cybersecurity expenditure

How Much Should You Be Spending On Cybersecurity?

Cybercrime statistics paint a grim picture for Australian businesses. The average cost per incident is more than $39,000 for a small business and $88,000 for a medium business. These numbers are difficult for any company to absorb.  When you consider that one cyber security expert puts the total cost to the Australian economy at $42-billion per year, the magnitude of the problem gets pretty mind-boggling.

Businesses are very aware now that protecting themselves against cybercrime is essential. It’s not just a ‘set and forget’ protection either, it’s one that needs constant monitoring and updating to stay abreast of the latest threats. This takes an investment in time, manpower and finances. The question everyone wants to know is, what kind of financial investment does it take to minimise and mitigate the effects of a cyber attack?

It’s a perplexing question, because all companies have their own unique set of factors determining spend. As cyber security has matured over the years, we’ve developed an understanding of how much it costs for businesses in various industries. To fully appreciate it, it’s important to have an appreciation for how much businesses are spending on IT in total.

IT Budgets by Industry

According to Deloitte’s ongoing series of global CIO surveys, most companies around the world are increasing their IT budgets. This is indicative of the rising value of technology to businesses. It sits at the core of innovation and progress, and we’re realising that in order for our businesses to grow and endure, they need to have a strong tech focus.

It’s not just about innovation. Technology and business strategies are becoming more closely aligned, with most business operations having a heavy (and increasing) reliance on tech. IT budgets have to keep up.

So what percentage of a company’s revenue goes towards IT? There’s a large range depending on industry, as you can see from the examples below:

IT Expenditures as a Percentage of Total

IT spend by industry

It’s not surprising that software and hosting companies have a higher IT spend. They come in well above the average expenditure on IT, which is around 8.2% of total expenditure.

Now, how much of this expenditure is on cybersecurity?

IT Security Spending

Cybersecurity expenditures cover a lot of ground. There’s security hardware, software and personnel training and education and even cybersecurity insurance. There’s the cost of staying compliant with our Australian regulations, and there are technologies such as firewalls, multi-factor authentication, endpoint protection and security monitoring to take into account.

Different industries and businesses face different challenges with their security, so it’s tricky to come up with a solid benchmark. On average though, the norm is considered to be as follows:

Cybersecurity Spend: 3-6% of total IT budget

Compliance Spend: 3-6% of total IT budget

Business Continuity: 2%

Total Security Spend: 10-14%

This research survey from IANS tells us that businesses spent 9.9% of their IT budgets in 2022 on cyber security. Tech, healthcare and business services lead the pack with 13.3% of their budgets, while education, retail and manufacturing languish at around 6%.

What the survey also indicated is the increase in reported cyber security expenditure in the last year.

Cybersecurity Budget Increases

79% of businesses surveyed reported an increase in security budget, with an average increase of 22%. The reasons behind the increase are quite telling:

Cybersecurity Expenditure as a Percentage of IT Budget

cybersecurity spend

The fact that over 50% of budget increases are in response to a security breach shows the extent and frequency of cyber breaches, and how seriously businesses are taking them.

Get Serious About Cybersecurity

If you want to get serious about protecting your business, consider outsourcing your cyber security to a managed service provider like Smile IT. Our team of experts will ensure your allocated budget will stretch much further than if you were managing it yourself.

There’s also the added peace of mind that all your security assessments, monitoring and management are in the hands of IT professionals. Professionals committed to staying ahead of the latest security threats, keeping your business compliant and picking up on threats before they become a concern.

Get in touch today and we’ll have a chat about maximising the value of your cyber security expenditure!

When he’s not writing tech articles or turning IT startups into established and consistent managed service providers, Peter Drummond can be found kitesurfing on the Gold Coast or hanging out with his family!