cyber blog post 2

Cybersecurity budget benchmarks and guidance

As you might imagine, we get asked this question a lot.

And our response often surprises people because the answer isn’t some formula that says “x percent of your budget should go to cybersecurity.”

We respond by pointing out that the question isn’t just “How much should you budget for cybersecurity,” but instead, “How should you budget for cybersecurity?” and “What should you budget for?” The important factor isn’t so much the amount you spend so much as it is the need to spend it wisely.

How Should a Company Budget for Cybersecurity in 2019?

When you’re trying to figure out how much to budget for cybersecurity, here are three factors to keep in mind:

Assessment is key. You can’t solve a problem if you don’t understand what it is. Every business today is legitimately concerned about its cybersecurity, but very few understand the strengths and weaknesses of their current structure, policies and processes, and by extension, how to spend wisely to shore up weaknesses. We see companies that make their situations worse by buying a security “solution” that doesn’t solve any of their existing problems or redress weaknesses, and in some cases, create new problems.

“Magic Bullets” are neither. This is the natural follow-up to the assessment item above. There is no software or hardware or combination of the two that will solve every cybersecurity problem. If it did exist, it would be outdated tomorrow. There is no substitute for finding a combination of hardware, software, training and support that focuses on the day-to-day operational security of your business in an environment where new threats arise every day.

You can’t set it and forget it. The days when cybersecurity amounted to a firewall or an encryption program that could be installed and forgotten about are over. Protecting the sensitive data of your business and your customers is a constant battle. To give you some idea of how much this aspect of cybersecurity has grown in recent years, one of the standards that we use to measure the effectiveness of cybersecurity is a checklist of 600 items. Just a few years ago, only 50 of those items had to be continuously modified to earn certification under the standard. Today, 450 items, a full 75 percent of the items necessary to pass the test, must be continuously monitored in order to be considered effective.

Cybersecurity Budget Benchmarks

A recent study from IT marketplace connector Spiceworks shows how a variety of businesses are divvying up their cybersecurity budgets to maximize the value of each dollar spent.

Over half of the IT professionals surveyed stated that employee security training tools are the most effective solution to prevent security incidents, followed by breach detection and anti-ransomware solutions. Each employee needs to understand how vulnerable your business is to an accidental click in a phishing e-mail, and each of your IT people needs to understand his or her role in constantly maintaining and updating whatever security solutions you choose.

Chart 1

Figure 1: From Spiceworks "2019 Annual Report on IT Budgets and Tech Trends: Future Workplace Tech"

Employee awareness and training is usually at the top of our list when looking at cybersecurity budgets. The easiest way for a hacker to penetrate your business is though employees being duped into giving cyber thieves access to company files.

It’s also interesting to note where companies will be increasing their overall IT budgets in 2019.

The Spiceworks study reveals that relative to overall IT spending, about two-thirds a plan to increase their IT spending to upgrade outdated IT infrastructure. It’s interesting to note, however, that 56% intend to increase the IT budget for “increased security concerns”.  

 chart2

Figure 2: From Spiceworks “2019 Annual Report on IT Budgets and Tech Trends: Budgets"

These two factors are far from mutually exclusive—in fact, they’re almost symbiotic. If your business is among those considering hardware upgrades, it’s important to remember that the new infrastructure will have to integrate effectively with your overall information security strategy and framework .

Contact the Cybersecurity Experts at Datasure24

New call-to-actionIn short, effective spending effectively for cybersecurity is about how you use your money, not just how much money you use. Your budget needs to:

  • Include an assessment of your needs,
  • Understand the interaction between software, hardware and the people who use them, and
  • Fund the monitoring and maintenance of whatever solution you choose.

Keep these three items in mind and you’re more likely to get the full benefit of the money you spend on cybersecurity.

We can help you assess your cybersecurity program’s current strengths and weaknesses, and provide budgeting guidance that will enable you to spend smarter and create a better security program.

For more information about budgeting and planning for cybersecurity upgrades, please contact DataSure24 at 716.600.3724 or connect with us here.