Scroll to discover
Watch a Demo
Skip to content

Forrester Total Economic Impact(™) of IriusRisk Threat Modeling

Stay up to date with the latest news

Click here
Community Edition - Email banner (1)

Four major outcomes when choosing IriusRisk

Within this study, you can see the cost savings year on year, return on investment - including when 'pay back' was reached after choosing IriusRisk. As well as remediation saved for Developer and Security Teams.

Icon - Time (TEI)

Reduced Remediation Costs

Icon - Automation (TEI)

Integration in Dev Workflows & Tools

Icon - Productivity (TEI)

Reduced Reporting Costs

Icon - Collaboration (TEI)

Fostering a Threat Modeling Culture

Access your free
study today.


In this study commissioned by IriusRisk, Forrester Consulting evaluates the Total Economic Impact™ of IriusRisk’s Threat Modeling platform - the industry-leading automated threat modeling platform for Secure Design.

Download the free study to learn how automated threat modeling: 

  • Returned 203% ROI in efficiency over manual modeling
  • Saved almost $5m in software remediation costs
  • Saved $4m in reporting and compliance
  • Reduced time to Threat Model from 80 hours to only 8 hours

TEI Cover

Forrester Consulting Study - IriusRisk Delivered 203% Return on Investment (ROI)

Business increasingly relies on software, making speed of delivery a business issue. Secure design ensures that the right security controls are built in before every major change and expensive rework is avoided.   Don’t just shift left, start left.

In this commissioned study, you can see how a composite organization based on interviewed customers benefited from a three-year 203% Return on Investment (ROI) by implementing IriusRisk Automated Threat Modeling across their software and security teams.

The main point of threat modeling is to highlight some of those issues that could occur and to put mitigating controls prior to them ever being an issue in the code. It's much cheaper to find those issues at the beginning.

Principal Software Architect

Software Sales Company

Manual threat modelling wasn’t an activity that was done across the board. It was only possible for a handful of our key products.

Principal Software Architect

Software Sales Company

IriusRisk allows us to make changes at the design stage. It reduces risk and the financial impact in case of breaches or downtime. In banking, reducing risk is enough argument to introduce a new tool.

Director of Cloud Engineering

Financial industry

“We have seen an increase in developers creating better architecture diagrams and documentation because of using IriusRisk.  Previously, we had developers who worked on their very specific piece of code for this product. When they saw the whole picture, they had kind of an ‘aha-moment’.”

Principal Software Architect

Software Sales Company

“IriusRisk seamlessly integrates with issue trackers, and it forms part of the developer’s workflow.  Additionally, the principal software architect at a software sales company explained that IriusRisk supports bi-directional communication when integrated to an issue tracker. They noted, “Not only the ticket is automatically generated, there is also an update on IriusRisk, as soon as the ticket has been completed. Scaling is much quicker with IriusRisk because of the reusable architectures and the ability to drag and drop previous models. Moreover, users can reuse library content.”

Director of Cloud Security Engineering

Global Financial Organisation

“As part of our secure software development lifecycle, one requirement is that teams must address all the required countermeasures in IriusRisk. They are required to hit the security bar right at the beginning. That shift-left has helped us to get the security as part of the design before hands ever touched the keyboard, saving us a lot of potential remediation time.”

Principal Software Architect

Software Sales Company

“When you use a tool like IriusRisk and you can show the countermeasures overview on the dashboard to audit, the trust increases immediately.”

Security Domain Expert

European Financial Services Institution

​​“IriusRisk allows us to query flaws via API, meaning that we can query threats in our database. This is important for auditing processes. It's a lot easier to provide them with a list of vulnerabilities when compliance requests this. It saves us time.”

Director Cloud Security Engineering

Global Financial Organization

“IriusRisk can be integrated to our JIRA system. Tickets are automatically assigned. Automation really helps here. As you write the threats, you are writing it into the system, so everything is in IriusRisk

Director Cloud Security Engineering

Global Financial Institution

“We discover the weaknesses, threats, and countermeasures, and we can map our customized risk patterns to a new or to an existing component. We use that capability extensively.”

Director of Product Security

Software Sales Company