The Myth of ROI

An internal news clipping service led to a Google search, and I eventually found the original article “Information Security ROI: Not Every Expense Is an Investment”: by Tom Scholtz of “the META Group”:

bq. “Organizations should not consider every expense to be an investment,” adds META Group analyst Chris Byrnes. “Many security expenditures are completely valid and necessary and even legally required, but they are not investments that will produce a quantifiable return. In many instances, ‘What is the return on investment?’ is simply the wrong question to ask.”

This is true of many more things than Information Security, or even IT. Money is not always the right measure; sometimes it’s completely misleading (this is particularly true of environmental issues, but that’s a separate rant).

I’m glad to see someone “official” saying this for a change…

(The META Group article was originally published on 17 July 2003; why is it making the news in September?)

posted at 9:55 am on Friday, September 19, 2003 in Links, Security | Comments Off on The Myth of ROI

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.