Toll-Free 

855.411.EDTS (3387)


Augusta, GA

706.722.6604


Greenville, SC

864.250.9112


Columbia, SC

803.250.4656


Asheville, NC

828.318.0916


Savannah, GA

912.421.7700

Posted by Delano Collins on 1/16/18 8:52 AM
Delano Collins

According to research commissioned by IBM, the ideal spend on Cyber Security is 9.8 to 13.7% of your I.T. budget. [1] This percentage is estimated to grow along with the increased integration of security into all facets of I.T. infrastructure.

The Case for Proactive Cyber Security Budgeting

It can be difficult to feel the value of risk mitigation spending.

How Much Should I spend on Cyber Security? A healthy cyber security budget 10% of IT Budget vs. Average cost per breach $200,000 to 1.3 million; Image of Warning Sign and Island Cliffs

Insurance, physical security, and other preventative measures are costly and the benefits are often hard to quantify, but company leaders are beginning to grasp the true risk cyber crime poses to all  businesses:

  • Hackers cost the global economy more than $111 billion annually.
  • Attacks on small businesses cost an average of $188,242 per breach.
  • 51% of breaches in 2016 were perpetrated by affiliates of organized criminal groups.
  • 73% of breaches in 2016 were financially motivated. 
  • 2,500 cases of ransomware costing victims $24 million in the US alone were reported to the Internet Crime Complaint Center for 2015 (Turkel, 2016)

Companies are reportedly responding in kind, with cyber security spending to exceed $1 trillion from 2017 to 2021. But there is still a sizable gap between the threat level and reality, with a majority of businesses delaying or downright denying the importance of a cyber security budget that exceeds 3% of a company's capital expenditures. [2]

Where to Start

For organizations without a cyber security strategy, the first step is to start with a risk assessment performed by a consulting body with experience in your industry. The results of your risk assessment should be formally reported to you using clear data points to help you begin formulating your budget. 

The #1 Place to Start When Budgeting for Cyber Security: Cyber Risk Assessment. Caution Tape. How Much Should We Spend on Cyber Security?

A risk assessment executive summary should be your primary aid in determining:

  • The size of your attack surface
  • Your vulnerabilities, from greatest to least
  • Related to the above, the probability and impact of being breached via your various vulnerabilities
  • An estimated scope of deploying controls and countermeasures
  • A suggested timeline to addressing gaps and a suggested date for reassessment (usually each year)

Your budget should completely cover high probability–high impact scenarios and with room for lower probability–high impact scenarios as well. And of course, your countermeasures should  keep low impact scenarios from escalating. 

How to Know You're Budgeting Enough

After your assessment, research, and  RFP process, if applicable, you may find that a well-rounded cyber security budget is greater than 13.7% of your I.T. spending. In this case, it's helpful to remember that budgeting for cyber security is not budgeting for the "what if" but for the "when."  

Quote Image: "Cyber crime is the greatest threat to every profession, every industry, every company in the world." - Ginni Rometty; Shark in the Deep

Speaking at the IBM Security Summit in New York City in 2015, IBM's chairman, CEO and President Ginni Rometty said, “We believe that data is the phenomenon of our time. It is the world’s new natural resource. It is the new basis of competitive advantage, and it is transforming every profession and industry. If all of this is true – even inevitable – then cyber crime, by definition, is the greatest threat to every profession, every industry, every company in the world.”

Computer security budgeting will require a shift, perhaps a sizable one, in your operations strategy. But a quality solution can lower your likelihood of what is essentially an inevitable, direct attack on the health and profitability of your business.

Email us your questions about developing your cyber security budget for 2018 and an advisor will get back to you within one business day. 

 New Call-to-action


[1] https://www-03.ibm.com/industries/ca/en/healthcare/documents/IDC_Canada_Determining_How_Much_to_spend_on_Security_-_Canadian_Perspective_2015.pdf

[2] https://www.csoonline.com/article/3083798/security/cybersecurity-spending-outlook-1-trillion-from-2017-to-2021.html

Topics: Cyber Security, Cyber Security Policies & Procedures, EDTS Cyber, Cyber Security Tips, IT Budgeting, Cyber Security Budgeting, Cyber Security Assessments