More smart objects and more applications on the Internet of Things (IoT) mean more security challenges. In IoT security is crucial but difficult to obtain. On the one hand the usual trade-off between highly secure and usable systems is more impelling than ever; on the other hand security is considered a feature that has a cost often unaffordable. Therefore, IoT designers not only need tools to assess possible risks and to study countermeasures, but also methodologies to estimate their costs. Here, we present a methodology, based on the process calculus IoT-LySa, to infer quantitative measures on evolution of systems. The derived quantitative evaluation is exploited to establish the cost of the possible security countermeasures, in terms of time and energy.