The only way to find out the benifit of network security is a risk assessment. If you don't know the risks and associated vulnerabilities, you cannot determine if a security implementation is cost effective.
Thanks for the response. Can you recommend any good documentation for some ideas how to get this through to the client.
Here is a link to an IDS ROI article. It goes through the basics of Risk assessment as well.