How much should businesses invest in cyber resilience? 

Ramsac network monitoring cybersecurity

A common error that organisations can make, is to think of cyber resilience as a one-time financial spend instead of a financial investment for their future.  Rather than an ad hoc  or one off spend, we recommend that organisations consider cyber resilience as a moving target, one that is constantly evolving. Building long-term resilience requires sustained investment and you should consider a separate budget line which demonstrates your commitment to continued protection for your business. Which elements of cyber resilience you invest in year after year may grow and change based on your industry standards, the size of the organisation or breaches you experience. Cyber resilience measures you may choose to invest in could include:  

  • Training for your staff. 
  • Phishing testing and awareness 
  • Cyber monitoring and response services 
  • Penetration testing. 
  • Incident response planning 
  • Cyber Resilience Certification. 
  • Software tools such as malware protection, password management or threat detection 
  • Device and application management tools and services 
  • Tools and processes to manage software and hardware patching and updates 
  • Cyber audits/risk assessments 
  • Cyber insurance 

If, as a board, you are asking yourselves what percentage of revenue should go on a cybersecurity budget, unfortunately there is no single recommended percentage of turnover that should be spent on cyber resilience. However, here are some general guidelines to help you best assess this for your organisation: 

  • Understanding risks is important. Conducting a cyber resilience  assessment will help you to understand your organisation’s specific cybersecurity risks and needs. This will help determine the appropriate investment level. 
  • Cyber resilience spending will vary significantly depending on the size, industry, and risk profile of the organisation. Larger organisations with more data and higher risks often need to spend more. 
  • According to various estimates, most organisations spend between  0.5-1.5% of overall revenue on cyber resilience 
  • For smaller businesses, spending 10% of the total IT budget on cybersecurity is often recommended. 
  • Highly regulated industries like finance and healthcare tend to spend more, sometimes up to 20% of the total IT budget. 
  • Focus spending on high impact areas like awareness training, access controls, data security, incident response plans, and system redundancies. 

If you are looking to justify the spend it is well worth remembering the cost of the alternative.  A data breach can cost an organisation in many ways including loss of revenue, fines from the ICO and reputational damage.  In July 2023, IBM Security released its annual ‘Cost of a Data Breach Report’ which revealed that UK organisations pay an average of £3.4m for data breach incidents. 

In 2020, a data breach of broadband provider Virgin Media involving the personal data of 900,000 customers. Following the incident, Virgin Media reportedly faced a class-action lawsuit of nearly £4.5 billion. In March 2023 Capita suffered a cyber-attack which is currently estimated to be costing them £20 million. Investment in cyber resilience can save you money in the event of a cyber breach.  

Organisations who take cyber resilience seriously would benefit from investing in a cybersecurity monitoring service, which will meet a lot of their cyber resilience needs.  ramsac’s secure+ service can do just that.  secure+ is a ramsac managed service, run by our dedicated in-house Cybersecurity team that allows us to detect a breach the moment it happens and to take action to prevent damage from being done. Below are just some of the benefits of secure+: 

  • Each month you will get a comprehensive report of your secure+ service, where we call out significant events and recommendations to improve your security.  
  • We periodically run scans against your external facing infrastructure to look for vulnerabilities or gaps in your security.  
  • You will get priority status for emergency or critical patches that get announced.  
  • Every quarter we will run an audit of critical accounts, mailboxes and other services to check that privileges are as expected across your estate. 

 

If you are not sure where to start why not download our Cyber Resilience Whitepaper which outlines the 10 essential questions you should be asking about your Cyber resilience such as, ‘How well do you train your staff on IT security?’ And ‘How much control do you have over your devices?’. 

Related Posts

  • Why your organisation needs VMaaS: Turning vulnerabilities into strengths

    Why your organisation needs VMaaS: Turning vulnerabilities into strengths

    Cybersecurity

    Discover how ramsac’s VMaaS can transform vulnerability management from a reactive headache into a proactive strategy that strengthens your organisation’s cybersecurity. [...]

    Read article

  • Machine Learning Algorithms in Cybersecurity

    Machine Learning Algorithms in Cybersecurity

    AICybersecurityTechnical Blog

    Learn how machine learning algorithms are transforming cybersecurity, improving threat detection and predicting future attacks to help secure your digital environment. [...]

    Read article

  • Why should companies invest in cybersecurity?

    Why should companies invest in cybersecurity?

    Cybersecurity

    Investing in cybersecurity improves customer trust and helps you to prevent breaches across your organisation. Learn more today. [...]

    Read article

  • Maintaining system resilience in a technological world: What the CrowdStrike outage can teach us

    Maintaining system resilience in a technological world: What the CrowdStrike outage can teach us

    Cybersecurity

    The CrowdStrike outage on the 19th July caused worldwide chaos from airlines to hospitals and everything in between. What can we learn from this? We discuss. [...]

    Read article

  • What is data theft and how do you prevent it?

    What is data theft and how do you prevent it?

    Cybersecurity

    In any size organisation, data theft can be a huge issue. From disgruntled employees to large scale cyberattacks, data theft can severely impact your business. According to a report [...]

    Read article

  • The true cost of a cyber breach

    The true cost of a cyber breach

    Cybersecurity

    Understanding the true cost of a cyber breach is crucial, as it involves not only the immediate financial losses but also potential long-term impacts such as data loss, business [...]

    Read article

Quiz yourself

Are you more cyber savvy than an 11 year old?

11-14 year olds get asked these questions in school. Could you get these right?