How Much Should Good Cybersecurity Cost?

How Much Should Good Cybersecurity Cost? Business owners and CEOs are very familiar with the financial ratios they use to run and monitor their businesses. Good Inventory turnover often varies between 2 and 10 depending on the type of business. A 2-to-1 “Current Ratio” of assets over liabilities can indicate a healthy business.

Healthy Quick Ratios over 1.0 tell you how effectively the business can pay financial obligations...including emergency obligations, such as the hundreds of thousands or millions of dollars it takes to recover from a cybersecurity breach. So then what is the proper financial ratio for calculating how much you should spend on your company’s cybersecurity to prevent a breach? Like with other ratios, it depends on a number of factors.

How Much Should Good Cybersecurity Cost?

Good and bad assessments of the ratios mentioned above all depend on the type of business you’re running. Certainly a wholesale business will have different ratios than a retail business. And an online business will have different ratios than a brick and mortar business. And of course service businesses will have different ratios than product businesses.

So how much should good cybersecurity cost? The problem with answering this question is that IT in general, and cybersecurity in particular, are generally considered cost-centers rather than profit centers. So any number greater than Zero is going to be too much for some business managers.

Cybersecurity Economies of Scale

When asking what good cybersecurity costs, economies of scale hold part of the answer, As with most products and services, larger companies benefit from lower relative cost-per-user because their investment can be spread over more workstations and infrastructure. As a result, according to a report by InfoSecurity Magazine, which discussed the cost of cybersecurity as a percentage of revenue, large companies can often spend “anywhere from a fraction of a percent to a couple of percent on implementing and sustaining security.”

Larger companies enjoy lower per-user costs, such as software upgrades, security software, workstation purchases and upgrades, simply because they are buying larger quantities and can demand larger discounts. They can also spread high infrastructure costs, such as network servers, firewalls, backup systems, Security Information and Event Management (SIEM) and Security Operations Centers (SOC), among more users.

By contrast, small companies typically have fewer endpoints than larger companies, and cannot demand the same large discounts that their big brother companies can. And they need to spread their infrastructure costs over that smaller user count. The result is that, according to the same InfoSecurity Magazine article, small companies can spend 4% or more of their total revenue on Cybersecurity.

These percentages are not hard and fast rules. For both large and small companies costs increase by not only the number of workstations and servers, but also by…

• The number of locations
• The number of remote workers, which has increased recently due to COVID-19
• The number and type of mobile devices
• The age of equipment and software
• The company’s efforts to update software and keep technology current
• The type of data being secured, especially as it relates to medical data
• The number and type of specialized devices, including medical devices, CAD/CAM equipment, manufacturing equipment and other diagnostic equipment

...and so much more. Whatever the circumstances, good security costs more for small businesses than for large companies.

How To Keep The Cost of Cybersecurity Down

Whatever size organization you have, there are ways to keep the cost of cybersecurity down.

Start when you’re small

It may sound counterintuitive, but starting your cybersecurity plan when you’re a small business allows you to grow cybersecurity incrementally, which can save the organization a lot of money.

Maintain The Cybersecurity You have

Creating a budget for cybersecurity and maintaining your technology diligently costs far less, both in time and money, than allowing your technology to age without updates, and then replace everything a few years down the road. Plans like this not only cause you to incur huge costs all at once, but they leave you vulnerable to attack as your cybersecurity technology ages.

Don’t Wait For An Attack

We often gain new clients after they’ve been attacked. They often tell us that they were just about to upgrade their cybersecurity. By then, of course, it’s too late. The costs of upgrading your technology after a cyber attack are many times higher than before the attack.

Big Business Cybersecurity for Small Businesses

What if your small or medium sized business could get the same cybersecurity economies of scale that large businesses get every day? Digital Uppercut’s Business Protection Toolkit is designed to provide big business cybersecurity to small and medium sized businesses like yours. And the good news is that you can decide how much should good cybersecurity cost, and we can customize the Toolkit to fit not only your business, but your budget, too. Together, we can choose big business cybersecurity technologies such as SIEM, SOC, Cloud-based firewalls, Awareness Training, Advanced Endpoint protection, and more. Contact us online or call us today at 818-913-1335 to talk about how Digital Uppercut can help protect you and your business.