Cyber risk ROI is a method of calculating the return on investment for cybersecurity measures. It helps organizations understand the financial impact of implementing security measures, such as investing in security software, training employees, and implementing security policies and procedures.

The formula for calculating cyber risk ROI is as follows:

​

Cyber risk ROI = (Expected reduction in losses - Cost of security measures) / Cost of security measures

​

Where the "Expected reduction in losses" is the estimated reduction in losses that the organization expects to achieve by implementing the security measures, and the "Cost of security measures" is the cost of implementing the measures, including the cost of software, training, and personnel.

By using the cyber risk ROI calculation, organizations can make informed decisions about their security investments and ensure that they are spending their resources in the most effective way possible. The calculation can also help prioritize investments in areas where the expected return is the highest.

It is important to note that the calculation of cyber risk ROI is based on assumptions and estimates and may not reflect the actual outcomes. Nevertheless, it provides a useful tool for organizations to make informed decisions about their cybersecurity investments.