Small Business Budgeting for Cybersecurity (As Featured on 

December 6th, 2019

Defendify’s article on the basics of budgeting for cybersecurity was recently published on Cybersecurity is becoming more relevant as a business priority, but it can be challenging to figure out how to consider financially. Read our summary and introduction below, then check out the full article.

With 2019 coming to a close, many small businesses are busy building their budgets for 2020. But they’re also thinking about their cybersecurity—with continued news stories and anecdotal evidence of devastating cyberattacks, many small businesses are starting to wonder if they’re protecting themselves effectively.

Cybersecurity threats continue to be on the rise, and the best way to help protect your company is to strengthen your cybersecurity posture holistically. In today’s modern landscape, cybersecurity is fast becoming a must-have—a core business function and priority. And as with many other business priorities, it often requires dedicated budgeting.

The Basis for a Budget

There are many valid reasons why companies prioritize cybersecurity. Besides simply protecting themselves from a cyberattack (no small reason given that 68% of small businesses have experienced a cyberattack in the last 12 months), small businesses employ cybersecurity to address:

For a small business, complete cybersecurity can seem like a tall order. As you build your budget, it can be useful to work on specific cybersecurity challenges, such as: risk assessment, employee training and phishing risk reduction, network and website vulnerability scanning and remediation, and testing.

How much should you budget for cybersecurity?

Typically, the amount companies spend on cybersecurity is a function of their total IT budget: anywhere from 5.6% to 20% in addition to what they spend on IT. For a small business, it can be helpful to simply get started with something in 2020 and increase coverage and investment over time. By starting small with a cybersecurity risk assessment, you’ll be able to judge where you stand and begin addressing high-priority (and low-cost) improvements.

Think an investment in cybersecurity won’t pay off? Think again. A cyberattack to a small business can be expensive: recent studies have found costs to be between $120,000 and $1.24 million. For example, expenses include direct costs:

  • Theft of money and valuable data
  • Repair and remediation
  • Fines and legal fees
  • Cost to notify and compensate affected companies and people

And indirect costs:

  • Downtime and disruption
  • Theft of intellectual property (IP)
  • Reputation, brand, and credibility damage

Considering the potential costs of a cyberattack, any budget you can dedicate towards reducing your risk is money well spent.

Investing in cybersecurity is an important step to help protect your business, but keep in mind that spending more doesn’t necessarily mean better protection, and the old security adage remains true: There’s no guarantee of 100% safety, no matter how much you spend. The best option for a small business is to prioritize cybersecurity as a business function (i.e. put it on the P&L) and seek out the best ways to improve your posture holistically within your budget.

Read the full article on

Stay Safe,

Your Friends @ Defendify

Your cart