Small Business Budgeting for Cybersecurity (As Featured on 

Defendify’s article on the basics of budgeting for cybersecurity was recently published on Cybersecurity is becoming more relevant as a business priority, but it can be challenging to figure out how to consider financially. Read our summary and introduction below, then check out the full article.

With 2019 coming to a close, many small businesses are busy building their budgets for 2020. But they’re also thinking about their cybersecurity—with continued news stories and anecdotal evidence of devastating cyberattacks, many small businesses are starting to wonder if they’re protecting themselves effectively.

Cybersecurity threats continue to be on the rise, and the best way to help protect your company is to strengthen your cybersecurity posture holistically. In today’s modern landscape, cybersecurity is fast becoming a must-have—a core business function and priority. And as with many other business priorities, it often requires dedicated budgeting.

The Basis for a Budget

There are many valid reasons why companies prioritize cybersecurity. Besides simply protecting themselves from a cyberattack (no small reason given that 68% of small businesses have experienced a cyberattack in the last 12 months), small businesses employ cybersecurity to address:

  • Preparation for third-party cybersecurity risk assessments
  • Compliance requirements such as GDPRPCI and HIPAA
  • Desire for competitive advantage for large projects or contracts
  • Pressure from company stakeholders concerned about cybersecurity

For a small business, complete cybersecurity can seem like a tall order. As you build your budget, it can be useful to work on specific cybersecurity challenges, such as: risk assessment, employee training and phishing risk reduction, network and website vulnerability scanning and remediation, and testing.

How much should you budget for cybersecurity?

Typically, the amount companies spend on cybersecurity is a function of their total IT budget: anywhere from 5.6% to 20% in addition to what they spend on IT. For a small business, it can be helpful to simply get started with something in 2020 and increase coverage and investment over time. By starting small with a cybersecurity risk assessment, you’ll be able to judge where you stand and begin addressing high-priority (and low-cost) improvements.

Think an investment in cybersecurity won’t pay off? Think again. A cyberattack to a small business can be expensive: recent studies have found costs to be between $120,000 and $1.24 million. For example, expenses include direct costs:

  • Theft of money and valuable data
  • Repair and remediation
  • Fines and legal fees
  • Cost to notify and compensate affected companies and people

And indirect costs:

  • Downtime and disruption
  • Theft of intellectual property (IP)
  • Reputation, brand, and credibility damage

Considering the potential costs of a cyberattack, any budget you can dedicate towards reducing your risk is money well spent.

Investing in cybersecurity is an important step to help protect your business, but keep in mind that spending more doesn’t necessarily mean better protection, and the old security adage remains true: There’s no guarantee of 100% safety, no matter how much you spend. The best option for a small business is to prioritize cybersecurity as a business function (i.e. put it on the P&L) and seek out the best ways to improve your posture holistically within your budget.

Read the full article on

Stay Safe,

Your Friends @ Defendify

Resources & insights

Why You Could Be Denied Cyberattack Insurance Coverage
Why You Could Be Denied Cyberattack Insurance Coverage
As you’re working toward achieving robust cybersecurity, the subject of cyber attack insurance coverage and cybersecurity insurance requirements is sure to enter the discussion.
Cost of a Cyberattack vs. Cybersecurity Investment
Cost of a Cyberattack vs. Cybersecurity Investment 
Detailing the cost of a cyberattack versus the ROI of a cybersecurity investment enables leadership to see cybersecurity solutions are worth it.
Defendify Listed as a High Performer in Six G2 Grid Categories
Defendify Listed as a High Performer in Six G2 Grid Categories
The Defendify Cybersecurity Platform has been listed as a High Performer in six Summer 2022 Data Security Software Category Reports on the technology review site G2.

Protect and defend with multiple layers of cybersecurity

Defend your business with All-In-One Cybersecurity®.

Explore layered

Learn more about Defendify’s three key layers and All-In-One Cybersecurity®.

How can we help?

Schedule time to talk to a cybersecurity expert to discuss your needs.

See how it works

See how Defendify’s platform, modules, and expertise work to improve security posture.

Take the first step toward comprehensive cybersecurity with a free Defendify Essentials package

Gain access to 3 award-winning cybersecurity modules. Nothing to install. Nothing to pay for.