Spending Too Much on Your Company’s IT/Cybersecurity? Or Are You Not Spending Enough?
Companies just like yours are a vital part of the national economy, and in today’s digital age, information technology (IT) and cybersecurity have become essential for the survival and success of any business. With the increasing number of cyber-attacks targeting US small and medium sized businesses, it has become more important than ever to ensure the right investments are made in IT and cybersecurity. In this blog post, we will discuss the correlation between how much a business spends on IT/cybersecurity as a percentage of their revenue and how likely they are to experience a cyber breach.
IT and Cybersecurity Spending
The amount that a business spends on IT/cybersecurity as a percentage of their revenue can vary depending on various factors such as the industry, size of the business, location, and level of cybersecurity risk. However, according to industry reports, small -medium sized businesses typically spend between 6% to 8% of their total revenue on IT, which includes cybersecurity expenses.
The National Small Business Association’s (NSBA) 2020 Technology Survey found that small businesses with less than $5 million in revenue spend an average of 6.9% of their annual revenue on technology, including hardware, software, and IT services. Similarly, a survey conducted by SCORE, a non-profit organization that provides resources and mentorship to small businesses, found that small businesses spend an average of 5.6% of their revenue on technology.
For medium-sized businesses with revenues between $5 million and $100 million, the percentage of revenue spent on IT/cybersecurity tends to be slightly higher. The NSBA’s survey found that medium-sized businesses spend an average of 7.7% of their annual revenue on technology, including IT and cybersecurity.
It is important to note that these percentages are just averages, and some businesses may spend more or less depending on their specific needs and circumstances. Some businesses may need to invest more in IT and cybersecurity due to the nature of their operations, such as those in the financial or healthcare industries. Conversely, businesses that operate in low-risk industries or have fewer technology needs may spend less on IT and cybersecurity. Ultimately, each business must assess its own cybersecurity risk and budget accordingly to ensure that it is adequately protected from cyber threats.
Economic Pressure of Cyber Threats
Small businesses face a unique challenge when it comes to IT and cybersecurity spending. These businesses often have limited budgets and resources, which makes it difficult to invest in the latest technologies and security measures. However, not investing in IT and cybersecurity can be costly in the long run. Cybersecurity breaches can result in significant financial losses, reputational damage, and loss of customer trust.
According to a report by the Ponemon Institute, the average cost of a data breach for small businesses in 2020 was $3.86 million. This is a significant amount, and for small businesses, it could be enough to put them out of business. Therefore, investing in IT and cybersecurity is crucial to protect your business from potential cyber threats.
Correlation between IT/Cybersecurity Spending and Cyber Breaches
A direct correlation can be drawn between how much a company budgets on IT/cybersecurity and how likely they are to experience a cyber breach. Organizations that invest more in IT and cybersecurity are less likely to experience a cyber breach than those that do not invest in these areas.
Businesses that spend a higher percentage of their revenue on IT and cybersecurity have better protection, detection and response against cyber-attacks. This is because they have access to the latest technologies and security measures, which makes it more difficult for cybercriminals to penetrate their networks. Investing in IT and cybersecurity also helps small businesses detect and respond to cyber threats more quickly, reducing the damage caused by a breach.
It is worth noting that while investing in IT and cybersecurity can significantly reduce the risk of a cyber breach, it is not a guarantee that a business will not experience one. Cybercriminals are always looking for new ways to bypass security measures and gain access to sensitive information. Therefore, it is crucial to continuously update and improve your cybersecurity measures to stay ahead of potential threats.
How Does Your Company Stack Up?
Do you know what percentage of your revenue is spent on IT/cybersecurity? Pull your finance team together and make a list of all the staff, hardware, software and service provider costs related to IT. Examples are things like Microsoft 365, Cloud hosting, internet services, managed IT services, IT staff, security software, ticketing systems, monitoring software, etc. For hardware like computers, servers, switches etc., a good rule of thumb is to take the cost of that hardware and spread it across a useful life of 4-5 years. That’s a good average of how long hardware should last and will give you annualized spend on IT hardware equipment. Then compare that annualized total expense against your annual revenue. Of course, if your financial statements are in order all of these should already be calculated in your P&L.
Test Your Company’s Defenses
Regardless of your budget, it’s important to routinely conduct testing of your network’s security strength. Hiring an expert like Zeta Sky to conduct a Penetration Test will show you unequivocally how secure you and your employees really are. Some industries demand this type of regular testing for compliance. You’ll have the opportunity to understand what risks may be lurking in your computer systems and how to resolve them. It’s always best to have the good guys (us!) take a look at your network before the bad guys do!
If you’re curious how secure your company really is, we’ll run a vulnerability scan on your network and provide a detailed report of our findings and the steps you can take to become more secure. Sign up for an assessment here.