Abstract
It is necessary to reassess the allocation of resources, questioning traditional notions of return on investment (ROI) and focusing, in particular on the critical area of cybersecurity. Anticipated damages from cybercrime are increasing 15% per year globally, totaling an estimated $10.5 trillion by 2025. In addition to the financial benefits, the ROI for these cybersecurity efforts may be measured in terms of retaining user confidence and guaranteeing the seamless running of online learning platforms. In the age of remote learning, the goal is to enhance educational effectiveness while wisely controlling expenses, given the increasing importance of cybersecurity in online commerce. Although past data guides initiatives, it is crucial to continuously examine new data to improve strategy, particularly in the ever-changing field of cybersecurity. This understanding through qualitative inquiry gives practitioners the knowledge to understand the component parts required for the ROI calculation in the cybersecurity investment environment.
TopIntroduction
The primary aim of this chapter is to equip practitioners and academicians with a comprehensive understanding of ROI strategies and techniques that are readily applicable to distance education programs while also taking into account the critical aspect of cybersecurity. The text recognizes the evolving landscape in which online learning, business objectives, and cybersecurity converge, emphasizing the need for informed and strategic decision-making. To embark on this journey, a foundational principle from Stephen Covey The key is not to prioritize what’s on your schedule, but to schedule your priorities” (Kruse, 2012), serves as a reference point. In the context of training effectiveness, it entails ensuring that all program objectives are crystal clear, acknowledged, and comprehended before the commencement of education and training initiatives. Furthermore, these objectives must be aligned and validated against the overarching business goals.
According to Tan and Olaore (2021), identifying and addressing the obstacles to learning effectiveness within the business unit becomes imperative, and a comprehensive roadmap to eliminate hindrances that impede progress. Amidst the myriad of learning effectiveness models, philosophies, and resources available in various forms, including books, audio, video communication, and journal articles, cyber security leaders grapple with the challenge of deciphering how to gauge learning effectiveness effectively. The text acknowledges that learning effectiveness, coupled with cost reduction, continues to be a driving force behind adopting distance education programs. In this context, organizations seek immediate answers to questions such as the quantification of cost-savings, cost-benefits, and cost efficiencies associated with e-learning, as well as strategies to achieve these gains without exceeding tight budgets.
Simultaneously, academics are confronted with delivering this critical information to practitioners without the encumbrance of academic jargon and abstract theories. The focus is on practical applicability, requiring institutions of higher learning to present this valuable information in a format that facilitates immediate implementation. Within this swiftly evolving and highly technical landscape, cybersecurity learners seek knowledge, skills, abilities, and competencies that align with the current evolving concerns (Burrell et al., 2018, 2021). The contemporary information and digital age is intertwined with networked infrastructures within workplaces, where online learning is reshaping conventional ROI paradigms, necessitating meticulously planned programs and investments (Dawson et al., 2021).
While historical data offers insights for reevaluating strategies, it is essential to continuously review emerging information for ongoing process improvements and the substantiation of education and training initiatives to include human factors (Nobles, 2019). This process of acquiring new information is anchored in the principles of continuous learning (Burton, 2022). The details of this chapter delve into three critical domains: (1) aligning education training initiatives with organizational objectives within enterprises, encompassing cybersecurity readiness, (2) systematically tracking and evaluating business outcomes, and (3) elucidating the value of defining terminology for education and training professionals.
Learners need to grasp the rationale behind attaching business values to organizational learning capabilities, and alignment on terminology usage among all stakeholders is a prerequisite.
In an era where digital transformation permeates every aspect of education and business, cybersecurity considerations are a pivotal factor in shaping the strategies and outcomes of distance education programs. The symbiotic relationship between online learning, business objectives, and cybersecurity is central to our discourse as we navigate the evolving contours of this dynamic landscape.
Key Terms in this Chapter
Organizational Goals: Organizational goals are specific, measurable, and time-bound objectives that an organization aims to achieve in order to fulfill its mission and vision. These goals provide a sense of direction and purpose, guiding the actions and decisions of the organization.
NIST Cybersecurity Framework: The National Institute of Standards and Technology (NIST) Cybersecurity Framework is a set of guidelines, best practices, and standards developed by the U.S. government to help organizations manage and improve their cybersecurity risk management processes. It provides a structured approach for organizations to identify, protect, detect, respond to, and recover from cyber threats.
Strategy: Strategy refers to a long-term plan or approach that an organization develops to achieve its goals and objectives. It involves making decisions about resource allocation, competitive positioning, and the actions necessary to succeed in a particular market or domain.
Cybersecurity Leadership: Cybersecurity leadership pertains to individuals or teams responsible for guiding and overseeing an organization's cybersecurity efforts. This includes setting strategic objectives, making decisions about resource allocation, and ensuring that cybersecurity measures align with the organization's goals and risk tolerance.
Education and Training: Education and training in the context of cybersecurity involve programs and activities designed to impart knowledge and develop skills related to information security. This includes teaching employees and stakeholders about best practices, policies, and procedures to protect against cyber threats.
Cyber Risk Management: Cyber risk management involves identifying, assessing, and mitigating potential threats and vulnerabilities in an organization's digital infrastructure and data assets. It involves strategies and practices aimed at protecting these assets from cyberattacks and minimizing the impact of security breaches.
Return on Investment (ROI): Return on Investment is a financial metric that measures the profitability and efficiency of an investment. In the context of cybersecurity, it assesses the financial benefits or gains compared to the costs of implementing cybersecurity measures. A positive ROI indicates that the investment has generated a return greater than its initial cost.