www.senseon.io
Open in
urlscan Pro
34.142.13.207
Public Scan
URL:
https://www.senseon.io/resource/how-much-should-a-business-spend-on-cybersecurity/
Submission: On July 14 via manual from US — Scanned from GB
Submission: On July 14 via manual from US — Scanned from GB
Form analysis 3 forms found in the DOM
https://www.senseon.io
<form action="https://www.senseon.io" class="container g01__search-container">
<input type="search" name="s" id="g01__search" class="g01__search" placeholder="What can we help you find?">
<button type="submit" class="g01__submit button">
<span class="screen-reader-text">Select to search</span>
<span>Search</span>
</button>
</form>POST /resource/how-much-should-a-business-spend-on-cybersecurity/#gf_1
<form method="post" enctype="multipart/form-data" target="gform_ajax_frame_1" id="gform_1" action="/resource/how-much-should-a-business-spend-on-cybersecurity/#gf_1" data-formid="1">
<div class="gform-body gform_body">
<div id="gform_fields_1" class="gform_fields top_label form_sublabel_below description_below">
<div id="field_1_1" class="gfield gfield--type-email field_sublabel_below gfield--no-description field_description_below hidden_label gfield_visibility_visible" data-js-reload="field_1_1"><label class="gfield_label gform-field-label"
for="input_1_1">Email</label>
<div class="ginput_container ginput_container_email">
<input name="input_1" id="input_1_1" type="text" value="" class="large" placeholder="Email address" aria-invalid="false">
</div>
</div>
<div id="field_1_2" class="gfield gfield--type-hidden gfield--width-full gform_hidden field_sublabel_below gfield--no-description field_description_below gfield_visibility_visible" data-js-reload="field_1_2">
<div class="ginput_container ginput_container_text"><input name="input_2" id="input_1_2" type="hidden" class="gform_hidden" aria-invalid="false" value="Direct traffic"></div>
</div>
</div>
</div>
<div class="gform_footer top_label"> <input type="submit" id="gform_submit_button_1" class="gform_button button" value="Subscribe" onclick="if(window["gf_submitting_1"]){return false;} window["gf_submitting_1"]=true; "
onkeypress="if( event.keyCode == 13 ){ if(window["gf_submitting_1"]){return false;} window["gf_submitting_1"]=true; jQuery("#gform_1").trigger("submit",[true]); }"> <input type="hidden" name="gform_ajax"
value="form_id=1&title=&description=&tabindex=0">
<input type="hidden" class="gform_hidden" name="is_submit_1" value="1">
<input type="hidden" class="gform_hidden" name="gform_submit" value="1">
<input type="hidden" class="gform_hidden" name="gform_unique_id" value="">
<input type="hidden" class="gform_hidden" name="state_1" value="WyJbXSIsIjBjN2M5MmQ1NGE5ZjdkYzA2ODkzN2VjZDU4MzYxYzQzIl0=">
<input type="hidden" class="gform_hidden" name="gform_target_page_number_1" id="gform_target_page_number_1" value="0">
<input type="hidden" class="gform_hidden" name="gform_source_page_number_1" id="gform_source_page_number_1" value="1">
<input type="hidden" name="gform_field_values" value="">
</div>
</form>POST /resource/how-much-should-a-business-spend-on-cybersecurity/#gf_3
<form method="post" enctype="multipart/form-data" target="gform_ajax_frame_3" id="gform_3" action="/resource/how-much-should-a-business-spend-on-cybersecurity/#gf_3" data-formid="3">
<div class="gform-body gform_body">
<div id="gform_fields_3" class="gform_fields top_label form_sublabel_below description_below">
<div id="field_3_1" class="gfield gfield--type-email field_sublabel_below gfield--no-description field_description_below hidden_label gfield_visibility_visible" data-js-reload="field_3_1"><label class="gfield_label gform-field-label"
for="input_3_1">Email</label>
<div class="ginput_container ginput_container_email">
<input name="input_1" id="input_3_1" type="text" value="" class="large" placeholder="Email" aria-invalid="false">
</div>
</div>
<div id="field_3_2" class="gfield gfield--type-hidden gform_hidden field_sublabel_below gfield--no-description field_description_below gfield_visibility_visible" data-js-reload="field_3_2">
<div class="ginput_container ginput_container_text"><input name="input_2" id="input_3_2" type="hidden" class="gform_hidden" aria-invalid="false" value="Direct traffic"></div>
</div>
</div>
</div>
<div class="gform_footer top_label"> <input type="submit" id="gform_submit_button_3" class="gform_button button" value="Submit" onclick="if(window["gf_submitting_3"]){return false;} window["gf_submitting_3"]=true; "
onkeypress="if( event.keyCode == 13 ){ if(window["gf_submitting_3"]){return false;} window["gf_submitting_3"]=true; jQuery("#gform_3").trigger("submit",[true]); }"> <input type="hidden" name="gform_ajax"
value="form_id=3&title=&description=&tabindex=0">
<input type="hidden" class="gform_hidden" name="is_submit_3" value="1">
<input type="hidden" class="gform_hidden" name="gform_submit" value="3">
<input type="hidden" class="gform_hidden" name="gform_unique_id" value="">
<input type="hidden" class="gform_hidden" name="state_3" value="WyJbXSIsIjBjN2M5MmQ1NGE5ZjdkYzA2ODkzN2VjZDU4MzYxYzQzIl0=">
<input type="hidden" class="gform_hidden" name="gform_target_page_number_3" id="gform_target_page_number_3" value="0">
<input type="hidden" class="gform_hidden" name="gform_source_page_number_3" id="gform_source_page_number_3" value="1">
<input type="hidden" name="gform_field_values" value="">
</div>
</form>Text Content
We use cookies to optimise site functionality and give you the best possible
experience.
Accept All CookiesSettings
Skip to content
Search Select to toggle search form
Return to the homepage Select to toggle main menu
* Platform
* Why SenseOn
* Resources
* Resources
* News & Press
Read our latest news and announcements.
* Blog
Read our latest blog posts from our expert team.
* Whitepapers and Datasheets
Access SenseOn’s free cybersecurity data sheets, technical briefs and
whitepapers,
* Events
Check out all the events will be running and attending.
* Featured Reads
Automating the MITRE ATT&CK Framework
Read more
How Much Should a Business Spend on Cybersecurity (Updated for 2023)
Read more
* Company
* Company
* About SenseOn
* News & Press
* SenseOn Community
* * Meet the Team
* Investors
* * Awards
* Compliance & Certification
* Careers
* * Commitment to Diversity & Inclusion
* Contact
Arrange A Demo
Select to close search modal Close
Search SenseOn.io
Select to search Search
* Share via Twitter
* Share via Linkedin
Laura
14/07/2022
HOW MUCH SHOULD A BUSINESS SPEND ON CYBERSECURITY (UPDATED FOR 2023)
According to PWC, at least 30% of organisations have suffered a data breach that
cost them more than £800,000 in the past three years. For an average company,
any figure less than this is the right amount to spend on cyber security, at
least theoretically.
Real life is more complex. Because no company is average, right-sizing
cybersecurity spending is a nuanced challenge.
* As a general rule for reducing cyber risk, a business should spend between a
high single-digit figure and a low double-digit proportion of their IT budget
on cyber security, i.e., 7% to 20%.
* This figure will vary depending on an organisation’s risk exposure, the
potential cost of a data breach, and its overall budget.
Not all spending will deliver an equal return on investment. It’s easy to waste
money on tools, training and processes that produce minimal security gains. To
stop threats, astute spending is critical.
Arrange a demo to see how SenseOn’s security automation platform enables astute
security spending by automating threat detection and response, or watch our
webinar.
To right-size security spending and get a good return on investment,
decision-makers need to understand some core inputs into the cyber spending
equation.
THE INFORMATION SECURITY SPENDING CHALLENGE
By 2025, global cybersecurity spending is forecast to exceed £1.30 trillion,
according to Cybersecurity Ventures. At least £67 billion of which will be spent
by SMEs.
Yet even though organisations are spending more money on cybersecurity than
ever, it never seems enough. These days, breaches are often seen as a side
effect of digital transformation.
Many organisations and parts of the broader cybersecurity market consider
cybersecurity as a way of slowing down cybersecurity threats rather than
stopping them.
A report by Trend Micro and the Ponemon Institute that looked at businesses of
all sizes and industries across the US, Europe, and Asia-Pacific, proves this
point. In the survey, almost 9 in 10 organisations anticipate falling victim to
a data breach in the next 12 months.
Worryingly, about 1 in 4 also admitted to having suffered at least seven
cyber-attacks where threat actors successfully infiltrated their networks and
systems within the last year alone.
For any business, this situation poses a serious operational question. Namely:
if the overall security environment is not improving despite record spending,
just how much cybersecurity investment is enough?
HOW MUCH SHOULD A GROWING BUSINESS SPEND ON SECURITY?
There isn’t an exact numerical amount or percentage of revenue or IT budget that
a growing organisation should dedicate to security.
Rather, the right level of security spend depends on several factors, including
where in the world the organisation is based, the sector it is in, the type of
data it handles and stores, the regulatory requirements it may need to abide by,
and the complexity of its IT infrastructure.
This blog gives organisations a detailed look at the factors that influence
security budgets and their growth rate and helps explain why high-spending
businesses are still falling victim to attacks. It also proposes a
straightforward solution to this problem.
LOCATION
From a cybersecurity point of view, geography matters. North America and Europe
are among the most targeted regions in the world. It makes sense that companies
based in either continent have recently increased the share of their IT spending
going on cybersecurity.
Organisations in the US, for example, upped their cybersecurity spending by an
average of 10% between 2021 and 2022 alone, now dedicating almost a quarter
(24%) of their IT budget to security.
In the UK, business spending on cybersecurity rose by an average of 5% last
year.
In European countries, including France and Germany, businesses have also raised
their cybersecurity budgets by 10% and 15%, allocating around a fifth of their
IT budgets to keeping their systems safe.
SECTOR
Historically, firms in the financial industry have spent the most money on
cybersecurity.
Today, however, the biggest spenders are tech and business services
organisations. According to the 2022 Security Spending Benchmark Report by IANS
Research and Artico Search, organisations in these sectors spend just over 13%
of their total IT budgets on cyber security.
The overall average for any sector was 9.9%.
Government organisations and financial services firms spent 9.6% and 9.7%,
respectively. Following them were utility providers (8%), transportation (6.6%),
and manufacturing (6.1).
Sadly, however, the most attacked sectors with the greatest need for risk
management and the least tolerance for disruptions spend the least on security.
The lowest spend in the security benchmarking study was in education
organisations which spent only 5.9% of their IT budget on cybersecurity.
Healthcare is another notorious under-spender on security.
Data from the US shows that only 1 in 5 hospitals spend more than 7%. Most spend
between 1% and 5%. Spending remains low despite 8 in 10 hospitals experiencing a
data breach.
With digital transformation and the pandemic having transformed much of how
healthcare happens, hospitals need to spend, on average, around 24% more on
security in the next few years.
TYPE OF DATA HANDLED AND STORED
Organisations that hold sensitive data should spend more money on data security.
Unfortunately, as demonstrated by the above figures, that is only sometimes the
case.
Although financial firms, which tend to hold vulnerable client data, are
increasing their security spending, healthcare and educational organisations,
also stewards of highly personal data, are not.
REGULATORY REQUIREMENTS
Research by McKinsey finds that regulatory compliance is a crucial factor
influencing current and future cybersecurity spending.
For example, in Europe, more than 1 in 2 businesses agree that the General Data
Protection Regulation (GDPR) compliance has resulted in them spending more on
cybersecurity.
In a survey from a few years ago, firms estimated they would spend an average of
£1 million on GDPR readiness initiatives. Furthermore, 88% of impacted
organisations said they spend more than £750,000 to maintain GDPR compliance,
with 40% saying they spend more than £7.5 million.
This level of concern with the GDPR is unsurprising, given that the GDPR can
levy fines of up to 4% of a company’s global turnover. Sector-specific
regulations such as the Digital Operational Resilience Act (which applies to
European financial organisations) will also influence future cyber compliance
spending.
Learn more: How SenseOn supports compliance
SIZE
According to the Hiscox Cyber Readiness Report 2022, businesses with 250 and 999
staff dedicate almost £1.5 million to cybersecurity. In contrast, organisations
with 1,000+ employees spend an average of £18 million (a 65% increase on the
previous year).
The bigger the organisation, the more it invests in cybersecurity overall.
However, smaller businesses tend to spend proportionally more.
Other data shows that the typical enterprise spends 9.9% of its IT budget on
cybersecurity, while an SMB may spend 20%.
Learn more: How to set up a security operations centre in 5 steps
IT COMPLEXITY
As businesses become larger, their technology architectures and ecosystems also
tend to grow in complexity.
The more partners an organisation depends on and the more devices connect to its
network, the easier it is to hack. In 2021, almost 45% of organisations in one
survey were victims of a supply chain attack.
To secure complex networks, organisations often end up spending more on
cybersecurity. For example, endpoint security tools typically make up almost a
quarter of all IT security spending.
IT’S NOW HOW MUCH YOU SPEND; IT’S WHAT YOU SPEND IT ON
So how much should you spend on cybersecurity as your organisation grows in
2023? The surprising answer is “less than you think.”
Unless you know exactly what drives return on investment (ROI) in terms of
stopping malware and ransomware, meeting compliance requirements and improving
network security, any plans for increased spending on security services or
solutions should be assessed carefully.
In Cybersecurity at Crossroads: The Insight 2021 Report, 3 in 4 respondents said
they lacked confidence in their organisation’s IT security posture. Not much has
changed since then.
Whether it’s a sprawling external attack surface and cloud security issues, a
hostile threat landscape or a corporate culture that places convenience above
security, security leaders have no shortage of challenges.
Getting ROI from security spending remains one of them.
Going back to the Trend Micro and Ponemon Institute survey mentioned earlier,
most CISOs and IT practitioners say their organisation’s IT security function
cannot detect and prevent the vast majority of attacks. Many also mentioned
their organisation’s security technologies’ inability to protect their IT
infrastructure and data assets.
Learn more: Threat detection in 2023 is broken. Here’s how to fix it
Part of the reason is that while spending on security is rising, organisations
are not investing in the right areas or tools.
For example, it is common for businesses to spend at least some of their budgets
on overlapping security solutions or defending against threats that either no
longer exist or that pose minimal business risk.
Businesses buying too many security tools are decreasing their ability to defeat
cybercrime.
Learn more: Solving for risk through consolidation
A Ponemon Institute and IBM report concluded that increased complexity—and the
“alert fatigue” that tends to follow—caused by overinvestment in security tools
could hinder an organisation’s ability to respond to cyber threats effectively.
PRIORITISE YOUR SECURITY ARCHITECTURE OVER SPENDING BENCHMARKS
IT staff are already overwhelmed by the number of alerts (many false positives)
they receive daily. Increasing your cybersecurity budget to buy the latest tools
and technologies will overwhelm them further.
Unfortunately, with the cybersecurity skills crisis worsening, hiring more staff
is not the answer to this problem either.
Instead, expanding organisations looking to bolster their cybersecurity should
consider investing at least some of their cybersecurity budgets into artificial
intelligence and automation.
More than 1 in 2 IT professionals say that their biggest challenge regarding
security operations and management is their organisation’s need for more
automation. Too many repetitive, manual tasks prevent analysts from quickly
responding to their systems’ management notifications and security events.
In an IBM study, more than half of organisations surveyed noted that what helped
improve their level of cyber resilience was visibility into applications and
data and investment in automation tools.
SenseOn can help you and your team overcome this exact problem. A self-driving
cyber defence platform, SenseOn’s unique “AI Triangulation” technology
replicates how a human security analyst thinks and behaves to pinpoint and flag
only relevant threat alerts.
SenseOn consolidates a suite of tools (including EDR, NDR, UEBA, IDS/IPS, SIEM,
and SOAR) into a single cybersecurity platform, freeing up your security budget
for other priorities.
Arrange a demo to find out how SenseOn’s AI-powered security platform can
empower your security team.
* Share via Twitter
* Share via Linkedin
RESOURCES
Explore our collection of eBooks, webinars, articles, and more to help you
maximize your understanding of emerging threats, adversary techniques and how to
detect cyber attacks.
Visit resource hub
Whitepaper
MITRE ATT&CK FRAMEWORK
Download now
Blog
AUTOMATING THE MITRE ATT&CK FRAMEWORK
Read more
Blog
WHY I STOPPED USING A SIEM – AND WHY YOU SHOULD TOO
Read more
SIGN UP TO OUR NEWSLETTER
Join thousands of like-minded professionals who are already
receiving our blog
updates and best practice guides.
Email
Make complex security toolstacks a thing of the past and gain efficiency with
SenseOn, a consolidated cyber defence system.
+44 (0)20 3773 1566
Follow us
* Select to visit our Linkedin account
* Select to visit our Twitter account
* Select to visit our Vimeo account
Subscribe to our newsletter
Join thousands of like-minded security professionals receiving our blog updates
and best practice guides.
Email
* Platform
* Threat Detection
* Cloud Security
* UEBA
* Incident Response
* By Threat
* Intrusion Detection
* Crypto Ransomware
* Ransomware
* Zero Day Attacks
* APT
* Insider Threats
* Why SenseOn
* Our Mission
* Our Customers
* See All Industries
* Resources
* Resource Hub
* What Is Security Automation?
* XDR – What is Extended Detection and Response?
* What is Endpoint Detection and Response (EDR)?
* Company
* Our Mission
* SenseOn Community
* News & Press
* Meet the Team
* Investors
* Awards
* Events
* Referral Program
* Compliance & Certification
* Careers
* Contact
© SenseOn 2022, all rights reserved.
* Terms
* Privacy
* Responsible Disclosure Policy
Site By
Select to close modal
hero-backgroundicon-404-accenticon-accordion-accenticon-accordion-chevron-downicon-accordionicon-carousel-arrowicon-chevron-down-pinkicon-chevron-downicon-chevron-lefticon-chevron-righticon-clarity-logoicon-closeicon-confirmation-tickicon-cta-accentEmail
Iconicon-facebookicon-five-starsicon-glassdoor-1icon-glassdoor-2icon-hero-accenticon-instagramicon-left-arrowicon-linkicon-linkedinicon-nexticon-paginationicon-phoneicon-pinteresticon-play-buttonPlay
iconicon-plusicon-quote-accenticon-right-arrow-pinkicon-right-arrowSearch
Iconicon-signup-1icon-signup-2icon-slider-accenticon-star-emptyicon-star-filledicon-star-halficon-staticon-testimonial-accenticon-tick-blue-smallicon-tick-blueicon-tick-redicon-tick-yellowicon-twittericon-vimeoicon-widget-accenticon-youtube
Notifications