IBM Apptio

IBM Apptio

A place for Apptio product users to learn, connect, share and grow together.

 View Only
Expand all | Collapse all

How does your organization cost/chargeback Cybersecurity related expenses?

  • 1.  How does your organization cost/chargeback Cybersecurity related expenses?

    Posted Tue August 02, 2022 03:47 PM
    Hello all,

    We are currently in the process of working through improving our costing and charging for a variety of services.  Cybersecurity has come up as a relatively large one that we want to work to improve our chargeback allocation methodology for.  Today, all of our cyber costs are housed in one cost center.  This expense feeds directly in to a "Cybersecurity" service, that is charged back to consuming business lines based off of a simple FTE breakout.  

    We're looking for alternative ways to think about costing and charging out this service.  We've thought about possibly using application risk profiles to help charge out the expense- business lines that engage in using more risky applications would receive a greater charge for cyber.  However, we'd appreciate any insight in to how other organizations are thinking about costing out and charging these expenses.

    Thanks!
    #Billing(BillofIT)


  • 2.  RE: How does your organization cost/chargeback Cybersecurity related expenses?

    Posted Wed August 03, 2022 04:12 AM
    Edited by Guillermo Cuadrado Tue November 05, 2024 05:44 PM
    Depending on the scope of your applications, you may want to employ a hybrid approach, @Reid Solomon.

    1. If you have laptops in scope (we don't), you could allocate a fraction of the costs to the BUs based on the number of FTEs (like you do now).

    2. The rest, based on that risk profile you talk about in your post.

    We typically have a collection object (we call it Tools) and then spread the costs of the "Cybersecurity" tool to the various applications using different logic.

    You could use a table like this:


    I hope this helps.​

    ------------------------------
    Regards, Guillermo
    ------------------------------