There is almost no limit to how much you could spend on cybersecurity solutions, and with Gartner estimating global spend on security is equal to about 1.5% of worldwide revenue – does that mean that effective cybersecurity has to be expensive?  And what is “expensive”?  Surely that is different for an SMB client than a worldwide corporation.

There are of course vast differences in how each organization approaches security. Some spend nothing, some spend very little and a few organizations invest heavily to protect their assets.

The Cost of Small Business Cybersecurity
It would be tempting to think that small business cybersecurity should be cheaper than it is for enterprise, however to get security right for a small business takes a higher percentage of the operational budget than it does for a larger one. For example, it not only costs small businesses more money per device to buy security software due to the volume discounts that enterprise clients can take advantage of, but if they fall under compliance mandates, they may also still need to implement the same critical and major security controls despite their smaller client base.

Whereas a large organization might look at spending 1-2% of the operational budget on security, any small business looking to get security up to a reasonable standard could be looking at a figure closer to 4% or more.

The Cost of Enterprise Cybersecurity
The cybersecurity challenge for large organizations is that to make security effective, they have to embed security principles within the heart of everything they do. Sometimes this is referred to as achieving security by design and increasingly people may also refer to this as DevSecOps. Whichever description is used, the fundamental remains that security has to be included from the outset and sustained throughout the lifecycle of each technology, including decommissioning of solutions.

Can Cybersecurity be Inexpensive?
In short, it depends. The more technology you want to use, the more time and effort is required to ensure appropriate security is put in place. The more proactive the approach to security, the cheaper it is to implement and sustain – just ask anyone who has suffered the cost of trying to recover from a significant cyber incident.

Basic cybersecurity does not have to be expensive from a financial perspective – but it does require taking the time to carefully consider each new technology, research and implement the right settings and to keep different technologies as protected from each other as possible.  With a review of your organizations vulnerabilities and appetite for risk, reasonable measures can be taken.