Budgeting for Cyber Attacks: Security spending to reach 133.7 billion by 2022

With the average expenditure on cybercrime growing dramatically, the cost of an attack can be disastrous for a company that has not properly considered the idea that cybersecurity be a major part of their regular budget.

The first step is acknowledging you have a problem

In too many instances, CEOs want to bury their head in the sand when it comes to cybersecurity. In some cases this has been a static budget line for the last several years and they cannot be convinced that a large percentage raise in cybersecurity related funds is necessary. This is clearly demonstrated in the fact that 60% of CEOs think their company is safe from breaches, while less than 30% of IT professionals agree. This conflict between IT and C-level executives have led to dangerous levels of lagging security.

As the problems keep getting worse, corporations have to respond with corresponding budgetary concerns. By following the trend of increased spending in this area, businesses can save themselves a great deal of potential pain.

By the numbers:

The costs of cyber attacks are rising dramatically: A study by IBM shows that costs of a cyber attack have risen sharply to $3.9 million per strike in 2018. On average, in 2017, companies spent nearly $11.7 million cyber attacks, 23% more than they did the previous year.

It’s about more than just the upfront costs: While financials takes into account the amount of money lost to a company when they are breached, it does not even begin to look at the long term effects of lost potential revenue, reputation, or morale. When taking into account the turnover of customers and a loss of reputation and goodwill, the average cost of lost business can be as much as $4.13 million per company.

Timing is everything: Accenture estimates that the amount of time an attack takes from a company is an average of 50 days - that is almost two months where priorities are upside down and a great deal of work cannot be accomplished.

What is lost may not be returned: Information loss is the most costly part of a cyber attack representing 43% of associated costs. If you are not actively protecting information from being ransomed or lost, you are risking huge losses.

Data Pirates: In particular, ransomware damage grew 15 times in less than two years to more than $5 billion in 2017 according to CSO Online.

Per person: Breaches cost the average affected American around $225 per individual according to the Ponemon Institute’s 2017 Cost of Data Breach Study.

Global crisis: According to Cybersecurity Ventures, damage related to cybercrime is projected to hit $6 trillion annually by 2021.

The numbers are stark reminders of just how dire of a problem cybercrime is on an international scale. Many companies never recover from a major breach and a lack of preparedness puts the financial life of any organization at risk.

What you can do to protect yourself from Cybercrime?

The truth is that a dedicated cybercriminal can and will access your data if given enough time. Crackers can rely on techniques that involve everything from reading computer heat signatures or the LED lights on a server to discover critical information about your security.

More often than before, IoT devices, which include printer networks and even smart coffee makers, which can act as carriers of computer viruses. In a recent TED talk, expert Avi Rubin discusses how nothing networked is impervious to hacking. He demonstrates show how it is possible to manipulate nearly any imaginable networked device including infrastructure like bridges and dams, cars, refrigerators, and even pacemakers (which as of 2006 have networking capability).

This idea may have many feel like throwing up their hands in the face of what appears to be an impossible fight, but this is actually more reason to invest in cybersecurity, even within this current reality. 75% of companies have increased cybersecurity investment in the last year and this expense has gone up over 140% in less than a decade. If your company isn’t keeping up, you are inviting an attack that could be devastating.

So how do spend money on cyber attack prevention?

Privacy has its costs
The GDPR is a positive step toward cybersecurity, however, it’s implementation is difficult for business to navigate initially. Nearly a third of companies are spending money on services that teach them how to work within GDPR structures. As cybersecurity gets more complex, this kind of consultation will be an imperative for every company.

Keep evolving
It’s essential to retain some of your budget for educating a training your workforce. If you are implementing protocols that are not followed, it becomes a futile endeavor (and a waste of money)

Test your system
Take some of that budget to see how well your system stands up to potential attack.

It takes dedication
Cybersecurity experts refer to the top 5% of your essential documents as the “crown jewels” and recommend that you protect them accordingly. Take care to have these files on a dedicated non-networked PC and giving only prioritized access, you limit their exposure.

Looking for an inexpensive fix? Lock your doors

Cyber security experts like to compare being prepared for cybercrime to home security. Just because someone could break into your house with a battering ram, they posit, doesn’t mean that you should not lock your windows and doors on a daily basis. Many fixes in cybersecurity are about changes in company culture more than anything involving tech.

Communicate regularly: Cyber crime is constantly evolving. Keep up with trends and send out information to your entire organization on new scams. Perhaps make it part of a regular staff meeting.


Careful who you work with: Make sure your vendors are secure. Talk to your bank about improved cyber protection. Also, ask your ISP provider about your current level of protection and see if you need an upgrade.

Get better company-wide password protocols

Laurie Faith Cranor is a Carnegie Mellon Professor and security expert who speaks about failures in password etiquette that can lead to breaches. In fact, a staggering two out of five people have had a cybersecurity incident that resulted from a breached password. And in the business world 70% of breaches are caused by process failure which includes not following password procedures.

Research indicates that password failures can be due to some pretty common factors:

No variety: Most people use one password for many accounts. In fact, more than half of computer users have only five passwords for their whole life!

Never changing: Over 20% of people use passwords that are over a decade old.

Laziness: The terms “password” “qwerty” and “12345” were some of the most popular passwords chosen in 2014.

Password protocol is an imperative and a way to prevent a great deal of potential cybercrime with almost no financial investment.

Security steps you can take to cover your passwords

As with many things in business, communication is key. Getting people to comply with password initiatives means making sure that they truly understand the dire nature of the situation. This has to be more than a mass email. Workshops and trainings might be a good idea and creating required ways of maintaining security is another active way to be on top of the issue.

Implement two-step verification: Two step verification has become industry best practice at this point. To those that fear this is complex, it is actually similar to the process you go through at the ATM: You need both a card AND a code. At this link you can find instructions that show you how set up two step verification on many popular websites.

Mandatory Length and Makeup: Make sure passwords are set to be 12 or more characters in length, and that they use capitals, special characters, numbers, and lowercase.

Avoiding Phrases: If possible, keep full words out of a password. Experts suggest taking a memorable phrase and using the first letters of each word to create the password. For example, the long phrase, “My annoying boss is making us change our passwords every 90 days!” would become: Mabimucope90d! It’s seemingly random, but still memorable.

Diversify: The number one rule in business is also the biggest rule in password protection. Use unique passwords when using multiple sites. Obviously this can be overwhelming, so consider trusting a password management sites like LastPass or Dashlane that use complex encryption to avoid hackers from getting your password information.

Ultimately, you will have to keep spending more money on cybersecurity as the tactics of criminals evolve. But that doesn’t mean you can’t be smart and prioritize how your funds are distributed in this area. Varonis.com put together a useful infographic that points to the best way for budgets to be spread around for cybersecurity measures and talks about why this is the case.

Don’t become a statistic, make sure you are covered and spend the money you need today to prevent future breaches that might devastate your company.

The Future of Cybersecurity Budgeting - infographic


Read next: 1 in 5 Internet Users Are Malicious Bots
Previous Post Next Post