- Study publication follows new guidance from global cyber security agencies calling for software manufactures to use threat modeling at design stage
- Total Economic Impact Study finds IriusRisk reduced the time required to create a threat model by 90%
LONDON, May 10, 2023 /PRNewswire/ — IriusRisk, the industry-leading platform for automated threat modeling, today publishes the results of an independent Total Economic Impact™ Study, which provides quantifiable evidence that the IriusRisk platform delivers more than a three-year 200% return on investment (ROI).
The commissioned Total Economic Impact study (TEI), which was carried out by Forrester Consulting, also found that using the IriusRisk Threat Modeling Platform reduced time to create a threat model by 90%.
The publication of the study comes at a time when pressure is growing on software manufacturers to ensure software is made secure-by-design. In April, the national cyber security agencies of the US, UK, Australia, Canada, Germany, the Netherlands and New Zealand, published new guidance calling on software manufacturers to deploy threat modelling at the design stage.
This follows fast on the news that the US Government will legislate to introduce liability for software makers for the security of the products they manufacture.
Key findings in the Total Economic Impact Study for a composite organization based on interviewed customers were:
- Time: Organisations using IriusRisk were found to have made a time saving of 72 hours per threat model (from 80 to 8 hours or 90%).
- Automation: IriusRisk automates repetitive threat modeling tasks, so security teams can effectively focus on their resources – Forrester estimates this is worth $1.8 million over three years.
- Productivity: Developers using IriusRisk were found to be 50% more productive.
- Collaboration: The study found that the introduction of IriusRisk helps to build a formal practice around threat modeling within organizations.
The TEI methodology has been used for over 20 years by technology consumers and technology organizations. It consists of four components to evaluate investment value: cost, benefits, flexibility, and risk.
It is a proven industry-standard framework that models all aspects of a piece of technology or solution and the associated impacts on the business and illustrates the ROI of products and services.
The findings of the study are going to be discussed on Thursday May 25th, when IriusRisk will host a webinar featuring Forrester to review the key findings of this study.
Stephen de Vries, Founder and CEO, IriusRisk said: “It is no longer just good practice to use threat modelling; governments, regulators and cyber security agencies are demanding it. Every business that manufactures software should be looking at its processes and ensuring that security is built into the design process.
This important, independent analysis, is a testament to the quality of the IriusRisk threat modelling offer. At a time when threat modelling has become a business imperative, it is key that companies partner with a business that delivers for them and at the scale they require. The Forrester study demonstrates that IriusRisk does just this – saving businesses time, money and upping productivity and ingraining threat modeling as a core asset for organisations.”
IriusRisk is the industry leader in automated threat modeling and secure software design, working with clients that include four of the top 10 Globally Systemically Important Banks (G-SIBs).
Every sector of the global economy is being transformed by software, yet vulnerabilities are too often exposed by increasingly sophisticated cyber-attacks. By identifying security flaws in software architecture at the design phase, threat modeling makes it possible to fix issues before code is written.
IriusRisk’s platform automates the threat modeling process, enabling developers to design and build secure software. At scale.