Cyber Security Budgeting for Small Businesses
A recent study conducted by Cisco, a multinational technology firm, found that small businesses were particularly vulnerable to cyber attacks—with 60 per cent of the surveyed Canadian companies stating that they did not have cyber security strategies in place. This fact becomes increasingly alarming when you consider that, according to some experts, cyber criminals actively target small- to medium-sized businesses.
With this in mind, it’s particularly important for small businesses to plan their cyber security budgets accordingly if they want to mitigate their risk. As a good rule of thumb, approximately 15 per cent of IT budgets should go towards cyber security.
Budgets should be made following an in-depth risk assessment and typically include the following considerations:
Preparation: When planning a cyber-security budget, consider including items for training, technology upgrades and vulnerability assessments. Having policies and procedures in place related to cyber attacks could also help you respond quickly in the event that a hacker accesses any sensitive information. In addition, implementing a security-awareness program is a good option for most employers, and consulting firms can provide assistance for those having difficulty setting up preventative measures.
Detection: Having the proper detection tools in place could make all the difference, should a cyber attack occur. In your budget, ensure that funds have been allocated for penetration testing, which will verify that any protective software you have in place is effective.
Response: Following a cyber attack, there are a number of response items to consider. In response to a cyber attack, businesses will often need to cover the cost of public relations assistance, attorney fees and forensic specialist services. When properly implemented and planned for, these items can help businesses salvage their reputations and prepare for future attacks.
In addition to budget planning, there are a number of other steps businesses can take to limit the impact of cyber attacks. For example, identifying any trends in terms of what other companies are spending on cyber security will at least provide you with a good budget standard that you can compare your own pricing to. In many cases, cyber liability insurance can protect businesses from some of the above costs, in addition to any losses sustained as a result of a cyber attack. The amount of coverage you need is usually dependent on your overall risk.
© Zywave, Inc. All rights reserved.