Companies are spending more than ever on cybersecurity.
A Gartner report found that global spending on information security products and services totalled $81.6 billion in 2016 – an increase of 7.9 percent from 2015. With the frequency and intensity of cyber attacks increasing globally, this is a trend that’s likely to continue.
Investing in cybersecurity really isn’t an option anymore. It’s a necessity. Taking a proactive approach to cybersecurity is your best bet for thwarting attacks and protecting your data assets.
There’s just one question. Exactly how much should you invest?
More specifically, how do you strike the right balance between adequately shielding your company without overspending on superfluous features?
Let’s look at some key data to find out.
The Average Cost of a Cyber Attack
Let’s begin by examining how much money you can expect to lose if you’re hit with a cyber attack.
Research found that in 2017 it cost larger enterprises in North America an average of $1.3 million (USD) and $117,000 for SMBs.
In terms of the amount spent per stolen record for data breaches, it ranges somewhere between $145 and $158 for most businesses. However, it can be as much as $355 for health card information.
That’s no small sum, and the sheer cost is a key contributor to why 60 percent of smaller companies go out of business within six months of an attack. Many are simply unable to recover.
Some of the main factors that contribute to these costs include:
- Compliance penalties
- Court fees
- Investigative and forensics services
- Loss of physical devices that contain data
- Spending on employee cybersecurity training
- Spending to acquire new customers after losing existing ones
- Diminished brand equity (many customers turn to competitors once they know that their personal information has been compromised)
As you can see, these expenses can really add up in a hurry and often jeopardise a company’s longevity.
The Likelihood of an Attack Occurring
No one is immune from cyber crime. Whether it’s a micro business with less than five employees or a global brand leader with several thousand, the threat remains.
But studies have found that SMBs are especially vulnerable because they tend to lack the cybersecurity infrastructure of their larger counterparts. Many cyber criminals view them as easier targets and are likely to seek them out when executing an attack.
In fact, 43 percent of all attacks involve smaller businesses. What’s even more startling is that more than half (55 percent) experienced an attack between May 2015 and May 2016, and 50 percent experienced a data breach during the same period.
So theoretically, there’s a 55 percent chance that an SMB will encounter a cyber attack and a 50 percent chance they’ll face a data breach on any given year.
It’s basically a coin flip.
Other Factors to Consider
You should also consider that some organisations are at greater risk than others. For instance, a restaurant owner probably wouldn’t need to invest as much in security as a doctor’s office that manages hundreds of even thousands of patient files.
There’s also the matter of technology immersion. If a company incorporates technology into nearly every facet of operations, they’re threat level would be quite high. For example, they may be heavy adopters of IoT and implement bring your own device (BYOD) policies.
However, the threat level would likely be much lower for a business that’s less tech-driven. If they just use basic technology and IoT is virtually non-existent within their organisation, cybersecurity won’t be nearly as much of a concern. For companies like these, a barebones approach may be sufficient.
These are just a couple of other factors to keep in mind when determining how much to invest into cybersecurity.
How Much Are Other Companies Spending?
Many companies are reluctant to share exactly how much they’re spending on cybersecurity. Therefore, there isn’t a whole lot of information available for benchmarking.
However, there is one report from the International Data Corporation (IDC) Canada that does provide some concrete numbers. Their 2015 study broke organisations down into four different categories:
- “Defeatists” – IT security is weak and underfunded (23 percent of organisations)
- “Denialists” – IT security is weak but they don’t understand or acknowledge this fact (37 percent)
- “Realists” – IT security is satisfactory but they are looking to improve it (23 percent)
- “Egoists” – IT security is good but they risk overconfidence (17 percent)
From there, they explain that:
- Defeatists spend 6 percent of their IT budget on security
- Denialists spend 8 percent
- Realists spend 14 percent
- Egoists spend 12 percent
As you can see, there’s definitely a disparity and the companies with weaker cybersecurity tend to devote less of their IT budget to it and vice versa.
But is there an exact number? It turns out there is.
According to IDC Canada, on average companies spend 9.8 percent of their IT budget on cybersecurity. However, they say that this is insufficient and that 13.7 percent is the ideal amount to spend on cybersecurity.
Of course this number is open to debate. Some companies may think that as little as 3 percent is sufficient, while others in high risk industries may want to go as high as 25 percent. It depends on a few different factors such as the size of your organisation, your industry, risk level, etc.
But when you look at the big picture and at companies across the board, 13.7 percent seems fairly reasonable and provides a nice reference point.
Which Aspects of Security are Companies Focusing On?
It’s also nice to know which specific areas of cybersecurity this money is going to. This can provide some perspective that can aid in your decision making.
Research from the SANS Institute identified the 10 top technologies, and they are as follows:
- Access and authentication
- Advanced malware prevention
- Endpoint security
- Wireless security
- Data protection
- Continuous monitoring
- Log management
- Network traffic visibility
- BYOD security
- Analytics
We’re also seeing a trend where the cost of firewalls is expected to increase until the end of 2018. Gartner points out that this market is experiencing a higher level of demand for high-end equipment, which has largely been spurred by an increasing number of devices and increased cloud adoption.
In addition, they highlight the fact that the use of data loss prevention (DLP) software is on the rise. If you’re unfamiliar, this is used to help companies monitor their data and prevent it from being intercepted by unintended third parties. It’s predicted that 90 percent of organisations will use at least one form of integrated DLP, which is up significantly from only 50 percent in 2016.
While it’s up to your organisation to choose which specific technologies you want to implement, these findings provide a snapshot on what’s popular at the moment.
Deciding What’s Right for Your Company
Now let’s put all of this information together.
There is roughly a 55 percent chance that your organisation will face a cyber attack and a 50 percent chance that it will experience a data breach during any given year. The average loss stemming from an attack for SMBs is $117,000 (USD).
These numbers aren’t exactly promising and prove just how important it is to take preventative measures.
So you want to ensure that you’re investing enough to properly protect your company and not skimp on critical areas of cybersecurity. But at the same time you don’t want to go overboard.
Or as chief security officer for the Council of Better Business Bureaus Bill Fannelli puts it, “It doesn’t do any good to adopt a $10,000 solution if the potential risk reduction is only worth $5,000.”
Ideally, you’ll find the right balance so that you’re fully protected but not throwing money out the window on needless security features. While there’s by no means a one-size-fits-all solution that works for all companies in all industries, devoting 13.7 percent of your IT budget to cybersecurity should serve as a good baseline number.
You can start from there and iron out the details until you find a number that seems logical for your organisation.
Investing Wisely
Effective financial resource allocation is integral to the success of nearly every company. You always want to ensure that you’re devoting the right amount of money to key areas of operations where it’s most needed.
And cybersecurity is no doubt one of those areas. With 918 data breaches compromising 1.9 billion data records in just the first half of 2017, this isn’t something that should be overlooked.
The only issue is that things can become a bit nebulous when you’re deciding exactly how much to invest into cybersecurity. While choosing the precise amount is ultimately a personal decision for your company, understanding the benchmarks and what’s considered ideal should help you with this process.
This way you can get the most from your IT budget and ensure that your needs are met without excessive spending.
How much is your organisation currently spending on cybersecurity? Would you like to outsource your cybersecurity requirements? Speak to one of our cybersecurity consultants today.
Image Credits
Featured image: QuinceMedia / Pixabay
In-post image 1: 12019 / Pixabay
In-post image 2: stevepb / Pixabay
FAQs
Experts advise that most organizations with comprehensive protection against cyber threats are spending somewhere between 4% to 15% of their revenues on cyber budgets. A report titled 'Pursuing Cyber Maturity at Financial Organization' backs this.
Is IT worth investing in cybersecurity? ›
The goal is to prevent outsiders, like hackers, from finding ways to get their hands on your networks. It could either be in the form of ransomware or corporate espionage. Because of this, investing in cybersecurity is a must and not a should. It is one of the most critical aspects of an IT system.
How much should an organization spend on cybersecurity? ›
On average in 2022, enterprises spent 9.9% of their IT budgets on cybersecurity. Tech, healthcare and business services (including insurance) lead all industries in cybersecurity investment. What's concerning is how little the education, retail and manufacturing sectors spend on cybersecurity.
What is the best cybersecurity stock to own? ›
| Fastest Growing Cybersecurity Stocks |
|---|
| Price ($) | Market Cap ($B) |
| Fortinet Inc (FTNT) | 62.81 | 49.2 |
| A10 Networks Inc (ATEN) | 14.34 | 1 |
| Alarm.com Holdings Inc (ALRM) | 47.39 | 2.3 |
May 4, 2023
NEEDHAM, Mass., March 16, 2023 – Worldwide spending on security solutions and services is forecast to be $219 billion in 2023, an increase of 12.1% compared to 2022, according to the new Worldwide Security Spending Guide from International Data Corporation (IDC).
What are the top 3 cybersecurity companies? ›
With these details in mind, let's take a look at the biggest cybersecurity companies in the world, with the top picks being Fortinet, Inc. (NASDAQ:FTNT), Palo Alto Networks, Inc. (NASDAQ:PANW), and CrowdStrike Holdings, Inc.
Is cyber security high paying? ›
Yes. Cyber security is a lucrative field. Entry-level jobs begin at $50K, and as you gain experience, you can reach six figures quickly. You don't need a degree, and some knowledge in IT and other transferable organizational skills can help you land a well-paying cybersecurity job.
How much does cybersecurity really cost? ›
On average, the pricing for monitoring can range between $100 – $500 per month for a small-sized network to $500 – $2,000 per month for a medium-sized network.
What is the profit margin in cybersecurity? ›
Cyber Security 1 Gross Profit Margin (Quarterly): 23.28% for March 31, 2023.
Can you make 400k in cyber security? ›
Yes. The only people making that kind of money in Cybersecurity are called Chief Information Security Officers. These are top level executives that work in the Cybersecurity industry that are the only ones well known to make upwards of a million dollars a year on a regular basis with no special circ*mstances.
Why cybersecurity stocks are beating the market. Demand for cybersecurity products and services is holding up, even as economic concerns are eating into other parts of the tech industry. Investors putting money into cyber-focused ETFs have lost less this year than they would have betting on the broader market.
What stocks will boom in 2023? ›
10 Best Growth Stocks Of June 2023
- Bank of America's Best Growth Stocks of 2023.
- Amazon (AMZN)
- Constellation Energy (CEG)
- Chipotle Mexican Grill (CMG)
- Alphabet (GOOG, GOOGL)
- Eli Lilly (LLY)
- Match (MTCH)
- Progressive (PGR)
As per the report by Fortune Business Insights, the global cyber security market size is projected to reach USD 424.97 Billion in 2030, at a CAGR of 13.8% during the forecast period, 2023-2030.
What will cybersecurity look like in 2025? ›
Gartner predicts that by 2025, lack of talent or human failure will be responsible for over half of significant cyber incidents. The number of cyber and social engineering attacks against people is spiking as threat actors increasingly see humans as the most vulnerable point of exploitation.
How long will cybersecurity be in demand? ›
Cybersecurity jobs are in high demand and the demand is expected to grow by 18% over the next five years. The cybersecurity field involves protecting computer networks and data from unauthorized access, use, or destruction. There are many different types of cybersecurity professionals with various skill levels.
Does cybersecurity have future? ›
The future of cybersecurity and threat detection
For one, a greater focus on prevention and preparedness will be vital. Response planning for a security incident or data breach is necessary. Incident preparedness and response playbooks will likely become more commonplace.
What are the 3 A's of cyber security? ›
authentication, authorization, and accounting (AAA)
What is the most trusted cybersecurity company? ›
This recognition helps validate their mission to be the most trusted cybersecurity company in the world. In addition, Bitdefender took home Winner of PCMag's Readers' Choice Awards 2021 in the category of Security Suites for the Home and was recently honored with Editors' Choice for GravityZone Ultra.
Who is the global leader in cybersecurity? ›
Bitdefender - Global Leader in Cybersecurity Software.
Can you make 200k a year in cyber security? ›
The 3rd highest-paid cybersecurity job, Application Security Engineer, makes on average between $130,000 to $200,000.
While there are various roles to choose from within the industry, cybersecurity positions often pay six figures or more because of the industry's importance.
Can cyber security make 6 figures? ›
No matter the path you take to get there, pursuing cybersecurity positions do often pay off. Many cybersecurity jobs pay well over the six-figure mark, with some professionals earning $225,000 and more, according to research from Mondo, a recruiting firm for tech and creative companies.
Is cybersecurity good for beginners? ›
Unlike many other programs that require its students to have a foundation of the course they are planning to pursue a degree in, cyber security doesn't require you to have technical knowledge from the get-go. Being a beginner is perfectly okay; you will learn as you begin the program.
How much does IT cost to startup cybersecurity? ›
The costs of setting up a cyber security business vary widely depending on the size and infrastructure of the business. However, the average figure usually falls within a range of $25,000 to $65,000. This figure could be higher or lower depending on the type of business, complexity of the case and the service provider.
Is cybersecurity really in demand? ›
In today's digital age, cybersecurity has become a critical aspect of almost every business. Cyber threats are increasing daily, and businesses must take proactive measures to protect their networks and data. As a result, the demand for cybersecurity professionals has skyrocketed.
Can you make millions in cyber security? ›
As we mentioned earlier, many top-paying cybersecurity positions typically earn anywhere from $100,000 to $200,000 — with some senior-level jobs paying as much as $400,000 or more.
Is 22% a good profit margin? ›
Net profit margins vary by industry but according to the Corporate Finance Institute, 20% is considered good, 10% average or standard, and 5% is considered low or poor. Good profit margins allow companies to cover their costs and generate a return on their investment.
What is the number one rule of cybersecurity? ›
Treat Everything Like It's Vulnerable
The first rule of cybersecurity is to treat everything as if it's vulnerable because, of course, everything is vulnerable. Every risk management course, security certification exam, and audit mindset always emphasizes that there is no such thing as a 100% secure system.
Can I make 500k in cyber security? ›
Freelance Bug Bounty Hunter
These self-employed white-hat hackers report vulnerabilities to major companies like Google and Tesla and earn significant paychecks for their work – up to $500,000 in some cases. However, high-paying bug bounties are rare and extremely difficult to earn.
Is cybersecurity stressful? ›
Gartner blames “unsustainable levels of stress” in cybersecurity for the expected job changes. The psychological toll of the field can also affect the quality of decisions and impede on performance, too, Gopal said in the research statement.
New York is the best choice for cybersecurity analysts ($143,000), security engineers ($174,000), and junior security engineers ($167,000).
Will cyber security be oversaturated? ›
There are very few people with extensive backgrounds in cybersecurity, and with the confirmed skills shortage in the U.S., the field is far from oversaturated.
Is cyber security the fastest growing industry? ›
Among the fastest-growing and most in-demand jobs in the U.S. is the role of information security analyst, according to the U.S. Bureau of Labor Statistics (BLS). Between 2021 and 2031, the number of information security analysts is projected to grow 35%, making it the eighth-fastest-growing occupation in the U.S.
What cybersecurity stocks pay dividends? ›
Which cybersecurity stocks pay dividends? Very few cybersecurity stocks pay dividends; however, Cisco Systems (NASDAQ:CSCO) and Juniper Networks (NYSE:JNPR) are two companies that do offer dividend payments to their shareholders.
How much is $10,000 invested in Apple 20 years ago? ›
As a result, $10,000 in AAPL stock purchased 20 years ago would be worth about $7.51 million today, assuming reinvested dividends.
Which stock will double in 3 years? ›
DD's Stock Doubling in 3 years
| S.No. | Name | ROCE % |
|---|
| 1. | Titan Company | 25.12 |
| 2. | Adani Enterp. | 10.11 |
| 3. | Bharat Electron | 30.06 |
| 4. | SRF | 22.37 |
23 more rows5 Best Growth Stocks for the Next 10 Years
| Growth stock | Year-to-date return (as of May 10 close) |
|---|
| Apple Inc. (ticker: AAPL) | 33.8% |
| DexCom Inc. (DXCM) | 8.2% |
| Fortinet Inc. (FTNT) | 37.1% |
| Tesla Inc. (TSLA) | 36.8% |
1 more rowMay 11, 2023
Cybersecurity Jobs Outlook
For example, the Bureau of Labor Statistics estimates that job openings for information security analysts will grow by 35% from 2021 to 2031 — much faster than average. According to CyberSeek, there were 1.1 million cybersecurity workers in the U.S. in 2022.
How much is the cyber security industry expected to grow by 2028? ›
What is Cybersecurity Market size? The Cybersecurity Market is expected to reach USD 182.86 billion in 2023 and grow at a CAGR of 11.44% to reach USD 314.28 billion by 2028.
What is the outlook for the cyber security industry? ›
A report done by Acumen Research and Consulting, predicted the global market for AI-based cybersecurity products to reach $133.8 billion by 2030 up from $14.9 billion in 2021.
By 2024, modern privacy regulation will blanket the majority of consumer data, but less than 10% of organizations will have successfully weaponized privacy as a competitive advantage.
Is cyber security a future proof career? ›
The need for skilled cybersecurity professionals has been on the rise for several years, and this trend is expected to continue in the foreseeable future. As of 2022, the global cybersecurity workforce has grown to encompass 4.7 million people, reaching its highest-ever levels.
What's next in cybersecurity? ›
Automation is becoming increasingly important in cybersecurity. Automated security processes can help reduce the time it takes to detect and respond to threats and improve the accuracy of threat detection. Automation can also reduce the reliance on manual processes, which can be time-consuming and prone to human error.
Does cyber security have a good future? ›
Through an understanding of why cybersecurity is a good career, we infer that it is an upcoming field with applications across the globe. Due to the advancements in technology, Cybersecurity is required by many countries. It has become the gold standard across all companies and teams.
Is cyber security a booming field? ›
Cybersecurity is a growing industry that needs skilled professionals to fill entry, mid, and advanced-level jobs. Cybersecurity jobs are in high demand and the demand is expected to grow by 18% over the next five years.
