As we talked about throughout the month of October, cyber threats are happening every day. We need to ensure that we are taking every precaution to defend ourselves. We should determine what is our risk and decide what are our cybersecurity budget should be. While there are plenty of free cybersecurity tools out there for our personal use. But most of them simply aren’t fit for use in a small to medium sized business. At the very least, you will need to acquire and implement security-related software like antivirus programs, VPN services, etc. This article is aimed at helping you resolve that big question: How much should your company spend on cybersecurity?
Assess Your Risk
The greater your risk, the more money you should budget for cybersecurity purposes. First, you need to think about the kind of business in question. Some industries are much more likely to be targeted than others, so you need to know where you fall on that spectrum. To get some reliable numbers, a recent study from IBM shows the following:
- Most Likely to Be Targeted: Health Care, Financial Services, Professional Service and Pharmaceuticals
- Somewhat Likely to Be Targeted: Technology, Energy, Education and Industrial
- Average Risk of Being Targeted: Construction, Property Management, Entertainment, Consumer, Media, Transportation and Communication
- Less Likely to Be Targeted: Hospitality, Retail, Research, and Public
Of course, this list doesn’t cover every business, but it should give you a good idea of where things stand. We emphasize that any business might be targeted, whether large or small.
That brings us to the next consideration: The size of your company. Small businesses are targeted more often (because they are easier targets), but there is a catch. Larger businesses may get hacked less often, but they stand to lose a lot more when it happens. This is true in terms of both money and reputation.
Where Does the Budget Go?
The term “cybersecurity budget” doesn’t mean a whole lot by itself. We need specifics and concrete ideas here. Before you can sit down and budget this kind of thing, you need to think about where that money is going. There isn’t a universal answer, of course, as it depends on your needs. Still, here are some of the most common cybersecurity expenses.
Security Software
At the bare minimum, you are going to need a good antivirus software. There are subscription fees, of course, and corporate accounts are going to pay more than an individual user. However, this won’t be a significant expense. If it is, then you need to find a different AV provider. Other software priorities might include:
- A Business Continuity and Disaster Recovery Solution (how you keep the business running when there’s an issue or disaster and/or you can’t get to your systems or into your building)
- Network monitoring and/or mapping (someone else’s eyes on your network operations)
- An encrypted cloud backup service (a backup of your systems to the cloud means you could be up and running from anywhere)
- An encrypted email service (protect potentially sensitive information that could be sent via email)
- A VPN service or proxy (to secure your data over public networks and more)
Hardware Costs
Firewall software is a must, but you, personally, can generally get that for free. However, businesses should consider a dedicated firewall. This is a device that connects to your router and filters all traffic before it even reaches the network. Firewalls make a good first line of defense, so you want them to be as strong as possible.
You might also wish to segregate certain data from the rest, due to its higher level of sensitivity or importance. If so, you will probably want to put that data on a separate device that has been fully secured. Depending on the circumstances, you might need extra servers, extra routers, and cables, extra desktops, laptops, or mobile devices, etc.
Service Costs
Unless you have IT personnel on staff with the proper training, you will need to pay people (preferably cybersecurity experts) to implement these measures. There are all kinds of professionals in the cybersecurity field, and none of them offer their services for free. Overall, it is worth the money to have someone with the expertise to get the job done right. Cybersecurity really does require an expert hand, so don’t hesitate to hire it.
Training Costs
Implementing new security measures will often mean that the end-users will have to adjust their habits accordingly. This is necessary because of a simple and well-known truth: security software and hardware doesn’t do any good unless you use them correctly. Many well-equipped companies have been hacked with social engineering methods because their people weren’t trained to deal with a particular situation.
Conclusion: How Much Will You Lose?
Although we cannot give you an exact amount of money that your company should spend on cybersecurity, we can tell you this: The amount of money you spend on cybersecurity will be less than the amount you stand to lose from a major data breach or ransomware attack. Many companies have gone out of business or been reduced to bare existence because of one incident in which they failed to safeguard the data with which they had been entrusted. Underestimating that risk is a mistake that you should never, ever make.
At IBSRE, we know how important it is for your company to get its security right on the first try. That’s why we offer competent experts at reasonable prices who can help with these matters. To learn more, please feel free to call us at 973-828-0488 or [email protected].