IN ESS GR

US O
B

W
S,

S,
GROW

IND
IA GR
TAL

O
GI

W
I

D S

COMPREHENSIVE ECONOMIC IMPACT (CEI)

OF MAC DEPLOYMENT IN INDIAN ENTERPRISES
SKOCH CIO Agenda Task Force Research Report
November 2023

© SKOCH
 About
Research by SKOCH Consultancy Services Pvt Ltd is considered a benchmark in India
and is relied upon by corporations, governments, regulators and financial institutions
alike for it's key inputs into decision and policy making. It has published over twenty
books based on original research, which are used not just as reference material but also
extensively recommended in academia and policy making.
SKOCH comes out with annual reports that cover India in 360 , from governance to
digital transformation and from micro-credit to economic progress. We are known for our
meticulous and exhaustive methodology and a consultative approach that works through
forming multi-stakeholder task forces in areas of public interest. A few of the currently
active task forces are:
„ CIO Agenda Task Force
„ Financial Inclusion Task Force
„ Cyber Security Task Force
„ ESG Task Force

The Task Force reports help make knowledge-based arguments based on primary
research. Large corporations, governments and the public sector commission SKOCH
for primary research.
This report has been made through a Task Force, Primary Interviews, Research Meetings
and Proof-of-Concept centres.

Contents
Introduction
Sameer Kochhar
1. Markets, Big Business and Social Legitimacy

N
Montek S. Ahluwalia
andan Nilekani earned his place as an iconic entrepreneur in India in the 1980s,
2. Two Issues in India’s Growth Story
having co-founded Infosys Limited in 1981. In the post-economic liberalisation era,
C. Rangarajan
he cemented his reputation as a pioneer in the corporate and information technology
world, just as he helped launch Infosys into the big league of world’s IT-enabled services 3. Advocacy & Governance
companies. He served as the company’s Chief Executive Officer from 2001 to 2007. Rohan Kochhar
4. Vision for a Transparent, Efficient and
At the fag end of his career in Infosys, Nilekani wrote a best-selling book in 2009, Imagining Essays in honour of
Economically Inclusive Nation
India: The Idea of a Renewed Nation. The book is widely acclaimed for heralding a new,
idea-based approach to meet the present and future challenges facing India. It spelt out the
NaNdaN NileKaNi Kiran Mazumdar Shaw
5. Challenges of Economic Governance
theoretical framework for the provision of a unique identity for all its citizens as an important
Editor Rajiv B. Lall
Sameer Kochhar, Chairman of Skoch step towards putting, what Nilekani called, “human capital front and center as the main driver
Group, is a passionate advocate of social, of productivity and growth”. Sameer Kochhar 6. Two Steps Forward for Financial Inclusion
Rana Kapoor
financial and digital inclusion. In 1997,
His long experience in the corporate world and his passion for the citizen empowerment—
after spending 15 years in the corporate 7. War Against Corruption: The Secret Weapon
as proved in the successful Bangalore Agenda Task Force experiment started in 1999 as Contributors
world, he decided to follow his inner calling Called Aadhaar
and become a development thinker. Ever well as enunciated in his 2009 book—made him the natural choice to be the first chairman moNteK S. ahluwalia Surjit S. Bhalla
since, he single-mindedly applied himself of the Unique Identification Authority of India (UIDAI) that was being set up by the Union
to the rigours of self-education, academic government to provide residents of India with a unique identity and a digital platform—known c. raNgarajaN 8. Corporate Governance Standards in India –
Editor

Evolution and Challenges

research and field tours. The Skoch as the Aadhaar. Nilekani left Infosys to head the UIDAI in July 2009. rohaN Kochhar Chitra Ramkrishna
Group – which has a think tank, media
and consultancy arms – was established In five years, Aadhaar has transformed India’s approach to socio-economic justice and equity, KiraN mazumdar-Shaw 9. Can we have a New Urban Agenda?
Sameer Kochhar

and became the lynchpin to the government’s welfare programmes that seek to achieve these
as part of this endeavour. His expert rajiv B. lall M. Ramachandran
opinion is sought by the government. In goals. It also set the stage for an efficient and transparent mechanism to monitor government
10. The Security Implications of Aadhaar
Kochhar’s thinking, writings and activities, programmes, which is crucial to cut waste and slippage in order to maintain fiscal prudence raNa Kapoor
Gursharan Dhanjal
his profound admiration for India’s at the national level. Surjit S. Bhalla 11. Management Rather than Civil Service:
economic reforms – and in extension,
those outstanding personalities who strive
The authors of the essays in this volume are accomplished experts in their respective chitra ramKriShNa Opportunities for Radical Reform in India
to make these reforms more meaningful fields. Together, they piece together a wide range of issues relevant to India’s present and Meghnad Desai
future: fiscal and monetary policies, political and economic governance, financial sector
m. ramachaNdraN
and broad-based – comes out clear and 12. Enabling and Sustaining a Stable Rules-
unambiguous. reforms, financial inclusion, urban development, corporate governance, competitive markets, gurSharaN dhaNjal Based Regime
food security, national security, public policy advocacy and information & communication
In addition to authoring highly acclaimed meghNad deSai Cyril Shroff
technology. The volume not only offers clear-cut analyses on these topics, but also a clear
Speeding Financial Inclusion (2009), 13. Enhancing Food Security through Aadhaar
vision for the future. cyril Shroff N.C. Saxena
and, ModiNomics - Inclusive Economics,
Inclusive Governance (2014), he has N.c. SaxeNa 14. The Importance of Aadhaar
edited Infrastructure and Governance
(2008); Financial Inclusion (2009); Urban
jaNmejaya SiNha Janmejaya Sinha

Renewal: Policy and Response (2009); S.S. tarapore 15. Governance Issues in the Financial Sector
India on the Growth Turnpike: Essays in S.S. Tarapore
Honour of Vijay L. Kelkar (2010); Building
laveeSh BhaNdari
16. Risks in the Indian Financial Sector: The
from the Bottom: Infrastructure and Poverty Sumita Kale Role of Aadhaar
Alleviation (2010); Growth and Finance: Laveesh Bhandari and Sumita Kale
Essays in Honour of C. Rangarajan (2011);
aShima goyal
17. Closing the Gap Between Potential and
Policymaking for Indian Planning: Essays in pradeep S. mehta Performance in ICT
Honour of Montek Singh Ahluwalia (2012);
Ashima Goyal
and, An Agenda for India’s Growth: Essays
in Honour of P. Chidambaram (2013) 18. Competition Policy: 2nd Big Wave of
Economic Reforms
Pradeep S. Mehta
SKOCH MEDIA PVT. LTD.
` 1095 Cover Photo: SKOCH Media
Table of Contents
Executive Summary.............................................................................4 Consulting Team*
Dr Gursharan Dhanjal
Key Findings
Shivam Chaudhary
Overall Benefits..........................................................................5
IT Impact...................................................................................5
Business Impact........................................................................5
Stakeholder Engagement............................................................6
Risk Management......................................................................6
Environmental Impact.................................................................6

Financial Benefits Summary................................................................7

Frequency of Endpoint Attacks - The India Context..............................8

Frequency of Endpoint Attacks - The Global Context............................11

CIO Agenda Task Force (CATF)............................................................12

Task Force Discussion Areas...............................................................14

Comprehensive Economic Impact (CEI)...............................................15

Methodology........................................................................................16

Key Findings........................................................................................17
IT Impact...................................................................................18
IT Cost Savings..........................................................................20
Stakeholder Engagement............................................................22
Risk Management......................................................................24
Environmental Impact.................................................................26
Set Up Costs..............................................................................28

Disclosures

This is an independent report. Readers are urged to employ their evaluations and studies to make purchase decisions. It is not
meant to be used as competitive analysis.

SKOCH makes no assumptions or claims into whether or not ROI will be received by the organisations. Readers are strongly
advised to make their own estimates within the framework provided in the study to determine appropriateness of an investment.

SKOCH has received inputs through interviewees, research meetings and feedback from the members of the Task Force but
maintains editorial control over the study and its findings. All trademarks are the property of their respective owners.

©SKOCH. All rights reserved. This report is a copyright. Information is based on the best available resources. Opinions reflect
judgment at the time and are subject to change. Subject to statutory exception and to the provisions of relevant collective
licensing agreements, no part of this report may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording or by any information storage and retrieval system, without the express written
permission.

*Dr Gursharan Dhanjal is Vice Chairman, SKOCH Group & Shivam Chaudhary is Senior Consultant, SKOCH Group
Executive Summary
The highest priority for Indian enterprises is to expand business while reducing cost and
doing so with security and sustainability. Securities and Exchange Board of India (SEBI)
has mandated that top 1,000 listed enterprises have to follow Environmental, Social and
Governance (ESG) guidelines and report them as part of their Annual Report. India has some
of the most stringent Data Protection and Intermediary Liability laws at the national level and
sector specific regulatory guidelines.
Globally most enterprises look at customer satisfaction as the highest priority and some look
at employee satisfaction for enhancing customer satisfaction. While this too is a priority, it
is only second to the topmost priorities. Therefore, it was decided to create an India specific
model that we call Comprehensive Economic Impact (CEI) that can be used to better articulate
business benefits to the Boards for deploying Macs at the endpoint.
This model was developed as a collaborative effort of fifteen enterprises CIOs that participated
in CIO Agenda Task Force, seven large enterprises shared their data on MACs and PCs and two
of them were used as proof-of-concept centres to further fine tune and validate the findings.
This exercise was carried out over a 10-month period.

Average Cost per PC Average Cost per Mac

$59,000 ($708) $74,000 ($888)

PC Residual Value after 4 years Mac Residual Value after 4 years

2.5% 25%

OS License Cost per PC OS License Cost per Mac

$0 ($0) $0 ($0)

Energy Costs per PC Energy Costs per Mac

$800 ($9.6) annually approx. $150 ($1.8) annually approx.
Table 1: SKOCH Analysis of Average Costs (A CIO Agenda Task Force Study based on data received from 7 large enterprises that currently deploy Mac
devices and PCs)

$1=INR 83

© SKOCH 4
Key Findings

Overall Benefits

„ The financial analysis a unified organisation with 10,000 employees and deploying 46%
Macs in four years experiences overall benefits of 998.35 Cr ($11.55 Mn) vs set-up costs
of 226.95 Cr ($3.23 Mn). The set-up costs include the purchase price and software minus
the residual value after four years.
„ The benefits calculated are a sum total of IT Impact; IT Cost Savings; Business Impact;
Risk Management; Shareholder Engagement; and, Environmental Impact. This amounts to
a net benefit of 771.40 Cr ($8.31 Mn) and an ROI of 257.1%.

IT Impact cost of endpoint deployment is far more competitive

than average deployment cost and overall benefit of
„ IT Costs: Interviewees said that an IT professional takes
PC in terms of CEI.
nearly 10 minutes to set up a Mac for provisioning
instead of an average 120 minutes for a PC. Assuming
Business Impact
that the salary of an IT employee is 8886 ($10.6) per
hour, it is economical to set up a Mac compared to a „ Improved User Productivity & Efficiency: Mac is
PC. Therefore, on average an IT employee can manage considered more stable and have fewer issues than PC.
an average of 200 PCs compared to 500 Mac devices. Mac users opened fewer service tickets compared to their
Additionally, Mac users create 25% fewer tickets than PC-using counterparts due to self-service capabilities
PC users and each ticket costs 25% less to resolve than on Mac and they experienced fewer issues with
those for PCs. There is reduced opportunity cost of performance overall. It takes less time waking
downtime per Mac as these users create fewer tickets. up or rebooting a Mac or even loading large files.
Organisations see an increase in productivity and
„ IT Cost Savings: The acquisition cost of Mac
performance for employees who choose Mac.
device may be higher than a PC, but the residual
value also being high, reduces the actual cost of a „ Improved Business Efficiency: CEI can help
Mac device. An organisation saves nearly 220,000 organisations create value by making well-informed
($240) per device overall over four year period decisions and efficiently allocating resources. It
lifecycle including hardware and software costs. It facilitates the assessment of the impact and risks tied
also saves additionally as Mac’s residual value after to technology investments, enabling organisations to
four years is estimated at 25% in comparison to a make choices that align with their desired outcomes.
PC at 2.5%. Mac’s energy cost is also lower at 1150 It can help organisations demonstrate, evaluate and
($1.80) compared to 1800 ($9.6) for a PC annually. justify the true value of business investments to senior
In terms of CEI, deployment of Mac devices far management and stakeholders. Using Macs did not
outweigh PC devices as an endpoint choice. Average require the organisations to purchase an OS license.

© SKOCH 5
Key Findings

Stakeholder Engagement „ Reputational Risk: The reputational risk is a hidden

danger that can pose a threat to the survival of the
„ Employee Engagement & Retention: The average
biggest and best-run companies. Often the risk results
employee churn rate for employees who don't choose
in outcomes that are not easily measured; however,
Mac prior to the deployment is less. There is increased
it can adversely impact a company’s profitability and
employee satisfaction and better end-user delight and
valuation. It can wipe out millions or billions of dollars
engagement. Mac users in an organisation are also
in market capitalisation or potential revenues and
considered privileged.
can occasionally result in a change at the uppermost
„ Customers Satisfaction: A reliable endpoint levels of management. Having less or zero downtime,
installation ensures loyalty of customers and ensuring seamless operation, uninterrupted service
enhances reputation. Mac inbuilt encryption security to their customers and a more secure and robust
solutions or technologies have become industry endpoint could protect an organisation against the
benchmark and are emulated by leading players. reputational risk.

Risk Management Environmental Impact

„ Compliance Risk: Mac deployment helps „ Reduction in Carbon Footprint: In addition to
organisations meet Environmental, Social & overall cost savings, Mac deployment also helps
Governance (ESG) guidelines. organisations reduce their carbon footprint to an
„ Operational Risk: Based on the interviews, the extent of 44% each device. At the end of Year-4,
study finds that unified organisation experiences an after deploying cumulative 46% of Macs, a unified
average 2.5 data breaches annually and average data organisation offsets 593.4 MT of CO2 emissions.
breach costs 142.5 Cr ($5.1 Mn). Mac reduces the „ Energy Savings: Organisations also save on energy
likelihood of a data breach by about 50% each device. costs as each Mac requires 80% less energy on
Lesser security incidents on Mac devices lead to average than a PC.
cost-effectiveness and higher productivity.
„ Net Zero: It could help organisations to achieve Net
„ Financial or Economic Risk: Each security breach Zero goals as set by the government and the regulator.
leads to approximately 3.6 hours of downtime and It makes an organisation a responsible corporate
impacts 20% of the organisation. While Mac reduces citizen.
the likelihood of a breach, it saves on manhours and

“
the productive time of the organisation.

Every enterprise or organisation needs to work on

a zero trust architecture where you don’t trust any
other user - internal or external. There are a variety
of operating systems and thousands of open source
applications. Where is the skill set to run, use them,
leverage your platforms in the interest of your
“
organisation and benefit of your customers?

CIO, Asset Management Company

© SKOCH 6
Financial Benefits Summary

Consolidated Four-Year Risk Adjusted Metrics

Total Benefits Net Benefits ROI

$98.35 Cr ($11.55 Mn) $71.40 Cr ($8.31 Mn) 257.1%

Benefits (Four-Year)

IT Impact $4.49 Cr ($0.54 Mn)

IT Cost Savings $30.01 Cr ($3.60 Mn)

Stakeholder Engagement $21.80 Cr ($2.37 Mn)

Risk Management $42.06 Cr ($5.05 Mn)

Cost/Benefit Analysis

Ref. Benefits Year 1 Year 2 Year 3 Year 4 Total Present Value

$50.7 Lakh $1.06 Cr $1.67 Cr $2.33 Cr $5.57 Cr $4.48 Cr

ATR IT Impact
($60,848) ($127,781) ($200,799) ($279,901) ($669,329) ($538,401)

$6.37 Cr $8.13 Cr $10 Cr $12 Cr $36.51 Cr $30 Cr

BTR IT Cost Savings
($764,582) ($976,150) ($1,201,228) ($1,439,817) ($4,381,776) ($3,601,010)

$2.22 Cr $4.92 Cr $8.13 Cr $11.92 Cr $27.20 Cr $21.80 Cr

CTR Stakeholder Engagement
($267,376) ($561,490) ($882,341) ($1,229,930) ($2,941,138) ($2,365,820)

$4.75 Cr $9.98 Cr $15.68 Cr $21.86 Cr $52.28 Cr $42.06 Cr

DTR Risk Management
($570,453) ($1,197,952) ($1,882,496) ($2,624,085) ($6,274,987) ($5,047,533)

$13.85 Cr $24.10 Cr $35.50 Cr $48.12 Cr $121.58 Cr $19.35 Cr

Total Benefits
($1,663,260) ($2,863,373) ($4,166,864) ($5,573,734) ($14,267,230) ($11,552,764)

© SKOCH 7
The India Context

O ver the years, digitisation has transformed every function,

streamlining processes and enhancing efficiency. It is
important to take cognisance of vulnerabilities and take
Frequency of Endpoint attacks

necessary actions to protect personal as well as customer

Indian Incidents
data.1 Total number of cyber security incidents tracked by CERT-In,
during 2018, 2.08 lakh incidents were reported; in 2019 it
It has also escalated cyber security risks, making cyber was 3.94 lakh; this spiked to 11.58 lakh in 2020 and further
security a top priority for every organisation. A devastating increased to 14.02 lakh in 2021.3 While the government said
data breach can be as simple as an unsecured endpoint that CERT-In tracked just 13.91 lakh cyber security incidents
leading to security incidents. in 2022, a senior Google executive in August 2022 pegged the
number at 18 Mn cyber attacks a day.4
While it may appear as an additional cost, the consequences
of not implementing robust cyber security measures can be
catastrophic. Enterprise Chief Information Officers (CIOs) CIO Agenda Task Force (CATF)
are aware of such vulnerabilities and are in need to make The CATF put together CIOs of large Indian enterprises who
continuous investments to secure organisation level security came together to discuss, brainstorm and recommend ways to
including endpoints. protect critical Indian IT systems better and enhance endpoint
security. To start with, endpoint security was identified as a
Threat actors keep on innovating their ways to breach and
serious issue and the need was felt to invest more in it and
CIOs are always found to be on their toes, thwarting such
how to make a persuasive case to their Boards in terms of
attacks. For instance, a large media house in India receives
the unit cost and its Comprehensive Economic Impact (CEI).
nearly 2 billion attacks in a year while a large stock exchange
is attacked about 15,000 times during a day’s trading hours.
A Few Examples
Until about a few years ago, organisations’ perimeters
Indian Council for Medical Research (ICMR): In October 2023,
and endpoints were secured with a firewall, next generation
US-based cyber security firm Resecurity in it's reports claimed that
endpoint protection, anti-virus and several other identity and
personal identifiable information – Covid tests, including names,
access layers. But the times have changed!
addresses and phone numbers – of about 815 Mn Indians has
In India, the typical mindset is to throw more people at the been leaked on the dark web. The data including names, phone
problem rather than invest in technology. This essentially numbers, addresses, Aadhaar and passport information are for
emanates from the perception that Indian manpower is cheap, sale online. The Government of India is investigating potential
which however is not true. Costs actually do not support data breach in the ICMR Covid-testing database. ICMR has been
manpower but support investments for better returns. facing multiple cyber attack attempts since February 2023 and
central agencies as well as the Council were aware of it. Over
An average enterprise today has around 76 cyber security 6,000 attempts were made in 2022 to hack ICMR servers.5
tools to protect an ever-expanding IT infrastructure centred on
the cloud and a highly distributed IT stack.2

1. https://www.currentware.com/blog/employee-cloud-dlp/
2. Panaseer Security Leaders Peer Report 2022
3. https://ciso.economictimes.indiatimes.com/news/cyber-security-breaches-are-up-manifold-as-internet-penetration-grows/98078741
4. https://inc42.com/buzz/india-witnessed-18-mn-cyberattacks-2-lakh-threats-a-day-in-q1-2022-google/
5. https://www.deccanherald.com/india/data-of-815-crore-citizens-up-for-sale-in-biggest-data-breach-in-india-report-2749794

© SKOCH 8
The India Context

“
Paravihan Portal, Government of India: In August 2023,
Cyber security firm CloudSEK reported that the government’s
Parivahan website suffered a data breach, exposing it's source
code and sensitive data of 10,000 users. The cyber security
firm detected the data breach on 2 August. “Our source was
able to obtain the source code, totalling 165 MB in size. Most If you suffer an attack
of the code is written in PHP,” says CloudSEK. On 7 August
2023, the same threat actor made another post sharing a like the AIIMS instance,
sample dataset of the 10,000 users of the website, the cyber
security firm said. The post also mentions that SQL injection
your operations
was used to obtain the data from the vulnerable API endpoint.6 suffer, data gets
Piramal Group: The Piramal Group attack was discovered compromised and
in May 2023. The BianLian Ransomware gang claimed
responsibility for the alleged Piramal Group cyber attack. brand value depletes!
The modus operendi reported was that BianLian actors used I talk to CFO and CEO
PowerShell and PC Command Shell to disable antivirus tools
and modify Registry settings.7 They also employed network and Board when I have
and Active Directory enumeration techniques and harvested
credentials to move laterally within the network. The threat
to justify how security
actor claimed access to 870 GB of data including financial is tied to the brand as
information, accounting information, project data and personal
information. well as financial health
Fullerton India: In April 2023, Fullerton reported a hack and of the organisation.
LockBit leaked 600 GB of data. It was confirmed by the LockBit
ransomware Darknet, where hackers listed the company and
This also has to be
over a month later, published all the leaked information.8 justified to the audit
AIIMS: In November 2022, 5 AIIMS servers were hacked, 1.3 committee that it is
TB of data Encrypted was compromised. As per preliminary
analysis, servers were compromised in the information because of the efforts
technology network of AIIMS by unknown threat actors due
to improper network segmentation, which caused operational
disruption due to non-functionality of critical applications.9
of the IT team that the
entire enterprise has
“
In June 2023, a malware attack was detected by AIIMS cyber
security systems. The attempt was successfully thwarted
remained safe.
and the threat was neutralised by the deployed cyber security
systems as reported by CERT-In.10
CIO
Manufacturing Industry

6. https://www.fortuneindia.com/macro/govts-parivahan-website-likely-suffered-data-breach/113725
7. https://thecyberexpress.com/piramal-group-cyber-attack-bianlian-ransomware/
8. https://ciso.economictimes.indiatimes.com/news/data-breaches/breaking-over-600-gb-of-fullerton-indias-data-published-on-dark-web/100057322
9. https://thewire.in/government/aiims-servers-cyberattack-ransomware-rajya-sabha
10. https://www.livemint.com/news/india/aiims-delhi-hit-by-fresh-cyberattacks-details-here-11686061994629.html

© SKOCH 9
The India Context

State Bank of India (SBI): In October 2022, cyber security Failure to invest in endpoint protection can have serious
researchers from AI-driven Singapore-headquartered implications for businesses. Companies that face a debilitating
CloudSEK discovered a threat actor advertising a database cyber attack can suffer from:
of 1.2 Mn cards for free on a Russian-speaking Dark Web
„ Reputational loss
cyber crime forum. This followed another incident of 7.9 Mn
cardholder data advertised on the BidenCash website. This „ Loss of loyal customers
included data belonging to customers of the SBI.11 „ Poor employee morale
„ Leakage of sensitive data and information
Air India: In 2021, the company suffered a data breach that „ Disruptions to business operations
exposed the personal information of over 4.5 Mn customers. „ Negative revenue impact
The breach was caused by a vulnerability in an endpoint „ Loss of contracts or business partnerships, among
device used by an Air India employee.12 others

Bengaluru Power Outage: A power outage in Bengaluru in In its Cost of a Data Breach Report17, released by IBM in July
2020 was reportedly caused by a cyber attack, possibly due 2023, it showed the average cost of a data breach in India
to an endpoint security failure, raising concerns about critical reached $17.76 Cr ($2.14 Mn) in 2023 – an all-time high and
infrastructure vulnerabilities.13 almost a 28% increase since 2020. Detection and escalation
costs jumped 45% over this same time frame, representing
Flipkart: In 2020, the company was hacked by a group of the highest portion of breach costs and indicating a shift
attackers who gained access to the company’s network towards more complex breach investigations.
through a vulnerable endpoint device. The attackers stole the
personal information of over 10 Mn Flipkart customers.14 At nearly 22%, the most common attack type in India was
phishing, followed by stolen or compromised credentials
Paytm: Same year, the company suffered a data breach (16%). Social engineering was the costliest root cause of
that exposed the personal information of over 30 Mn Paytm breaches at $19 Cr ($2.29 Mn), followed by malicious
customers. The breach was caused by a vulnerability in an insider threats, which amounted to approximately $18.67 Cr
endpoint device used by a Paytm employee.15 ($2.25 Mn).18

ONGC: In 2015, the company was hit by a ransomware attack

that encrypted the company’s data and demanded a ransom
payment. The attack was believed to have been caused by a
phishing email that was sent to an ONGC employee.16

11. https://www.cnbctv18.com/technology/cowin-data-leak-here-are-the-biggest-breaches-in-indias-history-16909071.htm
12. https://www.businesstoday.in/latest/trends/story/exclusive-if-you-flew-air-india-your-data-could-be-compromised-346626-2022-09-07
13. https://www.thehindu.com/news/cities/mumbai/cyber-sabotage-led-to-october-2020-outage-in-mumbai-minister/article33964939.ece
14. https://www.businesstoday.in/industry/it/story/ecommerce-scam-chinese-hackers-targeted-indian-shoppers-during-flipkart-fes-
tive-sales-282012-2020-12-19
15. https://www.indiatoday.in/technology/news/story/personal-data-of-3-4-million-paytm-mall-users-reportedly-exposed-in-2020-data-
breach-1980690-2022-07-27
16. https://www.expresscomputer.in/news/identity-theft-ongc-falls-prey-to-cyber-fraud-loses-rs-197-crore/14185/
17. https://in.newsroom.ibm.com/IBM-Report-Average-cost-of-a-data-breach-in-India-touched-INR-179-million-in-2023. The Cost of a Data Breach
Report 2023, now in its 18th year, delivers essential insights to help security and IT teams better manage risk and limit potential losses.
18. https://www.ibm.com/reports/data-breach?_gl=1*1ggqhup*_ga*MTI5NjMwMjkxNi4xNjk1NjI4MzUz*_ga_FYECCCS21D*MTY5NTY0ODQ0OS42L-
jEuMTY5NTY0ODY2OC4wLjAuMA. Also see,
https://timesofindia.indiatimes.com/gadgets-news/average-cost-of-data-breach-in-india-has-hit-all-time-high-this-year-warns-ibm-report/article-
show/102112850.cms

© SKOCH 10
The Global Context

Frequency of Endpoint attacks In August 2023, LockBit stole 10 GB of data from Zaun
Ltd, UK based security fencing company by compromising
Global Incidents a “rogue” PC connected to an otherwise secure network.24
Security experts said, the theft was a reminder of the
According to a study by the Ponemon Institute, published in prevalence of outdated, unsupported and vulnerable devices
January 2020, 68% of organisations worldwide experienced linked to industrial networks and the risks they posed to entire
one or more endpoint attacks that successfully compromised supply chains. “However, we can now confirm that during the
data. The same report said that the frequency of endpoint attack LockBit managed to download some data, possibly
attacks had increased since the year before.19 limited to the vulnerable PC but with a risk that some data
Employer-owned desktops and laptops are the most often on the server was accessed. It is believed that this is 10
compromised endpoints. The types of endpoints reported GB of data, 0.74% of our stored data,” said Zaun in a breach
being compromised – employer owned desktops (69% total) update.25
and laptops (67%) top the list.20 A further study by Check ET CISO also reported that California based
Point also reported a rise, finding that, throughout 2021, the ultimageimpageprinting.com was also in LockBit 3.0’s victims
weekly average of ransomware attacks targeting corporate list. Other firms targeted were abro.se, which landed up
networks increased by 50%, compared to 2020.21 compromising 136 GB of data and GoForCloud.com.26
Email accounts for 94% of malware delivery methods — According to IBM, the global average cost of a data breach
web-based attacks account for 23% of cases, while Office in 2023 was $36.93 Cr ($4.45 Mn), a 15% increase over the
documents were used in 45% of cases.22 last 3-years. More than 51% of organisations are planning to
Examples of Recent Global Instances of Endpoint Attacks:23 increase security investments as a result of a breach, including
incident response (IR) planning and testing, employee
„ LockBit attack on Fersen – Turkey’s largest vinegar training and threat detection and response tools. It says, the
producer – 20 September 2023. average savings for organisations that use security AI and
automation extensively is $14.60 Cr ($1.76 Mn) compared to
„ ALPHV attack on Al Ashram – UAE’s leading
organisations that don’t.27
construction company – 20 September 2023.
„ Ragnar_Locker attack on Fructa Partner – France’s
largest fruit juice and non-alcoholic beverage
producer – 20 September 2023.
„ Medusa attack on Auckland Transport – Auckland
Council is responsible for transport projects and
services – 19 September 2023.
„ Akira attack on GLOVIS America – Major third party
logistics service provider in US and Canada – 19
September 2023.

19. https://www.morphisec.com/hubfs/2020%20State%20of%20Endpoint%20Security%20Final.pdf
20. https://cybriant.medium.com/15-shocking-stats-about-endpoint-security-solutions-c1f8e1f8a5c
21. https://blog.checkpoint.com/security/check-point-research-cyber-attacks-increased-50-year-over-year/
22. https://www.infosecurity-magazine.com/news-features/ten-2019-dbir-1-1-1-1/
23. https://www.breachsense.com/breaches/
24. https://www.zaun.co.uk/zaun-data-breach-update/
25. https://www.zaun.co.uk/zaun-data-breach-update/
26. https://ciso.economictimes.indiatimes.com/news/data-breaches/fullerton-india-resumes-operations-following-lockbit-3-0-ransomware-at-
tack-no-word-on-stolen-data/99761942
27. https://www.ibm.com/reports/data-breach
11
© SKOCH 11
CIO Agenda Task Force (CATF)

Indian CIOs are amongst the best in the world and therefore,
fully appreciate the enormous financial, compliance,
regulatory and operational risk associated with having
and now more prevalent Total Economic Impact (TEI) model
of Forrester Research. The Task Force found that the Forrester
TEI model was the closest in terms of a 360 evaluation, it
vulnerable systems deployed at the endpoint instead of more could not be used entirely in the Indian context because of the
reliable Macs. At the same time, they do end-up deploying following reasons:
vulnerable PC systems due to a lack of knowledge-based
argument to get reasonable budgets allocated. „ The highest priority for Indian enterprises is to expand
business while reducing cost and doing so with
The CIO Agenda Task Force (CATF) was formed to better security and sustainability.
understand as to why this is the case? „ Securities and Exchange Board of India (SEBI) has
It co-opted CIOs from 15 large enterprises as members mandated that top 1,000 listed enterprises have to
representing a diverse group from across industry segments follow Environmental, Social and Governance (ESG)
including Manufacturing, Financial Services, Markets, guidelines and report them as part of their Annual
Infrastructure, Digital Platforms, Banking, Asset Management Report.
Companies, Mutual Funds, Pharmaceuticals, Health and „ Some of the key performance indicators under these
Media. are as follows:
ƒ Risk Management, including:
In December 2022, the CIO Agenda Task Force held its first
I. Compliance Risk
research meeting and concluded the following:
II. Operational Risk
„ The endpoint security is a clear and present danger. III. Financial or Economic Risk
IV. Reputational Risk
„ Work From Home (WFH) and Work From Anywhere
(WFA) culture is further making the job of the ƒ Stakeholder Engagement including Employees
protecting enterprise systems difficult. and Customers

„ While Boards are quite sensitive to regulatory, ƒ Environmental Protection including Reduction in
compliances, financial and operational impact of Carbon Footprint and Energy Savings
endpoint security failures, it is a tough sell to get „ India has some of the most stringent Data Protection
higher budgets allocated to procure more secure and Intermediary Liability laws at the national level
Macs for the endpoints. and sector specific regulatory guidelines.
„ It was also decided to examine various cost evaluation „ Globally most enterprises look at customer
models and propose a model that takes into account satisfaction as the highest priority and some look
the Indian use case, which then can be presented at employee satisfaction for enhancing customer
as a knowledge-based quantifiable argument to the satisfaction.
Boards. „ While this too is a priority, it is only second to the
To this end, the Task Force examined various models like topmost priorities.
Total Cost of Ownership (TCO), Return on Investment (ROI)

Indian CIOs are amongst the best in the world and

therefore, fully appreciate the enormous financial, compliance,
regulatory and operational risk associated with having
vulnerable systems deployed at the endpoint instead of more
reliable Macs. At the same time, they do end-up deploying
vulnerable PC systems due to a lack of knowledge-based
argument to get reasonable budgets allocated.
© SKOCH 12
CIO Agenda Task Force (CATF)

“
„ Forrester model is focused on impact of employee
experience and having delivered a good experience;
better business outcomes, such as higher employee
engagement, enhanced customer experience and
reduced cost.
„ Therefore, it was decided to create an India specific We used to discuss
model that is called Comprehensive Economic
Impact (CEI) that can be used to better articulate
TCO and ROI. In
business benefits of deploying Macs at the endpoint. modern parlance
The benefits reflect the four-year financial analysis
associated with the unified organisation. these have subsumed
„ From the information and inputs provided by the into Comprehensive
interviewees, the Task Force constructed a CEI
framework for those organisations considering Economic Impact
adoption of Mac at the endpoints.
(CEI). It is necessary
Industry Region Interviewee Employees
to create a
Asset Management National CIO 5,000+ knowledge-based
Automotive National CIO 30,000+ argument for
Banking National CIO 85,000+
endpoint security to
Digital Platforms National CIO 5,000+
include, sustainability,
e-Commerce National CIO 5,000+

Entertainment National CIO 1,000+

net-zero, stakeholder
Healthcare

Hydrocarbon
National

National
CIO

CIO
62,000+

22,000+
involvement
and employee
“
Manufacturing National CIO 6,000+
satisfaction.
Media National CIO 11,000+

Pharma National CIO 40,000+

Retail National CIO 240,000+ CIO

Stock Exchange National CIO 4,000+ Banking Industry
Technology Service National CIO 5,000+

Telecom National CIO 50,000+

© SKOCH 13
Task Force Discussion Areas

“
„ The importance of considering endpoints and
security in the IT ecosystem is widely acknowledged.
The Task Force stressed on the adoption of a holistic
approach, stressing the constant evolution of security
measures to counter increasing endpoint threats.
„ Organisations need to look into a structured approach Most of the CIO have
to sustainability to encompass business, economic,
security, compliance and sustainability impact of IT
annual operating
solutions. plans and budgets,
„ Securing the network, endpoints and connectivity
entails a complex, many-to-many relationships,
which they have to
necessitating a shift in security paradigms. justify. Now we have
„ Protecting sensitive assets within data centres is a
continuous effort, with organisations facing a barrage
to go and explain
of cyber threats, particularly Distributed Denial-of- what is the business
Service (DDoS) attacks. Importance of vigilance at
the endpoint level need to enhance and users need to opportunity we are
be sensitised. going to bring and
„ Standardisation in networking enhances
interoperability and minimises risks associated with what innovation
reliance on particular vendors.
„ Digital transformation requires investments in capital
intensive areas and organisations should justify
“
are we planning to
bring to table to help
such investments. Safer networks allow continuous business grow.
innovations and should form part of Annual Operating
Plans (AOPs). If one looks at revenue and business
opportunity, then the cost part becomes only a figure
of speech.
CIO, Pharma Industry
„ Security issues are more prevalent today, so the
focus should be on holistic and sustainable growth
and secured scaling.
„ CEI is an approach to justify capital investment as it
takes into account all the potential factors that help
economise an organisation.
„ Organisations must focus on CEI and assess it over a
minimum period of 4-5 years.

Enterprise CIOs understand endpoint security

extremely well and they also appreciate that there is
an initial acquisition cost that seems to be higher but it
pays back manifolds over a period of time. So it is
important to work out a model that justifies the budgets
and explains these long-term benefits to the Boards.
© SKOCH 14
Comprehensive Economic Impact (CEI)

W hile it may seem that it is an additional cost that needs

to be borne, the risks of not implementing it can be
enormous.
methodology can help organisations demonstrate, evaluate
and justify the true value of business investments to senior
management and stakeholders.

To manage all this, the Chief Financial Officer (CFO) of an

organisation plays a crucial role, who needs to understand
TCO ROI CEI
the risks of these attacks. In most of the organisations,
Boards and the CFOs are in tune with where the company
stores its sensitive information and what should be prioritised
IT Impact
IT Costs
  
in terms of safeguarding and also who has access to it and
so on. With endpoints at the heart of every organisation, a
IT Cost Savings
  
clear understanding to implement endpoint security becomes Improved User
crucial for a CFO.
Business
Productivity &
Efficiency
 
Investment into this area can benefit the company in multiple Impact Improved
ways. Firstly, it helps the company in securing its data and
keeping the cyber criminals at a distance. An unprepared
Business
Efficiency
 
organisation is always at much more risk compared to a
prepared one. Secondly, one cyber attack can affect the
Compliance Risk

functioning of a company for months leading to more losses
and delayed plans etc. Thirdly, building a resilient cyber Risk
Operational Risk

security system can help the company in building the right Management
image, get the right talent, choose ideal partners and make
better and informed business decisions.
Financial or
Economic Risk 
Now, let’s address the issue of cost. How should a CFO
Reputational
Risk 
assess the cost of endpoint security and what should be the Employees
best practices while implementing it in the business. Stakeholder
Engagement &
Retention

Engagement
It comprises five essential components for assessing
investment value, with thirteen indicators that can be made
Customers
Satisfaction 
further granular, if required. Reduction in
Carbon Footprint 
CEI can help organisations create value by making well- Environmental
informed decisions and efficiently allocating resources.
It facilitates the assessment of the impact and risks tied to
Impact Energy Savings

technology investments, enabling organisations to make Net Zero


“
choices that align with their desired outcomes. The CEI
Table 2: Comprehensive Economic Impact (CEI) Model
TCO - Total Cost of Ownership
ROI - Return on Investment
CEI - Comprehensive Economic Impact

We should not look at TCO alone but total loss of

opportunity. It is all about how do you look at innovation
“
and the definition of building services in platforms.

CIO, IT Services Company

© SKOCH 15
Methodology

“
T he Task Force, formed in December 2022 undertook the
following activities:

„ Seven Research Meetings of a focus group of

CIOs were held in Delhi and Mumbai. These were
graciously hosted by the enterprise CIOs as Task
Force members.
Digitisation is
„ Twenty-five interviews were conducted on-field supposed to reduce
across seven large enterprises to collect the data and
inputs.
cost and bring in
„ Two enterprises agreed to be Proof-of-Concept efficiency. While
(PoC) centres, wherein Macs were deployed, made
operational, studied and results validated.
it needs higher
„ Data from the seven large enterprises has been IT budgets, on
clubbed to create a representative organisation.
the contrary the
„ Wherever data was not available from a respondent,
average of the balance respondents has been used investments are
a value.
shrinking. It is
important to justify
Comprehensive
Economic Impact
(CEI) to the Board. As
the Indian economy
is maturing, global
compliances are
coming in, viz., ESG;
which even SEBI is
“
taking cognisance of.

CXO
Consulting Company

© SKOCH 16
Key Findings

T he following benefits reflect four-year financial analysis

associated with the unified organisation.
„ 10,000 employees, 46% Mac devices deployed
during four years.

Assumptions „ Combining hardware, software, support and

operations costs over four years leads to cumulative
„ Based on the interviews, interactions and research cost advantage for Mac devices deployment.
meetings, SKOCH constructed a CEI framework, a „ Each cost and benefit category has a modelled risk
unified organisation and an ROI analysis that illustrate adjustment.
the areas financially affected (The unified organisation
is representative of the interviewee organisations and Conclusions
is used to present the aggregate financial analysis).
„ The acquisition cost of Mac device may be higher
„ Assuming out of 10,000 employees in an than a PC, but the residual value also being high,
organisation, 10% per cent of the employees (1,000 actually reduces the actual cost of Mac device.#
employees) chose a Mac instead of a PC as their new
or replacement machine in Year-1. This increases to
additional 11% in Year-2, additional 12% in Year-3 and
additional 13% in Year-4. By the end of Year-4, 46%
of the organisation (4,600 employees) used a Mac.28

$1,36,824
1800.00
($1,641.95)
1600.00 $1,16,823
($1,401.93)
1400.00 Costs PC MAC

1200.00 $57,515 $55,820

Acquisition Cost
($690.21) ($669.87)
1000.00
Acquisition Cost $925 $36
800.00 Deployment Cost
($11.10) ($0.43)
Deployment Cost
600.00 Software & $43,470 $52,495
Software & Refreshes ($521.66) ($629.97)
400.00 Refreshes
Ongoing Operations $34,914 $8,472
Ongoing Operations
200.00 & Support Cost ($418.98) ($101.67)
& Support Cost
0.00 $1,36,824 $1,16,823
Total
($1,641.95) ($1,401.93)
PC MAC

Table 3: SKOCH Analysis of Average Total Cost (A CIO Agenda Task Force Study based on data received from 7 large enterprises that currently deploy
Mac devices and PCs) – All figures are in Indian Rupees and US$

28. 10% added cumulatively each year.

# SKOCH Analysis.

© SKOCH 17
Key Findings

IT Impact Results
„ To account for these risks, the SKOCH CIO Agenda
Findings Based on Interviews
Task Force adjusted this benefit downward by 10%,
„ It takes an IT employee 10 minutes to set up a Mac yielding a four-year, risk-adjusted total PV (discounted
for provisioning instead of 120 minutes for a PC. at 10%) of approximately $4.48 Cr ($538,000).
„ The average fully burdened hourly salary for an IT
Conclusions
full-time employee (FTE) is $886 ($10.86).
„ Each PC user creates an average of three support „ There is reduced opportunity cost of downtime per
tickets per year. Mac.

„ Mac users create 25% fewer tickets than PC users „ Mac users create fewer tickets than PC users.
and each ticket costs 25% less to resolve than those
for PCs.
„ An IT FTE can manage an average of 200 PCs
compared to 500 Mac devices.

Risks
„ The average fully engaged salary of an IT FTE.
„ Whether or not the organisation uses Apple’s best
practices when deploying Macs across the company.

“ For network security, let’s take the analogy of Sita

Haran. If she did not cross the Laxman Rekha, it
would not have been possible for Ravana to kidnap
her. She outstepped and caused the trouble. Now
take Sita as the end-user and Laxman Rekha as the
Data Centre. Gone are the days when our crown
jewels were all in one data centre. Today, these are
everywhere so is our end user who is constantly
mobile. There is private cloud, public cloud, SAS
applications and more. There is an urgent need to
“
look into all aspects of security.

CIO, Manufacturing Industry

© SKOCH 18
Key Findings

IT Impact

Ref. Metric Source Year 1 Year 2 Year 3 Year 4

Time Required to Provision a

A1 120 120 120 120
PC (minutes)
Time Required to Provision a
A2 10 10 10 10
Mac (Minutes)

A3 Number of Macs Provisioned 1,000 1,100 1,200 1,300

Average Fully Burdened $886 $886 $886 $886

A4
Hourly Salary Per IT FTE ($11) ($11) ($11) ($11)
Subtotal: Reduced
A5 (A1 - A2)/60*A3*A4 19,489 21,438 23,387 25,336
Provisioning Effort
Average Number of Tickets
A6 5 5 5 5
Per PC Per Year
Reduced Number of Tickets
A7 40% 40% 40% 40%
Per Mac
Average Cost to Resolve $886 $886 $886 $886
A8
Tickets Per PC ($11) ($11) ($11) ($11)
Reduced Cost to Resolve
A9 25% 25% 25% 25%
Tickets Per Mac
$39.86 Lakh $83.71 Lakh $1.31 Cr $1.83 Cr
A10 Support Costs for PCs C1*C2*A6*A8
($47,837) ($100,457) ($157,861) ($220,048)

$3.98 Lakh $8.37 Lakh $13.15 Lakh $18.33 Lakh

A11 Support Costs for Macs C1*C2*A6*A7*A8*(1-A9)
($4,784) ($10,046) ($15,786) ($22,005)

Subtotal: Reduced Support $35.87 Lakh $75.33 Lakh $1.18 Cr $1.65 Cr

A12 A10-A11
Costs ($43,053) ($90,411) ($142,075) ($198,043)
Number of PCs Managed per
A13 200 200 200 200
IT FTE
Number of Macs Managed
A14 500 500 500 500
per IT FTE
Subtotal: Reduced ((C1*C2/A13) - (D1*D2/A14)) * $4.22 Lakh $25.10 Lakh $48.03 Lakh $73.01 Lakh
A15
Management Costs A4*2120-A5-A12 ($5,067) ($30,130) ($57,648) ($87,622)
Reduced IT Support and $56.33 Lakh $1.18 Cr $1.85 Cr $2.59 Cr
AT
Operational Costs ($67,609) ($141,979) ($223,110) ($311,001)

Risk Adjustment -10%

Reduced IT Support and

$50.70 Lakh $1.06 Cr $1.67 Cr $2.33 Cr
ATR Operational Costs (Risk
($60,848) ($127,781) ($200,799) ($279,901)
Adjusted)

$5.57 Cr
Four Year Total
($669,329.14)

$4.48 Cr
Four Year Present Value
($538,401.26)

© SKOCH 19
Key Findings

IT Cost Savings Results

„ To account for these risks, the SKOCH CIO Agenda
Findings Based on Interviews
Task Force adjusted this benefit downward by 5%,
„ A PC’s average additional OS license cost is $2,350 yielding a four-year, risk-adjusted total present value
($28.20) per year. (PV) of approximately $30 Cr ($3.6 Mn).
„ Additional endpoint security licenses for PCs cost an
Conclusions
average of is $8,850 ($106.20) per year per machine.
„ In terms of CEI, deployment of Mac devices far
Risks outweighs PC devices as an endpoint choice.
„ The number of employees who choose Mac. „ Average cost of endpoint deployment as Mac is far
„ The average cost of an enterprise PC and the residual more competitive than average deployment cost and
value after four years. overall benefits of PC in terms of CEI.

„ The number of an organisation’s endpoint licenses

may vary depending on which endpoint solutions are
replaced due to Mac’s underlying architecture and
included security features.
„ Additional OS and security license costs for PCs.

“ Mac devices are about zero touch deployment. It

automatically configures. It was particularly useful
during pandemic days. Sealed boxes were sent to
remote locations. The experience was seamless.

CIO, Healthcare Industry

“

© SKOCH 20
Key Findings

IT Cost Savings

Ref. Metric Source Year 1 Year 2 Year 3 Year 4

B1 Total Employees 10,000.0 10,000.0 10,000.0 10,000.0

B2 Percentage of Employees Who Choose Mac 10.00% 11.00% 12.00% 13.00%

B3 Number of Employees Who Choose Mac B1*B2 1,000.0 1,100.0 1,200.0 1,300.0

B4 Cumulative Macs Deployed C1*C2 1,000.0 2,100.0 3,300.0 4,600.0

$57,200 $57,200 $57,200 $57,200

B5 Average Cost Per PC
($686) ($686) ($686) ($686)

B6 Residual Value for PCs after four years 3.47% 3.47% 3.47% 3.47%

$2,350 $2,350 $2,350 $2,350

B7 Additional OS license costs
($28.20) ($28.20) ($28.20) ($28.20)

$8,850 $8,850 $8,850 $8,850

B8 Additional Endpoint Security Licenses
($106) ($106) ($106) ($106)

((B3*B5) -
$6.64 Cr $8.42 Cr $10.32 Cr $12.32 Cr
B9 Subtotal: Avoided PC Costs (B3*B5*B6)) +
($797,009) ($1,011,115) ($1,238,662) ($1,479,649)
(B4*(B7+B8))

$800 $800 $800 $800

B10 Annual Energy Costs Per PC
($9.6) ($9.6) ($9.6) ($9.6)

B11 Reduced Energy Costs Per Mac 80% 80% 80% 80%

$6.51 Lakh $13.67 Lakh $21.48 Lakh $29.95 Lakh

B12 Subtotal: Reduced Energy Costs B10*B11*B4
($7,815) ($16,411) ($25,789) ($35,948)

$6.07 Cr $8.56 Cr $10.53 Cr $12.62 Cr

BT IT Cost Savings B9+B12
($804,823) ($1,027,526) ($1,264,450) ($1,515,597)

Risk Adjustment -5%

$6.37 Cr $8.13 Cr $10 Cr $11.99 Cr

BTR IT Cost Savings (Risk Adjusted)
($764,582) ($976,150) ($1,201,228) ($1,439,817)

$36.51 Cr
Four Year Total
($4,381,776.29)

$30 Cr
Four Year Present Value
($3,601,009.84)

© SKOCH 21
Key Findings

Stakeholder Engagement Results

„ To account for these risks, the SKOCH CIO Agenda
Findings Based on Interviews
Task Force adjusted this benefit downward by 20%,
„ Each employee who uses a PC spends an average yielding a four-year, risk-adjusted total present value
of 5-minutes per day waiting for tasks like waking or (PV) of approximately $21.80 Cr ($2.36 Mn).
rebooting the computer and loading large files. Mac
users spend an average of 1-minute daily waiting for Conclusions
these tasks. „ There is increased employee satisfaction and better
„ The average fully burdened annual salary of an end-user delight and engagement.
employee is $24 Lakh ($28,800). „ It takes less time to waking or rebooting the computer
„ The organisation re-allocates 100% of the time or loading large files, thus enhancing employee
savings toward productive work. productivity.
„ Employees using Mac are considered privileged
Risks
compared to PC users.
„ The number of employees who choose Mac and their
average burdened salaries.
„ Productivity capture.
„ Reduced opportunity cost of downtime per Mac.
„ Average number of tickets per PC/year.

“
Any techy or developers you take, they find Mac
much more easier to use because of security,
speed and performance. Other endpoint devices
“
are prone to attack. Globally, corporates are
turning in favour of Mac as an enterprise operating
system.

CIO, Stock Exchange

© SKOCH 22
Key Findings

Stakeholder Engagement

Ref. Metric Source Year 1 Year 2 Year 3 Year 4

C1 Number of Employees 10,000 10,000 10,000 10,000

Percentage of Employees Using
C2 10% 21% 33% 46%
Mac
Average Time for PC Wake/
C3 5 5 5 5
Reboot Daily (minutes)
Average Time for Mac Wake/
C4 1 1 1 1
Reboot Daily (minutes)
C5 Average Workdays Per Year 265 265 265 265

Average Fully Burdened Annual $24 Lakh $24 Lakh $24 Lakh $24 Lakh
C6
Employee Salary ($28,801.15) ($28,801.15) ($28,801.15) ($28,801.15)
Average Fully Burdened Hourly $1132 $1132 $1132 $1132
C7
Employee Salary ($13.6) ($13.6) ($13.6) ($13.6)

C8 Productivity Capture 20% 20% 20% 20%

Subtotal: Improved Producitivity C1*C2*(C3- $40 Lakh $84 Lakh $1.32 Cr $1.84 Cr
C9
from Quicker Start-Up C4)/60*C5*C7*C8 ($48,001.92) ($100,804.03 ($158,406.33) ($220,809)

C10 Number of Employees Using Mac C1*C2 1,000 2,100 3,300 4,600
Average Fully Burdened Annual $24 Lakh $24 Lakh $24 Lakh $24 Lakh
C11
Employee Salary ($28,801.15) ($28,801.15) ($28,801.15) ($28,801.15)
Average Number of Tickets Per
C12 4 4 4 4
PC Per Year
Reduced Number of Tickets Per
C13 25.00% 25.00% 25.00% 25.00%
Mac
Average Opportunity Cost of $6,268.8 $6,268.8 $6,268.8 $6,268.8
C14
Downtime per PC ($75.2) ($75.2) ($75.2) ($75.2)
Reduced Opportunity Cost of
C15 20% 20% 20% 20%
Downtime per Mac
$2.50 Cr $5.58 Cr $9.29 Cr $13.73 Cr
C16 Total Opportunity Cost for PCs
($300,912.31) ($631,915.85) ($993,010.62) ($1,384,196.63)

$12.24 Lakh $27.25 Lakh $45.40 Lakh $67.08 Lakh

C17 Total Opportunity Cost for Macs
($14,693.98) ($30,857.37) ($48,490.15) ($67,592.34)

C18 Productivity Capture 100% 100% 100% 100%

Subtotal: Improved Productivity $2.38 Cr $5.30 Cr $8.84 Cr $13.06 Cr

C19 (C16-C17)*C18
from Lesser Downtime ($286,218.32) ($601,058.48) ($944,520) ($1,316,604)

Improved Employee Productivity $2.78 Cr $6.14 Cr $10.16 Cr $14.90 Cr

CT
and Engagement ($334,220.24) ($701,862.51) ($1,102,927) ($1,537,413)

Risk Adjustment -20%

Improved Employee Productivity $2.22 Cr $4.91 Cr $8.13 Cr $11.92 Cr

CTR
and Engagement (Risk Adjusted) ($267,376) ($561,490) ($882,341) ($1,229,930)

$27.20 Cr
Four Year Total
($2,941,138.14)

$21.80 Cr
Four Year Present Value
($2,365,820.33)

© SKOCH 23
Key Findings

Risk Management Results

„ To account for these risks, the SKOCH CIO Agenda
Findings Based on Interviews
Task Force adjusted this benefit downward by
„ The unified organisation experiences an average of 20%, yielding a four-year, risk-adjusted total PV of
2.5 data breaches annually. approximately $42 Cr ($5.04 Mn).
„ The average security breach cost is $42.5 Cr ($5.1
Conclusions
Mn), including fines, fees and the cost of remediation
efforts. „ Lesser security incidences on Mac devices lead to
„ Mac reduces the likelihood of a data breach by 50% cost-effectiveness and higher productivity.
per device. „ Mac reduces the likelihood of a data breach.
„ Each security breach leads to approximately 3.6
hours of user downtime and impacts 20% of the
organisation.
„ A worker’s average fully burdened hourly salary is
$1,132 ($13.58).

Risks
„ The average number of breaches experienced
annually.
„ The overall scale and impact of a data breach.
„ The adoption of Mac at the organisation.

“ Apple’s inbuilt encryption security solutions or

technologies have become industry benchmark
and are emulated by leading players.
“
CIO, Large Media House

© SKOCH 24
Key Findings

Risk Management

Ref. Metric Source Year 1 Year 2 Year 3 Year 4

Average Number of Data

D1 2.5 2.5 2.5 2.5
Breaches Per Year
Average Potential Cost of a $46.72 Cr $46.72 Cr $46.72 Cr $46.72 Cr
D2
Data Breach ($5,606,718) ($5,606,718) ($5,606,718) ($5,606,718)
Percentage of Employees
D3 C2 10% 21% 33% 46%
Using Mac (%)

Reduced Likelihood of
D4 50% 50% 50% 50%
Data Breach Using Mac

Number of Data Breaches D1 - ((D1*(1-

D5 0.13 0.26 0.41 0.58
Avoided Using Mac D3))+(D1*D3*D4))
Percentage of Data
D6 Breaches Avoided Using D5/D1 5.00% 10.50% 16.50% 23.00%
Mac

Subtotal: Avoided Cost of $5.84 Cr $12.26 Cr $19.27 Cr $26.86 Cr

D7 D1*D2*D3*D4
Downtime ($700,839.77) ($1,471,763.53) ($2,312,771.26) ($3,223,862.98)

Cumulative Number of
D8 B4 1,000.0 2,100.0 3,300.0 4,600.0
Macs Deployed
Average Fully Burdened $1132 $1132 $1132 $1132
D9 C7
Hourly Employee Salary ($13.6) ($13.6) ($13.6) ($13.6)
Diminished/ Eliminated
D10 User Productivity Hours 3.6 3.6 3.6 3.6 3.6
Per Data Breach

Average Percentage of
D11 Employees Affected by 20% 20% 20% 20%
Downtime

Subtotal: Cost of Reduced $10.18 Lakh $21.39 Lakh $33.62 Lakh $46.86 Lakh
D12 D1*D4*D8*D9*D10*D11
Internal Productivity ($12,226.90) ($25,676.49) ($40,348.78) ($56,243.75)

Reduced Risk of a Data $5.94 Cr $12.47 Cr $19.06 Cr $27.33 Cr

DT D7+D12
Breach ($713,066.68) ($1,497,440.03) ($2,353,120.05) ($3,280,106.74)

Risk Adjustment -20%

Reduced Risk of a Data $4.75 Cr $9.98 Cr $15.68 Cr $21.86 Cr

DTR
Breach (Risk Adjusted) ($570,453.34) ($1,197,952.02) ($1,882,496.04) ($2,624,085.39)

$52.28 Cr
Four Year Total
($6,274,986.81)

$42.06 Cr
Four Year Present Value
($5,047,532.85)

© SKOCH 25
Key Findings

Environmental Impact has pledged to reduce its emissions by 55% by 2030 and
reach net zero by 2040. The study found that “Wipro’s
On an average, as per different industry reports, switching to
previous standard Windows laptop produced an average of
a Mac can help organisations reduce their carbon footprint by
365 kg of CO2 emissions per year. That 204 kg difference
44% on each device.29
applied across the thousands of devices, Wipro's switch to
„ In Year-1, after the deployment of 1,000 Macs, the Mac eliminates 27,865,890 kg of CO2 emissions per year –
unified organisation offsets 129 MT of CO2 emission. about the same as reducing 3.1 Mn gallons of gasoline CO2
emissions.”31
„ After the deployment of 2,100 Macs in Year-2,
a unified organisation offsets 270.9 MT of CO2
emission. Conclusions
Carbon Offset in C02e
„ In the Year-3, a unified organisation offsets 425.7 (1 „
MT CO2e = 1,000
In addition Kg CO2e)
to overall cost saving, Mac deployment
MT of CO2 emission after cumulative deployment of also helps organisations reduce their carbon footprint
3,300 Macs in three years. to an extent of 44% each device.
„ At the end of Year-4, after deploying cumulative 46% „ Organisations also save on energy costs as each Mac
of Macs, a unified organisation offsets 593.4 MT of requires 80% less energy on average than a PC.
CO2 emission. „ It may help organisations meet Environmental, Social
„ Each Mac requires 80% less energy on average than & Governance (ESG) and Net Zero goals as set by the
a PC. Macs are more energy efficient. regulators and the government.
For example, according to a recent report (2022), Wipro

PC3 315 Carbon Offset in C02e

PC2 296 (1 MT CO2e = 1,000 Kg CO2e) 593.4 MT

PC1 275

171
425.7 MT
MacBook Air 13 M2

MacBook Air 13 M1 161

270.9 MT
(Kg) 0 50 100 150 200 250 300 350

129 MT
Device Average CO2e
Apple 166 kg
Others 295 kg 1,000 2,100 3,300 4,600

Table 4: Average Carbon Footprint – MacBook Air 13 M1, MacBook Air Table 5: SKOCH Analysis of Average Carbon Offset on CO2e -
13 M2, PC1, PC2, PC3 are different configurations30 (Device CO2 in kg) Estimated deployment of Macs

29. Refer https://www.energystar.gov

30. Refer https://www.energystar.gov/productfinder/product/certified-computers/details/2371723/export/pdf
31. https://www.wipro.com/partner-ecosystem/apple/case-studies/giving-wipro-employees-the-power-of-choice/

© SKOCH 26
Key Findings

Typical Carbon Emission

MacBook PC1 PC2

400 375
339
325
315
290
Carbon footprint (kg CO2e)

300 315
255 299 296
229
255
200 222 176 174
161

100

0
2017 2018 2019 2020 2021
Year

Table 6: Typical Carbon Emission Based on a Comparison of MacBook Air and PC Device 1 and PC Device 2 32

32. https://www.apple.com/environment/pdf/products/notebooks/13-inch_MacBookPro_PER_Nov2020.pdf
https://www.dell.com/en-au/dt/corporate/social-impact/advancing-sustainability/sustainable-products-and-services/product-carbon-footprints.
htm#scroll=off&tab0=1&pdfoverlay=//corporate.delltechnologies.com/asset/en-au/products/laptops-and-2-in-1s/technical-support/latitude-5320-
2-in-1-pcf-datasheet.pdf
https://h22235.www2.hp.com/hpinfo/globalcitizenship/environment/productdata/Countries/_MultiCountry/productcarbonfootprint_note-
bo_20214142527351.pdf

© SKOCH 27
Key Findings

Set Up Costs Conclusions

„ It is economical to set up a Mac in comparison to a
Findings Based on Interviewees
PC.
„ The average annual cost for a third-party mobile device
„ It takes an IT professional about 10-minutes to set
management (MDM) is $6,000 ($72) per employee.
up a Mac in comparison to an average 120-minutes
Risks for a PC.

„ The number and type of Mac devices deployed.

„ Annual costs of a third-party MDM may vary depending
on the deployment size, hosting requirements, and
required implementation or integration costs.

Results
„ To account for these risks, the SKOCH CIO Agenda
Task Force adjusted this benefit downward by
15%, yielding a four-year, risk-adjusted total PV of
approximately $26.95 Cr ($3.23 Mn).

“ Mac provides an experience for the end-user

and security is an integral part of it and is not an
“
afterthought. Also it is not just about the upfront
cost, it is also about the support cost, which gives it
an edge.

CXO, IT Industry

© SKOCH 28
Key Findings

Set Up Costs

Ref. Metric Source Year 1 Year 2 Year 3 Year 4

Number of Macs
E1 1,000 1,100 1,200 1,300
Deployed

Cumulative Number of Macs

E2 1,000 2,100 3,300 4,600
Deployed

$74,000 $74,000 $74,000 $74,000

E3 Average Cost Per Mac
($888.04) ($888.04) ($888.04) ($888.04)

Subtotal: Annual Cost of New $7.40 Cr $8.14 Cr $8.88 Cr $9.62 Cr

E4 E1*E3
Macs ($888,035.52) ($976,839.07) ($1,065,642.62) ($1,154,446.17)

Cost of Third-Party MDM $6,000 $6,000 $6,000 $6,000

E5
Solution Per Mac ($72.00) ($72.00) ($72.00) ($72.00)

Subtotal: Total Cost of MDM and $60 Lakh $66 Lakh $72 Lakh $78 Lakh
E6 E1*E5
Additional Software ($72,002.88) ($79,203.16) ($86,403.45) ($93,603.74)

Residual Value of Mac After Four

E7 25% 25% 25% 25%
Years

$1.86 Cr $2.05 Cr $2.23 Cr $2.40 Cr

E8 Subtotal: Residual Value
($223,887.36) ($246,276.10) ($268,664.83) ($291,053.57)

$6.13 Cr $6.74 Cr $7.36 Cr $7.97 Cr

ET Initial Set Up Costs E4+E6-E8
($736,151.04) ($809,766.14) ($883,381.24) ($956,996.34)

Risk Adjustment C15%

$7.05 Cr $7.75 Cr $8.46 Cr $9.17 Cr

ETR Set Up Costs (Risk Adjusted)
($846,573.69) ($931,231.06) ($1,015,888.43) ($1,100,545.80)

$32.45 Cr
Four Year Total
($3,894,238.99)

$26.95 Cr
Four Year Present Value
($3,235,174.43)

© SKOCH 29
© SKOCH