Why You Need to Fund New Cybersecurity Protections in Your 2025 IT Budget
It is time to start preparing business budgets for 2025! As you begin the IT budgeting process, it’s important to look at current trends regarding cybersecurity to ensure you protect your business from cyberattacks and data breaches.
The global annual cost of cybercrime is predicted to reach $9.22 trillion by the end of 2024 and is estimated to increase to $10.29 trillion by 2025, according to a worldwide study by Statista.
At Leapfrog, we anticipated this growth, driven by the surge in remote work and the rapid adoption of cutting-edge technologies like AI. These trends have also heightened the vulnerability of networks and data.
We had a conversation with our own Chief Security Officer, Bryant Tow, to discuss the importance of funding cybersecurity protections into next year’s budget. Bryant has more than 25 years of experience leading teams focused on technology, cyber risk management, and physical risk management.
Q: What stands out the most in the past year in terms of common cybersecurity threats that companies should be addressing urgently?
A: This past year we have witnessed some of the most devastating cyberattacks in history, affecting millions of users, customers, and organizations. Companies should be most worried about sophisticated ransomware, increases in phishing schemes, supply chain attacks, business email compromises, and ineffective cloud security measures.
That sounds like a lot.
Q: Do you have any suggestions on what companies can do to minimize these top concerns?
A: Companies need to practice what we refer to as good cyber hygiene by deleting old data, unused programs, and outdated systems, as well as tossing out old equipment. They should also invest in employee training to help staff identify phishing and other security threats. We strongly recommend outsourcing your cloud security to a reputable provider, such as Leapfrog, to ensure the most effective measures are being taken to protect you from a cyberattack.
Q: What would you consider the top must-haves that companies should include in their budget priorities?
A: I highly recommend companies perform regular security assessments to identify the vulnerabilities, risks, and gaps in their IT infrastructure and data protection policies. At a minimum, I recommend all businesses budget for:
- Security awareness and training program for all employees, contractors, and third-party vendors
- A secure cloud-based solution to ensure data stored is encrypted, compliant, and accessible
- A proactive threat detection and response system
- An incident response plan with a reliable backup and recovery system
- A cyber governance program to establish and enforce policies, standards, and guidelines
- Updated systems and legacy platforms
Q: Is there an estimated percentage of an IT budget that should be dedicated to cybersecurity?
A: There is no definitive answer to this question. It depends on various factors such as size, industry, and the risk profile of the organization. Applicable regulatory and compliance requirements also need to be factored in. The percentage should rely more on the specific needs and goals of the organization.
For example, within our client base, a client that recently migrated to an all-cloud infrastructure with the minimum amount of security controls has just under 19% of its IT budget dedicated to cybersecurity. Another client that is doing all of the security controls is spending 29% of the IT operations budget on cybersecurity.
Q: What is the best process for CIOs to get buy-in from decision-makers to overcome the obstacles and meet the top priorities?
A: It’s crucial to engage various stakeholders within the organization as failing to address key risks that may derail an entire strategic plan. Their input ensures alignment with company priorities, risk management, and financial standing. Effective cybersecurity depends on a well-allocated budget that spans infrastructure, personnel, training, tools and, often, third-party services.
Q: What is your biggest insider tip on how to be the most effective at ensuring cybersecurity gets an appropriate slice of the IT budget pie?
A: Educate your audience of stakeholders.
61% of SMBs were hit with a cybersecurity attack last year, with damages ranging from $826 – $653,587 – according to a study by BlackFog.
Not only do cybersecurity incidents cost companies money and lost revenues if the business is forced to shut down temporarily, but there are other values for money to present, such as reputational risks on the brand. There is no monetary value for protecting your company’s reputation.
Thank you, Bryant, for these great insights!
At Leapfrog, we’ve developed our CyberRisk℠ Ring of Security, which illustrates how a company needs to include its people, processes, and facilities in its risk management strategy to maximize its cyber risk protection.
With 25 years of MSP, MSSP, and cyber risk management experience, Leapfrog is an industry leader in providing IT that works seamlessly and cybersecurity services that manage any risk. Contact us today to get started.
Download a PDF of this article.