Measuring value of risk mitigation

Rich Rans
Rich Rans Member Posts: 29 Contributor
Third Anniversary 10 Comments 5 Insightfuls 5 Likes
edited October 2023 in Metrics & Analytics

Anyone have examples of how you measure product value of something whose primary feature is risk mitigation. For example, if you've had insurance for 5 years, but don't have any claims, how is your vendor supposed to prove and report on the value you have received. They are essentially re-selling every renewal.

Our product are in the information governance space, so intended to reduce risk and ensure policy compliance. The challenge is that in most cases it is very difficult to quantify value to our customers.

Thought? If you'd be up for a brief discussion, message me directly.

Comments

  • Shaun Porcar
    Shaun Porcar Member, CS Leader Posts: 22 Thought Leader
    Third Anniversary 5 Comments Name Dropper Photogenic

    Are your customer's executive teams willing to underwrite the greater risk of operating the business without your product, particularly if their business operates in a space where they have contractual obligations or regulatory standards that must be maintained and regularly certified?

    Have you had any success working with stakeholder champions or design partner customers to help you quantify ROI? Especially if any current customers have been impacted (prior to using your product) by the circumstances that your product is designed to mitigate or remediate. Is there a form of monitoring your product provides that demonstrates compliance or efficiency gains that you can use to regularly reinforce value realization?

    I've had some success creating a set of counterfactuals. Let's play out a likely scenario and ask what would the impact be on the brand and business if____were to occur. Discussing a set of facts that may be true under different circumstances can be illuminating where the ROI may seem an unattractive or low priority at first.

    If the resources are available perhaps partnering with a well-known firm that provides cybersecurity or IT consulting would be helpful in calculating potential cost savings, risk reduction, or efficiency gains that can result from using your product vs manual effort.

    Try using industry benchmarks to demonstrate how your product creates alignment with regulatory standards and industry norms or enables compliance with specific regulations or frameworks like GDPR, HIPAA, ISO 27001. Large enterprise buyers from the CIO/CISO suite may be willing to share insight from relevant build vs buy work their team has done.

    Happy to chat anytime, Rich!

  • Brian O'Keeffe
    Brian O'Keeffe Member Posts: 214 Expert
    100 Comments Second Anniversary 25 Insightfuls 25 Likes

    This really stood out: Try using industry benchmarks to demonstrate how your product creates alignment with regulatory standards and industry norms or enables compliance with specific regulations or frameworks like GDPR, HIPAA, ISO 27001. Thanks!