1-C2 30 30 30

C4 Cost to remediate each infected PC Average $250 $250 $250

C5 Total PC remediation costs C3*C4 $7,500 $7,500 $7,500

C6 Employee downtime avoided ($45 per hour) 4 hours*

$35/hour*C3 $4,200 $4,200 $4,200

Ct Cost avoidance benefits of PhishProof simulation tool

C5+C6 $11,700 $11,700 $11,700


Ctr Cost avoidance benefits of PhishProof simulation tool (risk-adjusted)

$8,775 $8,775 $8,775


› Cyberinsurance.

› A tested incident response plan.

› Customer-facing breach response.

While breach costs can vary widely, there are certain categories of

common costs. Readers should consider both direct and indirect costs:

› Response and notification. This includes incident response costs

and the operational and service costs for external communications,

such as notifying affected individuals or customers as well as the

government or regulatory bodies that are required by law.

› Lost employee productivity and turnover. Employees are often

distracted from their day-to-day duties during a data breach. There

may also be downtime as a result of IT taking users or systems offline

to curtail the threat.

› Lawsuits and settlements. External counsel with expertise in privacy

and breach response can guide a response and help meet legal

obligations.

› Regulatory compliance. Organizations must stay current with the

dynamic landscape of regulatory requirements. With the GDPR and

upcoming privacy regulations coming in force, organizations will be

required to provide all personal data to an individual upon request.

This will likely cause operational costs to skyrocket, in addition to the

fines organizations would face in the case of a breach.

› Brand recovery. Rebuilding trust varies depending on your business

and industry. The length of the downturn can also vary depending on

the quality of breach response.

› Additional security and audit requirements. This includes the cost

of fixing infrastructure and onboarding new technology and equipment

to remediate the initial cause of breach. It also includes any mandated

security and audit requirements resulting from a legal or regulatory

settlement.

Unquantified Benefits

In addition to the quantified benefits listed above, the interviewed

customers discussed several qualitative features or benefits from using

Inspired eLearning Security First Solutions, including:

› Cybersecurity Quotient (CyQ). Inspired eLearning’s assessment

engine which measures organization’s program effectiveness. CyQ™

is comprised of pre-set questions and is best taken at the beginning of

training to establish a security education baseline. At the conclusion

of training, a post training CyQ assessment is administered and shows

the delta on your users’ cumulative security awareness improvement.

› Security Administrator Dashboard. Inspired eLearning’s single pane

of glass for security administrators. This dashboard allows

administrators to quickly see the most important aspects of their

security awareness program, such as upcoming training, phishing

susceptibly score, and multiple levels of organizational progress

through the program.


Flexibility, as defined by TEI, represents an investment in additional capacity or capability that could be turned into business benefit for a future additional investment. This provides an organization with the "right" or the ability to engage in future initiatives but not the obligation to do so.

› Off-the-shelf translations. Security First Solutions come

prepackaged with multiple off-the-shelf text translations and English

voiceovers. Additional voiceovers are included in select packages or

are available for purchase shall the need arise.

› Mobile App (available in Preferred and Elite). Inspired eLearning

offers Android and iOS applications that allow team members

throughout organizations to access security training content on the go

using the world’s most popular mobile devices.

Flexibility

The value of flexibility is clearly unique to each customer, and the

measure of its value varies from organization to organization. There are

scenarios in which a customer might choose to implement Inspired

eLearning’s Security First Solutions and later realize additional uses and

business opportunities, as follows:

› Incremental business opportunities. With 100% of the

Organization’s employees trained on Inspired eLearning security

awareness modules, it can take advantage of opportunities to serve

security-conscious customers within verticals such as healthcare,

financial services, government, and other regulated industries. These

customers may require certain security audit controls including security

awareness training.

› Regular PhishProof simulations. Routinely running phishing

simulations on employees prepares them to be your first line of

defense and is a key part of any effective security awareness program.

To reduce the likelihood of a breach, the Organization will continue to

use Inspired eLearning’s PhishProof simulation tool and will create the

following campaigns over the three years:

• Email phishing.

• Voice phishing (vishing).

• Text message phishing (smishing).

• USB phishing (USB baiting).

Phishing is a technique used by cybercriminals to acquire personal

information (such as credit card numbers or login credentials) by sending

an email that is designed to look just like it came from a legitimate source

but is intended to trick users into clicking on a malicious link or

downloading an attachment potentially laced with malware.

According to Inspired eLearning, with PhishProof, organizations of any

size can test, train, measure, and improve their phishing preparedness

all under one unified experience. Inspired eLearning’s research revealed

organizations that send simulated phishing attempts to their employees

once a month show a 27% decrease in clicks.

The concept of flexibility is further described in Appendix A.


Analysis Of Costs

Labor To Implement And Manage Inspired

eLearning

Based on the interviewed customers’ experiences, the internal labor

for the Organization associated with the initial planning and

deployment of Inspired eLearning Security First Solutions included one

human resources staff and one learning and development staff

spending 40 hours (initial year) preparing the environment to train 500

users.

On an ongoing annual basis, the staff mentioned above spent a total of

20 hours managing the training and retraining of new and existing users.

They spent another 10 hours annually managing the vendor relationship

with Inspired eLearning.

Modeling and assumptions. The table below includes hourly labor

costs associated with the two staff listed above.

Risks. Forrester risk-adjusted costs upward by 10% to reflect the

variability of each interviewed customer’s implementation and ongoing

management requirements.

The Organization’s total labor costs to implement and manage Inspired

eLearning Security First Solutions yielded a risk-adjusted total PV of

$4,412.

The table above shows the total of all costs across the areas listed below, as well as present values (PVs) discounted at 10%. Over three years, the organization expects total risk-adjusted costs to be a PV of $21,594.

Implementation risk is the risk that a proposed investment may deviate from the original or expected requirements, resulting in higher costs than anticipated. The greater the uncertainty, the wider the potential range of outcomes for cost estimates.

Total Costs

REF. BENEFIT INITIAL YEAR 1 YEAR 2 YEAR 3 TOTAL PRESENT

VALUE

Etr Labor to implement and manage Inspired eLearning

$1,540 $1,155 $1,155 $1,155 $5,005 $4,412

Ftr Inspired eLearning Security First Solutions fees

$0 $6,400 $6,875 $7,563 $20,838 $17,182

Total costs (risk-adjusted) $1,540 $7,555 $8,030 $8,718 $25,843 $21,594


Inspired eLearning Security First Solution Fees

Inspired eLearning provided Forrester with fees associated with a typical

Inspired eLearning customer of similar size to the Organization. The cost

for Inspired eLearning’s Preferred solution is $12.50 per user per year

and includes the following:

› Preferred Security Awareness Essentials. Learn to prevent, detect,

and respond to security threats such as password management and

identity theft. This covers general security awareness: phishing,

malware, physical security, password management, mobile security,

social engineering, social media, data security, cloud security, working

remotely, internet of things (IoT), and incident reporting.

› Eleven security awareness modules. Ensure retention with a series

of courses aimed at reinforcing key cybersecurity measures. Choose

any 11 security awareness modules or follow Inspired eLearning’s

recommended learning path.

› CyQ Cybersecurity Quotient. Inspired eLearning’s assessment

engine which helps organizations measure program effectiveness.

› Twelve PhishProof campaigns. Send phishing simulations either by

using premade templates or by customizing your own. Randomize or

schedule campaigns to target employees at any time of day, or create

vishing, smishing or USB baiting campaigns.

Modeling and assumptions. The table below represents Inspired

eLearning’s fees assessed to the Organization over three years.

Labor To Implement And Manage Inspired eLearning: Calculation Table

REF. COST CALC./SOURCE

INITIAL YEAR 1 YEAR 2 YEAR 3

E1 Preplanning security awareness training implementation

Hours/interviews 40 0 0 0

E2 Ongoing management of Inspired eLearning training and phishing campaigns


E3

Ongoing management of relationship with Inspired eLearning


E4 Total hours E1:E3 40 30 30 30

E5 Average labor cost per hour Industry average $35 $35 $35 $35

Et Labor to implement and manage Inspired eLearning

E4*E5 $1,400 $1,050 $1,050 $1,050

Risk adjustment ↑10%

Etr Labor to implement and manage Inspired eLearning (risk-adjusted)

$1,540 $1,155 $1,155 $1,155


Risks. Forrester did not risk-adjust this cost category as it represents a

fixed-price quote from Inspired eLearning. The Organization’s total fees

charged by Inspired eLearning are a PV-adjusted $17,182.

Inspired eLearning Security First Solution Fees: Calculation Table

REF. COST CALC./SOURCE

INITIAL YEAR 1 YEAR 2 YEAR 3

F1 Inspired eLearning Security First Solutions Fees — Preferred

Inspired eLearning/per user

$0 $12.50 $12.50 $12.50

F2 Number of employees/users Organization $0 500 550 605

F3 Security First fees — Preferred F1*F2 $0 $6,250 $6,875 $7,563

F4 Message plan (5,000 vishing/smishing credits)

Inspired eLearning $0 $150 $0 $0

Ft Inspired eLearning Security First Solutions fees

F3+F4 $0 $6,400 $6,875 $7,563

Risk adjustment 0%

Ftr Inspired eLearning Security First Solutions fees (risk-adjusted)

$0 $6,400 $6,875 $7,563


Financial Summary

CONSOLIDATED THREE-YEAR RISK-ADJUSTED METRICS

Cash Flow Chart (Risk-Adjusted)

If risk-adjusted costs, benefits, and ROI still demonstrate a compelling business case, it raises confidence that the

investment is likely to succeed because the risks that threaten the project have been taken into consideration and

quantified. Assuming normal success at mitigating risk, the risk-adjusted numbers should more closely reflect the

expected outcome of the investment.

-$0.0 M

$0.0 M

$0.0 M

$0.1 M

$0.1 M

$0.1 M

$0.1 M

$0.1 M

Initial Year 1 Year 2 Year 3

Cashflows

Total costs

Total benefits

Cumulative net benefits

These risk-adjusted ROI,

NPV, and payback period

values are determined by

applying risk-adjustment

factors to the unadjusted

results in each Benefit and

Cost section.

The financial results calculated in the Benefits and Costs sections can be used to determine the ROI, NPV, and payback period for the interviewed organization’s investment. Forrester assumes a yearly discount rate of 10% for this analysis.

Cash Flow Table (Risk-Adjusted)

INITIAL YEAR 1 YEAR 2 YEAR 3 TOTAL PRESENT

VALUE

Total costs ($1,540) ($7,555) ($8,030) ($8,718) ($25,843) ($21,594)

Total benefits $0 $46,504 $46,738 $48,027 $141,269 $116,986

Net benefits ($1,540) $38,949 $38,708 $39,310 $115,427 $95,392

ROI 442%

Payback period Under six

months


Inspired eLearning Security First Solutions Overview

The following information is provided by Inspired eLearning. Forrester has not validated any claims and does not

endorse Inspired eLearning Security First Solutions or its offerings.

ABOUT INSPIRED ELEARNING SECURITY FIRST SOLUTIONS

Build A Security First Culture

› Inspired eLearning’s Security First Solutions is a multilingual, packaged security awareness program. It

delivers assessments, security awareness training, and phishing simulations through integrated learning

paths. Powered by automation capabilities, Inspired eLearning has built 15+ years of enterprise cybersecurity

expertise into three new, off-the-shelf solutions to help businesses of any size or experience create a blueprint

for a Security First organization.

Protect Your Organization With PhishProof

› Successful phishing campaigns are the No. 1 cause for data breaches. Routinely running phishing simulations

on your employees helps prepare them to be your first line of defense and is a key part of any effective

security awareness program. Inspired eLearning has developed PhishProof as a sophisticated antiphishing

simulator tool to prepare an organization for all four phishing attack methods — email, phone, text, and USB

baiting.

Anytime, Anywhere Security Awareness Training

› Introducing a mobile app designed specifically for cybersecurity and compliance training. The new Inspired

eLearning Mobile App is an Android and iOS application that allows team members throughout the

organization to access training content on the most common mobile devices. Available at no charge to Inspired

eLearning customers, the Mobile App provides users with the same training courses they’d get at their

desktop, with the added flexibility and convenience that comes with portability. Training includes:

› Security awareness training courses.

› General security awareness.

› Phishing courses.

› Privacy.

› IT security.

› Mobile devices.

› Social media.

› Application security.


Appendix A: Total Economic Impact

Total Economic Impact is a methodology developed by Forrester

Research that enhances a company’s technology decision-making

processes and assists vendors in communicating the value proposition

of their products and services to clients. The TEI methodology helps

companies demonstrate, justify, and realize the tangible value of IT

initiatives to both senior management and other key business

stakeholders.

Total Economic Impact Approach

Benefits represent the value delivered to the business by the

product. The TEI methodology places equal weight on the

measure of benefits and the measure of costs, allowing for a

full examination of the effect of the technology on the entire

organization.

Costs consider all expenses necessary to deliver the

proposed value, or benefits, of the product. The cost category

within TEI captures incremental costs over the existing

environment for ongoing costs associated with the solution.

Flexibility represents the strategic value that can be

obtained for some future additional investment building on top

of the initial investment already made. Having the ability to

capture that benefit has a PV that can be estimated.

Risks measure the uncertainty of benefit and cost estimates

given: 1) the likelihood that estimates will meet original

projections and 2) the likelihood that estimates will be tracked

over time. TEI risk factors are based on “triangular

distribution.”

The initial investment column contains costs incurred at “time 0” or at the

beginning of Year 1 that are not discounted. All other cash flows are discounted

using the discount rate at the end of the year. PV calculations are calculated for

each total cost and benefit estimate. NPV calculations in the summary tables are

the sum of the initial investment and the discounted cash flows in each year.

Sums and present value calculations of the Total Benefits, Total Costs, and

Cash Flow tables may not exactly add up, as some rounding may occur.

PRESENT VALUE (PV)

The present or current value of (discounted) cost and benefit estimates given at an interest rate (the discount rate). The PV of costs and benefits feed into the total NPV of cash flows.

NET PRESENT VALUE (NPV)

The present or current value of (discounted) future net cash flows given an interest rate (the discount rate). A positive project NPV normally indicates that the investment should be made, unless other projects have higher NPVs.

RETURN ON INVESTMENT (ROI)

A project’s expected return in percentage terms. ROI is calculated by dividing net benefits (benefits less costs) by costs.

DISCOUNT RATE

The interest rate used in cash flow analysis to take into account the time value of money. Organizations typically use discount rates between 8% and 16%.

PAYBACK PERIOD

The breakeven point for an investment. This is the point in time at which net benefits (benefits minus costs) equal initial investment or cost.

the total economic impact™ of inspired elearning’s ...€¦ · costs. the organization...

Documents