⚠ Unsupported Browser ⚠

This site may not work properly in this browser

How to Set Cybersecurity Budget that Gives Impacts

How to Set Cybersecurity Budget that Gives Impacts

Blog 12 Dec 2022
In the last decade, the digital industry has grown exponentially with technology that makes us easier to communicate, do transactions, and update information in real-time. Those benefits also come with some threats that might harm the companies. Also, the world is now facing emerging energy, food, and inflation crises, so it's no wonder data security will be even more vulnerable. Of course, the cost of securing this data is increasing every time.

Global Cybersecurity Spending  

With these conditions, companies worldwide must increase their cyber security, especially for products or services that use digital approaches. Therefore global cyber security spending has been growing at an average of 15 per cent in the last few years, and the annual spending is projected to reach nearly $460 billion by 2025.  

Those spending increases are caused by an increasing cyber-attack such as data breaches, scams, extortion, and identity theft on global companies. The attacks increased by 7% from 2020 to 2021, and the corrective cost went up from $4.2 billion to $6.9 billion. 

Cybersecurity Budget in US, India, and Singapore  

Thus, the government of the United States proposed a 10.89 billion U.S. dollar budget for cyber security for 2023 to prevent and decrease cyber attacks. According to Gartner Inc, India's security and risk management is forecast to total $2.6 billion in 2022, an increase of 9.4% from 2021. And in 2020, Singapore is budgeting SG$1bn (US$719m) to develop and strengthen its cyber security system. They are also budgeting SG$50m (US$37.2m) for artificial intelligence research that strengthens their cyber security system.  

Percentage of Cybersecurity Budget compared to IT Budget  

Historically, firms in the financial industry (banking, investment, insurance, etc.) have spent the most money on cybersecurity. In 2020, financial services organizations spent 10.9% of their IT budgets (or 0.48% of their organizations' revenue) on cybersecurity, up from 10.1% in 2019. Within the overall category of financial businesses, the insurance industry spent the most (11.9% of their IT spend), followed closely by consumer/financial services (10.5%), retail/corporate banking (9.4%), financial utility services (8.2%), and service providers (7.2%). 

How to set Cybersecurity Budget 

Somehow when we faced the cyber security issue, we confused by many aspects such as infrastructure, software security, network, etc. Somehow when we faced the cyber security issue, we confused by many aspects such as infrastructure, software security, network, etc.  There is some approaches that we can apply to set : 

  • Reactive vs Proactive Approach. The more advanced cyber security, the more developed the way hackers can penetrate it.  So most corporate networks and systems can and will be hacked at some point. Reactive approaches is the action to the breach or accident, discovering, assessing damage. This approach maybe work for some, but case sensitive company maybe not risking their data like this. So, better use proactive approach, maybe more expensive, but more secure. Proactive approach is preparing cyber security team to research any possible threat coming, possible data breaches, and any   possible attacks to the network. 

  • Benchmark Approach. Sometimes is difficult to determine how to take prevention, detection and response to cyber attack. You could consider benchmarked approach to plan your cyber security budgets and investments. Benchmark approach is compare to other cyber security plan, a framework, and data of interviewed organizations. If you can observe the best practices of other security practices, you can quantify its results and set the cyber security standard, budget and plan. 

  • Risk-Based Approach. Risk based approach is often considered a budgeting method for mature security organizations, because this method is result of research in each aspects of networks and systems to mitigate cyber risks. This method categorizing the security lifecycle areas by varying degrees of risk. 

How to Ask for Cybersecurity Budget 

These days, no systems or networks is one hundred percent safe enough from cyber attack. 

It is more about a "when" not an "if" your networks facing cyber attack. So your organizations need to set cyber security plan and budgets, but how to ask this to your non technical leaders? 

The CISO's often presenting cybersecurity as investment without clarify the return of investment. Without clear return of investment, the non technical leader are more likely to underestimate the cost of cyber security because they lack data on how cybersecurity help them to secure their business in the long term. 

When asking to budget increase, you have to emphasize all the tangible and intangible benefits that come with the enhancement. When you presenting a plan to increase or ask new budget, present it with clear metrics from the get-go, for example you presenting organization risk score for your array of IoT devices. Using this score as reference, you can track risk reduction over time. 

SentryPage is a digital tool that works as part of corrective cyberseacurity measures. There is a free 1,000 credits for newest subscription.