News & Events

News & Events

CFO Guide to Physical Security Consolidation: The Business Case That Gets Budget Approved

Unlock the full potential of Wavestore v6.48 -view our launch presentation today and explore the latest innovations in video management.

VIEW PRESENTATION

Most physical security consolidation proposals are killed in the finance committee — not because the technology case is weak, but because the financial case was never built. The security director presents a platform comparison. The CFO asks what it costs over five years. The meeting ends with a request for more information that never materialises into a budget line.

This guide is for the security and IT leaders preparing that CFO meeting. It covers the financial language, the cost model, and the five specific numbers that determine whether a physical security consolidation business case survives contact with a finance committee — or doesn't.

For the architectural case for unification, see our complete guide to unified security platforms.

The Price on the Quote Is the Smallest Number in the Room

Physical security consolidation cost is not the number on the procurement quote. It is the total 5-year expenditure of replacing fragmented video management and access control systems with a unified platform — including hardware migration, licence delta, integration maintenance, and operational impact. Accurately modelled, it is typically 15–25% lower than the cost of maintaining a fragmented stack over the same period.

Physical security consolidation cost is the total 5-year expenditure of replacing fragmented video management and access control systems with a unified platform — covering hardware migration, licence delta, integration maintenance, and operational impact. Accurately modelled, it is typically 15–25% lower than maintaining a fragmented stack over the same period.

The procurement quote represents approximately 30% of the total cost of ownership for an electronic physical security system over a 7–10 year lifecycle. The remaining 60–70% — maintenance contracts, IT labour, licence renewals, storage refresh, integration requalification after every firmware update — accumulates invisibly in operational budgets across multiple departments. A system with a £50,000 upfront cost routinely delivers £200,000 or more in total lifecycle expenditure — a 4× multiplier documented across electronic physical security deployments by independent total cost of ownership analyses.

CFOs who understand this dynamic ask a different question at the proposal stage. The question is not "what does this cost to buy?" but "what does this cost to operate, at scale, over the period we plan to use it?"

A consolidation business case that cannot answer that question in specific, auditable figures will not survive a competent finance committee. One that can — with a clear 5-year model, a defined payback period, and a quantified risk reduction — usually does.

CapEx or OpEx? The Question That Decides the Budget Cycle

Security leaders approaching a CFO with a consolidation proposal need to understand how the finance team will classify the expenditure — because that classification determines which budget it comes from, when it can be spent, and how it appears on the balance sheet.

The standard classification: Software licences and professional services are typically treated as operating expenditure (OpEx) — expensed in the year incurred, fully deductible, and funded from the operational budget without capital approval. Hardware — servers, controllers, cameras, cabling — is typically capital expenditure (CapEx), depreciated over the asset's useful life and requiring a separate capital approval process.

Where consolidation creates a budget advantage: A migration path that preserves existing field hardware changes the financial classification of the entire project. Field hardware — controllers, reader interfaces, IO boards, door hardware, and cabling — represents as much as 90% of total access control deployment cost. A controller-only upgrade that preserves all downstream hardware means the CapEx component of the migration is limited to the replacement controllers alone. The rest of the project — software, licences, configuration, and professional services — is OpEx.

This matters for budget approval timing. OpEx is typically available within the existing operational budget. CapEx requires a capital request, a longer approval cycle, and often a higher approval threshold. A consolidation proposal that is primarily OpEx in nature can be approved faster, from existing budget, without competing in the annual capital allocation process.

The financial framing, correctly built, does not present consolidation as a capital investment. It presents it as an operational cost reduction with a defined payback period.

The Hidden Costs in Any Physical Security Consolidation — and Why They Don't Appear on the Quote

What procurement sees vs. what finance pays: the physical security TCO split

Initial purchase price

~30%

Hidden operating costs
(7–10 yr lifecycle)

~70%

TCO multiplier
(upfront vs total)

3–4×

Quote (30%)
Hidden operating costs (70%)

What makes up the hidden 70%

Maintenance contracts
Largest single component
Licence renewals & headcount scaling
Compounds with team growth
Integration requalification
Recurring & unbudgeted
Storage & hardware refresh
Mid-lifecycle spend

Sources: SecurityInfoWatch — OpEx, CapEx and Upgrading Existing Security Systems; Axis Communications; industry TCO analysis. Initial procurement price typically represents 25–35% of the 7–10 year total cost of ownership for electronic physical security systems.

The gap between the cost a finance team expects and the cost it eventually pays for a fragmented physical security stack comes from four cost categories that rarely appear on a procurement quote.

The Physical Security TCO Stack — a cost framework developed specifically for physical security environments — identifies these four dimensions. A complete consolidation business case must quantify each one.

Integration maintenance overhead. In a fragmented stack, video management and access control are connected through middleware — integration layers that must be retested and requalified every time either system receives a firmware update or a vendor issues a new release. This requalification cycle is recurring, invisible in initial procurement costs, and frequently consumes 20–40% of an IT analyst's productive week during active update periods. Across a 5-year operational period, the accumulated labour cost of this maintenance typically exceeds the initial cost of the integration itself.

Per-operator licensing compounding. Platforms that charge per operator seat — common in enterprise video management and access control — increase in cost as security teams grow. A platform that costs £X per operator at current headcount costs £2X when the team doubles. At 2× team size over a 5-year period, the delta between a per-operator licensing model and a per-device model with unlimited operators can represent a significant budget line that does not appear in Year 1 procurement.

Support escalation costs. When a fragmented stack fails — and integration failures are the most common failure mode — support escalation involves multiple vendors, multiple contracts, and the near-certain finger-pointing that occurs when a fault sits at the boundary between two systems. The labour cost of managing multi-vendor escalations, and the operational cost of extended resolution times, is not captured in any individual maintenance contract.

Parallel system overlap. Most migrations involve a period during which both the legacy and new platforms operate simultaneously. If this period is not planned and bounded, it becomes an uncontrolled cost — double licensing, double support contracts, and staff training time that extends beyond the project budget.

The Five-Number CFO Brief

Physical security consolidation proposals that succeed in finance committees do so because they contain five specific numbers — each independently auditable, each addressing a question a competent CFO will ask. This framework is the Physical Security Consolidation CFO Brief.

Number What it measures How to calculate it
1. Year 1 licence delta Per-operator vs. per-device cost at current team size Current platform annual licence ÷ operator count vs. unified platform annual licence per device
2. 5-year licence delta at 2× team size The compounding cost of per-operator licensing Multiply Year 1 delta by 5, adjusted for projected headcount growth
3. Hardware preservation credit CapEx avoided by controller-only upgrade Identify existing compatible controllers and downstream hardware; multiply preserved units by replacement cost
4. Integration maintenance avoidance Annual OpEx eliminated by removing middleware Estimate IT analyst hours currently spent on integration maintenance; multiply by fully-loaded day rate
5. Resilience liability quantification Financial cost of a 4-hour WAN outage Quantify: access control failure cost per hour in your environment × 4, annualised by outage frequency

The Five-Number CFO Brief

Five independently auditable figures every physical security consolidation business case must contain.

01

Year 1 licence delta

Per-operator seat cost versus per-device, unlimited-operator pricing at current team size. This is the baseline annual saving — or additional cost — of the consolidated platform, before any other efficiency is counted.

Current annual licence ÷ operator count vs unified platform per device
02

5-year licence delta at 2× team size

Run the Year 1 model at twice the current operator count. Per-operator licensing grows with headcount; per-device with unlimited operators does not. The compounded five-year delta between these two models often turns a marginal business case into a clear one.

Key stress test: run the model at 2× team size
03

Hardware preservation credit

Identify every compatible camera and controller that migrates without replacement. Field hardware — controllers, readers, IO boards, door hardware, cabling — represents as much as 90% of total access control deployment cost. Every unit preserved is capital expenditure removed from the migration invoice.

Field hardware = up to 90% of access control deployment cost
04

Integration maintenance avoidance

Estimate the IT analyst hours currently consumed by middleware requalification, integration testing, and multi-vendor support escalation. Multiply by fully-loaded day rate. This operational cost line disappears on day one of a unified platform deployment — because there is no middleware to requalify.

Middleware requalification: recurring cost, invisible at procurement
05

Resilience liability quantification

If your current platform requires cloud or WAN connectivity for access control decisions, quantify the operational and financial cost of a four-hour outage in your specific environment. For a hospital, an airport, or a critical infrastructure site, this figure is material. It should be calculated explicitly — not assumed to be zero.

Cloud-dependent access control = unquantified balance sheet liability

Building the 5-Year Model: Payback Period and IRR

A CFO evaluating a consolidation proposal will typically apply two financial tests: payback period and return on investment. Both are calculable from the five numbers above.

Payback period is the point at which cumulative savings from consolidation exceed the total cost of the migration. For a physical security consolidation with significant hardware preservation, migration costs are primarily OpEx — professional services, configuration, and the controller-only hardware replacement. Savings accumulate from Year 1 through the licence delta, the integration maintenance avoidance, and the support escalation reduction. For deployments where the hardware preservation credit is substantial, the payback period typically falls within the organisation's standard technology refresh cycle — making consolidation financially comparable to a like-for-like system refresh, but with meaningfully lower ongoing operational cost.

IRR framing is useful for CFOs who manage capital allocation across multiple competing projects. If the consolidation migration involves any CapEx component, presenting the internal rate of return against the organisation's cost of capital — or against the IRR of alternative capital investments — positions it correctly as a financial decision, not a technology decision.

The closest rigorous measurement of platformization ROI comes from the adjacent cybersecurity domain: IBM's Institute for Business Value, with Palo Alto Networks, found that organisations consolidating onto a unified platform achieved an average ROI of 101%, versus 28% for those running fragmented tool stacks. Physical security economics differ in the detail, but the direction — consolidation outperforming fragmentation on return — is consistent with the cost model above. Our unified security platform ROI analysis covers the full evidence base and calculation methodology.

One structural note for the CFO presentation: The model should show three scenarios — conservative (hardware preservation minimal, team size flat), base (50% hardware preserved, team +50%), and optimistic (90% hardware preserved, team doubles). CFOs trust models with scenarios more than models with single-point estimates, because scenarios demonstrate that the proposer has considered what happens when assumptions are wrong.

The Evaluation Question to Ask Every Physical Security Consolidation Vendor

A physical security consolidation business case built on the Five-Number CFO Brief gives finance leadership the specific, auditable figures a budget approval requires. But before committing to any platform, one evaluation question should be put to every vendor under consideration.

A vendor that cannot answer this question with specific numbers — not marketing language, not a cost-savings estimate, but a line-by-line 5-year model — has not built a consolidation platform. It has built a product that requires its own integration, its own maintenance, and its own refresh cycle.

WaveFusion is designed to pass this test. Sensor-based licensing — one licence per camera, one per reader, unlimited operators — means the 5-year model at 2× team size looks identical to the Year 1 model. A controller-only migration path means the hardware preservation credit is substantial. And access control decisions executed at the edge, without WAN dependency, means the resilience liability in Number 5 can be removed from the model entirely.

If you are preparing a consolidation business case and would like to run the Five-Number CFO Brief against your current estate, Wavestore's technical team can model it against your specific device count, team size, and environment.

Book a consultation with Wavestore's technical team

Sources

A group of five diverse business professionals smiling and engaging in a lively meeting around a table with laptops.

View Wavestore v6.40 presentation

Solutions for a world we can't yet see. Discover v6.40 features helping people and businesses.

View Wavestore v6.48 presentation

Solutions for a world we can't yet see. Discover v6.48 features helping people and businesses.