Skip to main content

Many businesses are over- and under-spending on security

(Image credit: Shutterstock / NicoElNino)

All businesses should spend money and resources on cybersecurity, to protect their operations and ensure a profitable future. But how much should they actually spend?

According to a new report from analysts at Nucleus Research, most organizations either overspend or underspend on cybersecurity solutions. The report proposes a formula businesses can use to determine exactly how much money they should be spending on cybersecurity.

Nucleus states that businesses should not spend money on cybersecurity “based on fear or perceived threats”. Instead, they should consider their worth, the worth of the utility of cybersecurity, the chance of a cyberattack, and the potential cost of the breach.

“Even if an organization has a high risk for a cyber-attack, it isn’t efficient to invest in cybersecurity more than what the organization is worth," the report explains. “By considering investments in cybersecurity as an insurance problem, organizations can justify the optimal amount to spend.”

So for an organization worth $20 million, which risks losing $2 million in a data breach and has a 50 percent chance of being breached, no more than a $1 million should be spent on cybersecurity, the report states. This figure includes IT personnel time, software subscriptions, software maintenance, and loss in productivity.

“Considering a three times revenue model, the organization should not spend more than 15 percent of its revenue,” the report concludes.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.