If your business is just getting started, or if you’re considering expanding, it’s important to think about what you can do to ensure that your data – and your client or customer data – remains secure. Below, you can learn more about how much SMBs really spend on cybersecurity. This can help you make better choices for your own business’s needs.
Many small to medium business owners make the mistake of believing that because their companies are not as large as some of their competitors’, they are simply not at risk for cyber threats. This couldn’t be further from the truth. Numerous reports show that about half of all cyber attacks aimed at business are aimed at small business and 68% of all small businesses experienced a cyber attack in the last 12 months. Because of this, every business needs to budget for cybersecurity. Viruses, phishing scams, and ransomware are all very real threats regardless of your company’s size, age, or revenue.
For most companies, cybersecurity budgeting is part of IT budgeting; managed IT service providers often offer security in the form of antivirus programs and even email security as part of their packages. On average, SMBs spend 5% to 20% of their total IT spend on security. This means that if your company spends $5000 a month on IT, you should expect to spend $250 to $1000 on cybersecurity alone.
Whether you should spend 5% or 20% depends on a wide variety of factors, too. These include:
Like many SMB owners, you may feel that $250 to $1000 per month is a lot of money to spend on cybersecurity. However, rather than viewing it as an additional expense, it’s better to see it as an insurance policy against a data breach. IBM’s 2019 Cost of a Data Breach Report shows that, on average, data breaches cost companies $3.92 million. Small business breaches can cost an average of $120,000 to $1.4 million – and many don’t survive. A breach can not only drain your bank account, but it can also close your business.
If you still view cybersecurity measures as a luxury rather than a necessity, now is the time to reconsider. No matter how small your business might be, no matter what industry it’s in, and no matter how careful you and your employees might be, if you collect, manage, or share customers’ information, you can be a target.