We have seen good ROI with the tool's use. 

We found it to improve our processes and findings. 

The solution is paying for itself, as our applications are more secure.

We have found several hundred medium to high level vulnerabilities in our applications. In just one application, we were able to identify 75 of these vulnerabilities.

It saved us many weeks of work.

We didn't sell anything with Acunetix, so it was just an improvement for ourselves.

If someone would have hacked us, they probably would have caused much damage. However, now with Acunetix, they shouldn't be able to cause to damage.

Return on investment is hard to track because it really depends on the criticality of the vulnerabilities and what the business costs or impact could be if those vulnerabilities were actually exploited. We have a vigorous application security program so testing activities like SAST and DAST must take place. I know if we were to remove our DAST program and not test our websites, we could see an immediate cost-effect as a result. But since Acunetix is used as a secondary tool, we don't know if it actually provided any real cost metrics where we could say: "Okay, because of our use, we have saved X amount of dollars because it found Y amount of vulnerabilities that saved us Z amount of time remediating." Those metrics are not known.

We have absolutely seen ROI. 

After two years it's about 300%.

I can't share data points, but we have seen ROI. Otherwise, we wouldn't have renewed the license. Every year we evaluate if we're going to keep a vendor or not. Since we have renewed our license, we think it has ROI value.

It's impossible to answer whether it has saved us money in the long-term, but of course, since we use automatic tools, we don't need as many personal testers. However, personal testers also find a lot of bugs that automatic tools don't find. You need a combination of both.

We have seen ROI with Acunetix. That's the most convincing point I have to prove to my management when it comes to the next budgeting cycle. The ROI is seen in the fact that, at the time of application releases, we hold off the risk. When we do the assessment, we see that the distributed cost of Acunetix, across all our releases reduces our risk. It's a very convincing point.