How much money is spent on cybersecurity?

Cybercriminals can attack so frequently because they are growing in number and sophistication. Lone hackers hunched over their computers in dimly lit basements is all but a thing of the past, as hackers now organise themselves into criminal groups. In fact, cybercrime itself has shaped up to be a highly lucrative industry in its own right. It is not an exaggeration to say that cybercriminal groups can and should be regarded as corporate entities (albeit hostile ones) in their own right. Estimates actually show that organised cybercriminal groups reinvest about US$1 trillion annually to develop new equipment and software to perform their next attack.

Remote work has also given cybercriminals more opportunity by spreading networks past the office and even national borders. As files are now saved on laptops with open network internet access, this makes it easier for perpetrators to get their hands on stored work files. With 30% of the workforce expected to remain remote, it's likely that virtual communications will continue to be a growing bounty for cybercriminals.

Another area that cybercriminals are increasingly trying to exploit is that of mobile devices, particularly as they have become increasingly integrated into our lives and are now relied upon for day-to-day communications with colleagues that can no longer take place at the office. In a chilling event, one organisation launched a mobile espionage product called Pegasus that granted hackers access to remotely jailbreak iPhones and allowed them to copy over information from call and text records, calendars, and contact lists.

Customers are aware and increasingly wary of the potential dangers of cybercrime. A survey of consumers across North America and Europe found that 70% of consumers already believe that businesses are not securing their personal information and 59% of customers stated that they would avoid engaging with companies that had experienced cyberattacks within a year.

These trends make it clear: cybersecurity has become imperative for any company that wishes to do business in today’s digital landscape. The question is no longer should I invest in cybersecurity, but rather, how much should I spend on cybersecurity? Unfortunately, this question holds no easy answer.

As companies seek to determine what’s the right amount, the second burning question has therefore become - how much are companies spending on cybersecurity? The good news is, that this question is a little easier to answer. Our research shows that large enterprises spend approximately US$2,700 per full-time employee per year on cybersecurity.

Research shows IT security service spending has increased by approximately US$6 billion year on year between 2017 and 2021. In a joint study, Deloitte and the Financial Services Information Sharing and Analysis Center also estimated that companies running financial services such as banks, insurance companies, and investment managers spend between 6% to 14% of their IT budget on cybersecurity.

Given the trends highlighted above, it’s easy to understand why IT departments are ramping up their security budgets - they’re guarding themselves against potential catastrophes. However, not every company is willing, or able, to funnel this kind of money into ensuring that their business operations are sufficiently protected.

As a result, cybersecurity investment is evolving into an unfortunate balancing act where companies settle for a level of risk they are willing to tolerate instead of trying to attempt the increasingly difficult task of sealing off every possible loophole.

Planning cybersecurity budgets is hard. Deciding exactly how much to spend against cybercriminals who are constantly evolving is like trying to shoot a moving target in the dark. But, if we take a cue from the average cybersecurity spend of US$2,700 per full-time employee, this will round out to $54,000 annually for an office of 20. Still, that leaves the conundrum of which solutions to spend that budget on.

Let’s consider three possible courses of action.

One, you seek guidance from cybersecurity consultants and internal specialists on the best combination of tools to meet your specific business needs. Most likely, you’ll be advised to make an inventory of all company data assets and subsequently calculate the fiscal worth of each inventory item. The next step would be to consider what security measures are necessary to comply with local data regulations, such as the Personal Data Protection Regulations of Singapore, for example. This should shore up a figure that can be toggled with until a desirable balance between the amount of money spent and the potential amount of money lost to cyberattacks is achieved.

This can be extremely expensive and time-consuming, especially if you’re doing business in multiple territories with varying data privacy laws and regulations. Most companies, especially SMEs, won’t have the resources for this.

Two, you purchase some basic cybersecurity tools such as a cloud-based antivirus solution to shield you against malicious software. This accomplishes some fundamental goals and will probably cost you less than US$54,000 a year, but the protection you’re getting isn’t as comprehensive and future-proof as you’d like it to be. Even if you choose to splurge on the most sophisticated, AI-powered ‘enterprise grade’ antivirus software in the market, their maximum detection rates only go up to 99%, leaving you still at risk of exposure.

The third option? To get you started, use CatchPulse Pro, an intuitive AI-driven intuitive application control that has always-on and real-time monitoring for enterprises who want 100% protection from known and unknown malware threats – while also costing you much less than US$54,000 annually. CatchPulse Pro operates on a zero-trust model, meaning that it applies a denied-by-default principle to protectively block unknown malware. This is in stark contrast to the blanket rules and known to allow lists that alternative anti-virus solutions offer. The best part is that CatchPulse Pro is highly intuitive, meaning you don’t need to be a cybersecurity expert to use it.

To take things up a notch and protect your Data, you can also deploy the SecureAge Security Suite which encrypts every file, no matter where it is stored, with a unique asymmetric key. SecureData effectively makes any stolen data useless outside of your organisation as any unauthorised copying of data from a machine or file server will only expose the encrypted data files, thus mitigating the risk of any sensitive information being leaked.

Frankly, not investing in cybersecurity in this day and age is equivalent to leaving your front door wide open and not expecting burglars to enter. As with most things, knowing where to start usually wins you half the battle. So don’t be a sitting duck. Remember, a new cyberattack happens every 39 seconds. CatchPulse Pro was designed to save hours, headaches and dollars.