One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1356143 |
| Date de publication | 2019-09-23 13:00:00 (vue: 2019-09-23 16:07:55) |
| Titre | How to justify your cybersecurity budget in 2019 |
| Texte |
It’s less expensive to prevent cyber attacks than it is to repair the damage when they happen. Companies and institutions across industries lose money from cyber attacks all the time. There are the more obvious ways like piracy, data breaches, and litigation. There are also ways that accountants can’t quite put a dollar figure on, such as reputational damage that makes customers and clientele less likely to want to buy a company’s products and services in the future.
Everything is digital these days, both on premises and in the cloud. So cybersecurity staff and security measures are things you have to spend money on. But how should your company determine how much money to budget for security? And how should your company determine how to spend it?
Photo by Fabian Blank on Unsplash
What is a typical cybersecurity budget?
While there is no one-size-fits-all answer when trying to decide what a “typical budget” looks like for cybersecurity operations, there are a few studies that have been done that can provide some insight.
A recent study by Deloitte and the Financial Services Information Sharing and Analysis Center found that financial services on average spend 10% of their IT budgets on cybersecurity. That’s approximately 0.2% to 0.9% of company revenue or $1,300 to $3,000 spent per full time employee. For a bigger picture benchmark, consider that Microsoft CEO Satya Nadella recently revealed in a statement that the tech behemoth “will invest more than $1 billion each year in cybersecurity for the foreseeable future”. Finally, it’s worth noting that the 2019 U.S. President’s budget allocated $15 billion in spending on cybersecurity, about 0.3% of the entire fiscal budget ($4.746 trillion).
And while none of these figures can clarify what a “typical” budget should look like for the average business or organization, they can at least provide a benchmark for how larger tech firms, financial service companies and governments are allocating cybersecurity spend as a percentage of overall budget.
Considerations for your cybersecurity budget
There are so many different variables and factors involved when it comes to determining your cybersecurity budget. I’ll offer you some tips which can be used as a starting point to help your company decide.
I asked Kate Brew, from AT&T Cybersecurity, to send a tweet to get views from various industry decision makers. The question was “Cybersecurity budgets come in many sizes. How does your company determine yours?” Here are some responses, which should illustrate what typical cybersecurity budgets are. Some of the responses were a bit tongue-in-cheek:
“They keep me far away from budget/financial decisions at my company but I’d like to think a d20 is involved somehow...” (I love Dungeons and Dragons references!)
“Yeah. They most often range in size from ‘miniscule,’ to ‘barely visible to the unaided eye.’”
“Pick a number and subtract that number from itself. That& |
| Envoyé | Oui |
| Condensat | $100 $15 $50 “cisos “cybersecurity “how “i’m “most “pick “spin “they “typical “we “what “will “yeah ‘barely ‘miniscule 000 2016 2019 300 746 about according accountants accumulate across advice ale align all allocated allocating also always amount analysis analytics anecdotes annualized answer answers any apply appropriate approximately are areas aren't around ask asked asking assets associated assuring at&t attack attacks attempts average away back ball based because been behemoth believe benchmark bigger billion bit blank on unsplash board both bottle breaches brew bruce budget budget” budget/financial budgets business but buy by fabian calculated can can't can’t carbonite carved case center cents ceo cfo change changes characteristics cheek: chief chunk ciso cited clarify clearer clientele cloud come comes companies company company’s compliance complicated comply computer conclude configurations consider considerably considerations constantly consultant continuity coo corporate cost costs countermeasures—mitigate countermeasures—or course create crime cto customers cyber cybersecurity cyberspace d20 damage dart data days ddos deal december decide decision decisions decrease dedicated deloitte denial departments details determine determining developed difference different digital distributed does dollar dollars don't done doubt dragons dungeons each easy effect effective effectively else email employee employees enough entire european evaluating even everything evolving exactly example executives expectancy expensive experience explain explains eye factors far fast figure figures finally financial firms first fiscal fits foreseeable fortunately forward found framework friedman from frustrating full future future” game gartner gathered gdpr general generally get gif goes good governments grateful great guidelines had happen happy hard harder has have healthcare’s help helps here here’s hipaa hopefully how huge i’d i’ll i’ve idea illustrate image implementing important incident increase increasing individual industries industry information insight institutions intelligence inventory invest investment involved isaca isaca’s isn't issue it's it’s itself just justify kate keep lacking landscape language largely larger larry last lean least less like likely list litigation look looked looks lose loss losses lost lot love magic make makers makes many marketing maturity may measures meet members metrics microsoft might million mitigation model models money months more most moves much nadella nearly need needs network networks never new next night none not noticed noting now number obvious offer officer often old one only operations order organization organization’s other out overall overfunded overkill pain party people per percentage perhaps phishing photo picture piracy played point post posted potential practitioners premises president’s prevent prevention probably problem process processes products professionals protection provable prove provide put question quickly quite range rapidly rates rather ready recent recently references reflects regulation regulations repair report reputational researched respondents response: responses responsibility rest return revealed revenue revolves right risk risks roi roulette running said same satya save saying says schneier security see seem seems send serious: service services sharing should shoulders signs situation size sizes slightly some somehow someone sort speak specific spend spending spent spin staff staffing start starting state statement stay step steps studies study subset subtract succumbed such suite survey systems tech technical technology than that's that’ll that’s them then there's there’s these they’ll they’re they’ve things think thinking those threat three time tips told tongue too took tools total tra |
| Tags | Threat Studies |
| Stories | Deloitte |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.