Connect with us

Hi, what are you looking for?


The Cost of Having a Cyber Security Plan vs. The Cost of Inadequate Security for Business

Defense Secretary Leon Panetta recently made some provocative statements about cybersecurity. He said we were on the verge of a cyber Pearl Harbor. That enemies of the United States are working overtime to take down major electrical grids, transportation systems, and the financial infrastructure. He also mentioned that while the US government is taking a defensive stance, businesses are also under threat and should take decisive action.

There are two scenarios a business might take in response to this very real cybersecurity threat. The first scenario would be to make sure all systems and software are upgraded and the best cybersecurity is put in place to protect the company. The next scenario is to do nothing, keep in place current infrastructure, and hope that the business doesn’t come under attack.

There are many companies that have taken aggressive steps to protect themselves against cyber attacks. When questioned about why they are so “on the ball” with their security, the answer is usually a resounding, because we’ve already been attacked. The monetary costs of being attacked are staggering. They far outweigh the cost of implementing a cyber defense system. Let’s examine the cost of implementing cyber security versus the cost of getting attacked.

Cost of Cyber Attacks

There’s no doubt cybercrime is on the rise. Small businesses are being targeted because they don’t have the necessary security in place to protect themselves. Most of these attacks can be avoided. Verizon started keeping track of attacks in 2004 and they have reported that most of the the attacks were not complex and 97% of them could have been avoided.
According to a recent survey, from the Ponemon institute, the average cost of cybercrime per year was $8.9 million for businesses. The range was $1.4 million to $46 million according to the survey.  It is not large companies that are under the most threat, its small businesses.

Once a company has been attacked it takes an average of 24 days to even realize there has been a problem. The cost to clean up the debris is around $600,000 per incident. In other estimates, like a recent report from FCC, the average cost per incident for a cyber attack was right around $200,000. These costs are very large and could easily put a struggling business in financial peril if a successful attack is perpetrated.

Cost of Cyber Defense

For business owners to protect their company against cyber attacks it costs time and money. Businesses must implement comprehensive cyber security plans to protect their company, employees, and customers. Part of that plan means upgrading computers and networks with the latest antivirus software. It also means having the latest versions of operating systems installed on networks and computers. Employees must be properly trained in cyber security defensive strategies. Consequences for breaking the rules must be enforced on employees.
The cost of implementing a cyber security plan for a business varies depending on the size and type of company. Gauging the actual cost of cyber defense is a difficult task. We do know that spending in the  IT security industry is on the rise. In 2011 US companies spent a total of $76 billion on IT security. The IT security annual spending has been rising dramatically over the last 5 years.

Using a complete security software protection suite for a small business has a price tag of several hundred dollars annually. In addition, it will cost several thousand dollars per year to have the hardware to ensure PC data is backed up on site, or the backup can be outsourced to the cloud at the price tag of several hundred dollars annually. As I mentioned earlier, employees must be trained to implement security strategies to avoid risky behavior. This all costs the company time and resources to implement, but the cost is not as high as weathering an attack.

The facts are clear. It is much cheaper to implement a cyber security strategy than risk being attacked. The cost of losing not only money but also loosing good faith among the public if the leak is exposed are too great to ignore. Unfortunately most small and medium sized businesses are doing just that, ignoring the risks.
83% of small businesses in the US report having no formal cyber security strategy or contingency plan if they are attacked. 70% report not even having outlined internet use policies for employees. These reports are alarming to think about because recent models are showing that small business cyber attacks have doubled in the last year. Trust me when I say that the bad guys are gunning for small businesses everywhere.

Unfortunately, even having a strong security plan in place doesn’t make a business immune from attack. But like Verizon reported, 97% of all attacks could have been thwarted if basic security was in place. Small business should take heed before they have to deal with the inevitable expensive cleanup that comes after an attack.

Written By

About the Author: Rick Delgado is a freelance writer and self-proclaimed nerd who is an expert in technology and software development. He enjoys keeping up with the latest tech innovations and writing about them.

1 Comment

1 Comment

  1. Fred Rodriguez

    January 31, 2013 at 3:23 am

    Any form of crime is always costly to the person or the business for that matter. Sometimes, the magnitude of the crime is not even fully accounted, and only after a while that you will find it the magnitude and extent of the costs of such crimes to your business. I have been in touch with a friend who works in a manufacturing industry of portable security cameras and vehicle barriers, amongst other things. He has told me that for every company that they have worked with, the latter would work out a projected damage to their company should an emergency or threat is posed. They have even brought out that cybercrime could even be worse, with repercussions that could go beyond the immediate period.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You May Also Like


In today’s digital era, where the Internet plays a vital role in our lives, it’s important to put security and privacy first. With the...


Setting up your own start-up company is an exciting venture and a journey that will come with many twists and turns. Don’t forget that...


Tailgating is a smart use of social engineering by intruders to get around traditional security systems. It involves people using rare, natural opportunities to...


Probably you heard about browser hijackers – these are hackers’ software that can change the search engine of the browser and start redirecting it...