Taking your cybersecurity dollar farther

This article discusses the current budget scenario and SMB propensity towards certain security components. It also provides guidance for businesses to maximize their return on security investments.

Taking your cybersecurity dollar farther
Do not index
Do not index
SMB Cybersecurity
Summary: To combat cyber threats, many businesses have identified the lack of budget as the biggest barrier. This article discusses the current budget scenario and SMB propensity towards certain security components. It also provides guidance for businesses to maximize their return on security investments.
notion image
It is generally accepted that the cybersecurity environment for businesses is deteriorating. In 2020, there were a thousand plus data breaches in the US alone and almost half a million ransomware attacks per day. On average, the cost to SMBs for a cybersecurity event was $101k and for large businesses, the cost was higher at $1.09 Mil.

Need for adequate cybersecurity budget

While the need for attention to cybersecurity cannot be emphasized enough, like any other business function, cybersecurity needs to be supported sustainably in the company’s budget. Among other reasons, providing sufficient budgetary allocation will:
notion image

Considerations/ constraints affecting cybersecurity budget

A recent report found that in 2020 large businesses on average budgeted a mammoth $14 million on cybersecurity whereas SMBs budgeted upward of a quarter of a million dollars. Further, 39 per cent of SMBs budgeted less than a thousand dollars for cybersecurity, 26 per cent budgeted between a thousand and five thousand and only 15 per cent allocated more than ten thousand dollars.
Going forward, it is estimated that in the coming year businesses with more than five hundred employees will allocate most of their IT budget towards security hardware appliances (2.43% of IT budget) followed by security software solutions (2.34%). The tendency of relatively smaller businesses is expected to be quite different, where most of them will allocate the majority of their IT budget towards security software solutions.
SMB cybersecurity needs and hence budget may depend on several factors including:
notion image

Optimizing cybersecurity allocation and ROI

Average security budget allocations as a percentage of IT/ technology spending are as follows:
1. Small (0–99 people): 7.62%
2. Medium (100–499 people): 7.79%
3. Large (>500 people): 8.62%
To understand the right cybersecurity budget size for your SMB and allocation areas, one needs to consider the factors affecting your company (from the previous section), as well as your company’s unique needs.
Without going into a detailed discussion, at a high level, a few effective cost optimizations areas are:
1. People: While large businesses have a detailed and well-defined hierarchy along with security functions and roles, SMBs often struggle to onboard the right talent and define the optimal function and roles. To maximize the RoI from security talent, SMBs might need to restructure their security organization and define roles & responsibilities in a more domain-specific manner
2. Products: It is crucial that businesses opt for the right product to optimize their RoI. Cloud-based security products are gaining traction as they do not require other peripheral infrastructure expenses. Additionally, these products don’t require any large initial investment, but rather smaller monthly subscriptions. However, cybersecurity products are many and it is difficult for numerous businesses to navigate the vast landscape.
3. Process: Innovative and new methods and processes may also help streamline cybersecurity budgets. A few examples include:
a. Moving from full-time cybersecurity experts to accessing part-time/ on-demand professionals
b. Adopting new procurement channels like marketplaces to transparently and optimally purchase cybersecurity products and services
Cybersecurity is an essential function of an organization and needs to be provided adequate budgetary support. While SMBs operating on a tight budget have traditionally had to compromise on security, innovative and non-traditional approaches can help optimize cybersecurity ROI. Newer channels (e.g. marketplaces), products (e.g. cloud SaaS) and people/ process (e.g. part-time experts) offer ways to take SMB cybersecurity dollars farther.

Ready to secure your business?

Join other 2000+ Subscribers now!


Written by

Mohan Gandhi Ponnaganti
Mohan Gandhi Ponnaganti

Co-founder and CEO, Ofofo.io