Avasant Releases New Benchmarks for IT Security and Cybersecurity Spending

Security and cybersecurity incidents are costly, with losses increasing every year. In light of these growing threats, it is no wonder that organizations in all industries continually rank security as a top priority for new spending. But how much are they spending? To answer this question, we have now released our new report, IT Security, Cybersecurity, and Compliance Spending Benchmarks.

Image of Maria Kingston By Maria Kingston.
Updated Feb 16, 2022

LOS ANGELES (PRWEB) February 16, 2022 - Security and cybersecurity incidents are costly, with losses increasing every year. For example, in 2020, the FBI Internet Crime Report recorded losses in excess of $4B due to internet crime, up from $3.5B in 2019. Although these losses are staggering, they are almost certainly the tip of the iceberg. They only reflect losses that are reported to the FBI, and many victimswhether individuals or businesseschoose not to file complaints or report losses. Moreover, the FBI data does not include certain types of losses, such as ransomware payments.

In addition to direct costs, victims often suffer indirect costs, such as revenue losses due to downtime, reputation or brand damage, and loss of trade secrets or intellectual property. These can easily exceed the level of direct costs. In light of these growing threats, it is no wonder that organizations in all industries continually rank security as a top priority for new spending. But how much are they spending? To answer this question, we have now released our new report, IT Security, Cybersecurity, and Compliance Spending Benchmarks.

As shown in Figure 3 from the full report, small organizations allocate 3.3% of their IT operational spending to the security tower. This metric falls slightly to 2.8% for midsize organizations, and it rises to 4.1% for large organizations. In other words, on average, a large organization with a $100 million IT budget would be spending over $4 million a year on the security tower.

What is the security tower? It includes all IT security, cybersecurity, and security-related compliance spending. It includes security personnel costs (both internal and external personnel), security hardware, security software, and outside security services. It includes both security spending, plus depreciation of security capital investments in the past. It does not include current-year security capital spending.

Small organizations are defined as those with less than $5 million in IT operational spending, while large organizations spend over $20 million, and midsize organizations fall in the middle.

Many business leaders think they should be spending more on security, but dont know how much is enough, said Frank Scavo, president of Computer Economics, a service of Avasant Research, based in Los Angeles. Although the answer should be based on a risk assessment, understanding what others in your industry are spending can give you a benchmark.

Our full report addresses this need by providing benchmarks by industry and organization size for IT security, cybersecurity, and related compliance spending and staffing. Benchmarks are calculated across a number of units, including users, organization revenue, IT operational spending, number network devices number of locations, and number of endpoints. Security staffing metrics are calculated as a percentage of the IT staff and also per user. Industry benchmarks are provided for business services, financial services, critical infrastructure, public sector, healthcare, manufacturing/distribution, and retail.

We also include a breakdown of the composite security spending by major category, including identity and access management, security policy and awareness, cybersecurity and incident response, threat and vulnerability management, data privacy and security, and governance, risk, and compliance (GRC). We conclude with guidelines for benchmarking your IT security, cybersecurity, and compliance spending.

This Research Byte is a brief overview of our report on this subject, IT Security, Cybersecurity, and Compliance Spending Benchmarks. The full report is available at no charge for subscribers, or it may be purchased by non-clients directly from our website.

Download FREE eBook

Sign up and receive a FREE eBook.
"A step-by-step guide to help you transition from the employee culture to that of the entrepreneurial world."

Have a Question?

Call us now if you have a question
Call us anytime using the toll free number below.

WE ARE HERE
FOR YOU!

3.12.154.133