From Limited Visibility to Streamlined Control: Understanding the Total Economic Impact of Incydr

December 12, 2023

Aimee Simpson

In the modern workforce of cloud and hybrid work, traditional data protection solutions have failed to keep pace with evolving data risks. Moreover, they’re expensive to implement and maintain, presenting a heavy burden to security teams. Enter Incydr – which disrupts traditional data protection solutions and delivers value faster while easing security workload.

A Forrester Consulting Total Economic Impact™ (TEI) study commissioned by Code42, reveals significant statistics on Incydr’s impact, including payback in less than six months, a 172% return on investment over three years, a 50% reduction in mean time to investigate medium and high-risk events, and a 40% decrease in low-risk events through the implementation of real-time micro-trainings for a composite organization representative of interviewed customers. These figures lay a compelling groundwork for an in-depth exploration of the Forrester study’s findings.

[Looking for the TL;DR? Scroll to the bottom for some fast facts.]

What is the Total Economic Impact™ (TEI) study?

In the 2023 study, Forrester Consulting examines the potential return on investment (ROI) of Incydr. In undertaking this research, Forrester interviewed five Code42 customers to get insight into how they implemented the technology, as well as the benefits and costs associated with deployment of the tool.

Upon completion of this research, Forrester combined the results into a single composite organization to better illuminate the cost savings and business benefits of Incydr.

The Pre-Incydr Era: A lack of visibility and burdened security teams

Before deploying Incydr, organizations grappled with a long list of challenges:

Exhaustive manual investigations into high-risk events

A constant stream of low-risk events

Gaps in data visibility across endpoints, cloud, and email

The complex task of safeguarding intellectual property, with many cases requiring legal teams and resulting costs

Virtually no solid documentation to bring to the table for investigations

Rushed collaboration between disparate internal teams – especially if employees were working from different countries

Due to these challenges, one client, a senior director of information security at a cybersecurity technology organization, reported, “Without Incydr, we would need to double the security folks dedicated to insider risk events to figure out what events to focus on at the scale we are growing. Everything would just be harder and more time-consuming to investigate and resolve.”

Implementing Incydr: Intuitive and supportive setup with results in less than six months

With the incorporation of Incydr into their operations, businesses embarked on a data protection journey. In an average of two months, the solution was fully implemented, and within six months, Incydr had paid for itself.

Customers experienced the benefits of key features fast, some even coming across disingenuous employee behavior soon after setup. Two weeks after deployment, one organization, an industrial equipment supplier, discovered that an employee was employed at half a dozen employers and had tools on his device to seem active when he wasn’t. With Incydr’s contextual detection and documentation, the team was able to remediate efficiently, saving “up to half a million dollars in terms of his payroll and his failure to make decisions to advance his intellectual contribution to the company,” according to the interviewed enterprise security architect from the organization.

Incydr’s considerable ROI

For the customers interviewed for the Forrester study, Incydr had benefits that extended past initial deployment. The Total Economic Impact study reported significant benefits and ROI for the data protection solution. Particularly, benefits were found in the form of security team time savings, financial savings through data loss detection, saved legal and forensic costs, and less user downtime.

Benefit 1: Decreased investigation time resulting in FTE savings

Teams once burdened by an overwhelming number of alerts were freed up to prioritize the most important events; One organization, a life sciences technology company, was able to reallocate 2.5 full-time employees, on average. Further, one security team avoided 95% of forensic investigations and the composite organization closed cases 50% faster. Customers also benefited from more nuance and context overall. One customer, the manager at a software company, reported, “With Code42, the alerts are the tip of the iceberg. When you can dig into the level of detail that you can using the Forensic Search tool, that’s been the biggest help. I have caught a few things in Code42 that even our SIEM has not caught. So, we’ve noticed a few things in some alerts in Code42 that then triggered much deeper looks into all of our other platforms.”

Benefit 2: Mitigation of data breaches to stop financial losses

Incydr’s data loss from insiders detection also allowed teams to recover IP quickly – avoiding $686,000 in costs from data exfiltration through a 40% reduction in loss per event. Using Incydr’s watchlists, one organization found that someone was on the precipice of sending a bulk of data to a competitor. With Incydr, they were able to reach the endpoint and quarantine the assets at risk instantly: “Our organization is currently seeking the right figures in relief, and this tool gives us all the data we need to do that at our fingertips,” the customer, a manager of information security at the life sciences organization said.

Benefit 3: Improved legal efficiencies and reduced spend on legal services

In terms of documentation for legal recourse, organizations using Incydr found it to be instrumental in speeding investigations from the day of discovery to litigation. The interviewed software organization using Incydr avoided using outside counsel for at least 60% of their cases, cutting out costly legal fees. This was realized in part due to Incydr’s documentation of risky behavior, which paints a full picture of any incident.

“Incydr acts like a barometer,” said an interviewed security manager at the software organization. “You can tell right away if a person is as clean as a whistle or if there is something we need to go deeper on. And if we do need to go deeper, we can pull relevant artifacts right out of the tool. Now, before we even approach the person of interest and start investigating, we have all the answers.”

Benefit 4: Decreased user downtime

Finally, customers saw cost benefits through a decrease in end-user downtime. The composite organization saw over 19,000 hours of avoided end-user downtime over three years, resulting in $570,000 in savings. Forrester reported: “With Incydr, end users are less likely to be unable to access their organization’s systems, as IT and security teams have better visibility into the data movement issues at hand.”