If your business is just getting started, or if you’re considering expanding, it’s important to think about what you can do to ensure that your data – and your client or customer data – remains secure. Below, you can learn more about how much SMBs really spend on cybersecurity. This can help you make better choices for your own business’s needs.
SMBs and the Cybersecurity Risk
Many small to medium business owners make the mistake of believing that because their companies are not as large as some of their competitors’, they are simply not at risk for cyber threats. This couldn’t be further from the truth. Numerous reports show that about half of all cyber attacks aimed at business are aimed at small business and 68% of all small businesses experienced a cyber attack in the last 12 months. Because of this, every business needs to budget for cybersecurity. Viruses, phishing scams, and ransomware are all very real threats regardless of your company’s size, age, or revenue.
How Much Do SMBs Really Spend?
For most companies, cybersecurity budgeting is part of IT budgeting; managed IT service providers often offer security in the form of antivirus programs and even email security as part of their packages. On average, SMBs spend 5% to 20% of their total IT spend on security. This means that if your company spends $5000 a month on IT, you should expect to spend $250 to $1000 on cybersecurity alone.
Whether you should spend 5% or 20% depends on a wide variety of factors, too. These include:
- Business Size – A company with two employees would need to spend less on cybersecurity than one with 2000 employees. Antivirus and anti-malware software, for example, is typically priced by the user, and more users command a higher price.
- Industry – Your industry can also play an important role in your budgeting. If you collect, manage, and share sensitive financial information, then you are a bigger cyber crime target than a company that collects very little information.
- Requests from Customers or Stakeholders – Finally, if your stakeholders or your customers have a desire for better protections, it is worth your time and money to explore these.
How Much does a Data Breach Cost an SMB?
Like many SMB owners, you may feel that $250 to $1000 per month is a lot of money to spend on cybersecurity. However, rather than viewing it as an additional expense, it’s better to see it as an insurance policy against a data breach. IBM’s 2019 Cost of a Data Breach Report shows that, on average, data breaches cost companies $3.92 million. Small business breaches can cost an average of $120,000 to $1.4 million – and many don’t survive. A breach can not only drain your bank account, but it can also close your business.
If you still view cybersecurity measures as a luxury rather than a necessity, now is the time to reconsider. No matter how small your business might be, no matter what industry it’s in, and no matter how careful you and your employees might be, if you collect, manage, or share customers’ information, you can be a target.