Regulatory and contract tail.
A material breach in a regulated supply chain often costs more in customer attrition and contract loss than in incident response. Not credited here.
ROI model · Continuous vs. point-in-time
Run the math on what gets through.
Continuous adversarial simulation costs more per year than an annual pen test. So does carrying a breach in silence for 207 days. The model below shows where the trade lands for a mid-market manufacturer. Plug in your numbers.
Your org
Current spend
Risk modifier
200
$85,000
$/year
$/emp/yr
Annualized estimate
Breach exposure · current
$560K
cost × annual probability
Risk reduction value
$196K
continuous program, 35% rel. reduction
Detection-latency saved
$84K
vs. 207-day industry MTTD
Physical-vector value
$50K
badge · tailgating · pretext
Current spend (annual)
$36K
pen test + training
ARG program · 2-yr avg
$35K
founding-client rate
Net annual value
$330K
How this is calculated
Conservative assumptions. Cited sources. Real math.
The model is built for a mid-market manufacturer between 50 and 500 employees. It uses third-party benchmarks for breach cost and probability, then applies relative reductions we expect a continuous adversarial program to deliver. Numbers are estimates. The numbers underneath them are sourced.
Constants
- Breach cost (per incident) $600K + $7K/emp
- Breach probability · no incident 28%
- Breach probability · recurring 38%
- Continuous-program risk reduction 35% relative
- MTTD savings 15% of breach cost
- Physical-vector annualized share 2.5% of breach cost
- ARG audit (founding, amortized 2 yrs) $11K/yr
- ARG retainer (founding) $24K/yr
Sources
- IBM Cost of a Data Breach 2024 cost · MTTD
- Verizon DBIR 2024 vector frequency · human element
- Coalition claim-rate data 5× no-MFA
- ARG engagement benchmarks pricing band · findings rate
Formulas
breachCost = $600,000 + (employees × $7,000)
baselineExp = breachCost × probability
riskReduction = baselineExp × 0.35
mttdSaved = breachCost × probability × 0.15
physicalValue = breachCost × 0.025
currentSpend = penTest + (training × employees)
argAvgAnnual = $11,000 + $24,000 // founding-client rate
netInvestment = max(argAvgAnnual − currentSpend, 0)
netValue = (riskReduction + mttdSaved + physicalValue) − netInvestment
Loaded salary is collected for calibration; it does not enter the core formula above. Future revisions will fold in business-interruption time at hourly throughput cost for organizations that share that figure. The retainer is flat at $2K/month under founding-client terms regardless of headcount inside the ICP band; post-founding pricing will scale to attack surface and is not modeled here.
What this model does not include
The honest list.
ROI calculators that promise large multiples typically reach them by excluding the things that erode the return. We are not doing that. Here is what the number above is not crediting.
OT downtime.
Manufacturing downtime ranges from $5K to $50K per hour. The breach-cost constant does not include OT impact. Add it separately if you run a continuous process.
Internal time saved.
A continuous program removes hours from internal IT and HR teams running ad-hoc tests, vendor reviews, and tabletop scenarios. Not credited.
Insurance premium impact.
Carriers increasingly price on demonstrable continuous testing. Coalition reports a 5× higher claim rate for accounts without MFA alone. Not modeled.
The number you ran is yours
If the trade looks right, the next step is direct.
We travel to your facility. We find what gets through. Then we keep finding it, automatically, until we come back. Two founding-client spots remain. Locked-in pricing for three years. Founder runs the engagement.