How much does cyber security cost?

Daniel Strain 11-May-2022 17:15:41
Person holding a piece of paper and pen, whilst pressing buttons on a calculator.

There are two reasons you’ve come to this blog. First, you may be curious about cyber security and how to protect your company from cyber threats. Or second, you’ve previously fallen victim to ransomware and are looking to protect your company from future cyber attacks. Either way, you need answers to the following questions “How much does cyber security cost, and what’s included?”.

This blog breaks down cyber security expectations and the average cost of cyber security services associated with data security. As Managed IT and Cyber security experts, we’ll also give you insight into industry best practices and security standards.

Which products and services make up cyber security?

If you take away one thing from this blog, it's to understand there’s no one-size-fits-all solution to cyber security.

Cyber security needs a layered approach that’s custom-tailored to the budget and needs of your business. Unfortunately, not every company will have the budget for the newest products or services, so you need to consider your options carefully.

Investment in cyber security generally falls into two categories: Products and Services.

Cyber security products are the solutions, software, or devices that help safeguard your data. These are products such as:

  • Firewalls
  • Endpoint security and antivirus software
  • Spam filtering
  • Two factor-authentication

When it comes to products, you’ll also need to consider who will take ownership of managing these tools.

Cyber security services are the professional services that help protect your organisation against cyber threats through implementation, auditing, and planning. These types of services include:

  • End-user security awareness training
  • Security program development – policy implementation etc.
  • Security architecture review
  • Monitoring services
  • Vulnerability assessment
  • Penetration testing
  • Compliance auditing

Why is cyber security important for business?

Cyber criminals are constantly devising new ways to infiltrate a network via security vulnerabilities and inflict harm. A ransomware attack can severely impact those companies who least expect a cyber attack and are yet to develop an incident response plan.

According to a data breach report, there have been more security breaches in the last 12 months than in the past 15 years combined, Canalysus Research, 2021.

£100K - £200K is the average ransom request an SMB UK business is likely to face. While it would undoubtedly sting paying the ransom, most companies could afford to take the hit. However, paying the ransom doesn’t fix your issues overnight. It can be a lengthy process, and there’s a 40 – 50% chance that you won’t get your data back.

You'll need to consider the cost of downtime through lost productivity and revenue. And also the impact on reputation, GDPR fines (4% of annual turnover), financial penalties, and legal and PR fees.

How much would downtime cost your business? Download our downtime calculator to  find out.

Now more than ever, business leaders are concerned about:

  • Securing your organisation and its network to keep up with emerging threats or compliance requirements.
  • Accounting for third-party cyber vulnerability risk assessment during mergers and acquisitions.
  • Keeping client and business information secured to avoid a damaged reputation after a successful cyber attack on your business.

What factors determine cyber security costs?

While keeping sensitive client and business data is a top priority for most companies, cost often determines the decision outcome. Unfortunately, when it comes to setting your cyber security budget, you can't find the answers you need by simply asking “How much does cyber security cost?”. The actual price depends on many things.

Cyber security cost factors include:

  • Company size: The more employees you have, the more opportunities for a cyber attack. Not to mention, more employees means more opportunities for successful phishing attacks and business email compromises. As a result, the cyber security cost for larger organisations will be higher than for smaller businesses.
  • Type of data: Businesses that collect more sensitive data need additional security layers to comply with compliance regulations.
    For example: If you’re a medical provider, your data needs to be secured under the Health Insurance Portability and Accountability Act (HIPAA). Businesses in commerce or professional services that store credit card information must ensure their Payment Card Industry Data Security Standard.
  • Products & Services: The more products and services, the higher the cyber security cost. Businesses that choose not only products, but services as well, should expect to pay more than if they’d select products only.
  • Self-Install vs Professional Install: You can buy security products to set up yourself or get a professional to help install the product. Additional setup fees will apply if you opt for the latter.
  • Security Audits: You can periodically conduct third-party audits to ensure you are updated with the latest security and compliance standards. This will factor into your cyber security cost.

Cyber security costs for products & software

A solid cyber security framework includes software and physical products that will help strengthen your network against attacks. As Managed Cyber Security providers with many years of experience behind us, we understand the threat landscape and the solutions needed to help protect your business. In the following, we’ll cover the average cost of cyber security services for various products.


A firewall protects your network by filtering traffic and acting as a guard between your internal network and the rest of the world. Without a Firewall, your business systems could be left wide open and vulnerable to attack. It also serves as another protective layer to block malicious software.

Firewalls come with an admin console that allows the administrator to be notified of any threats. You can also configure the network if additional workstations or devices are required. To access the console, you’ll need a monthly subscription from the vendor.

Depending on your needs and the size of the network, the average monthly fee ranges from £40 to £500 per month. Of course, you’ll also have to account for the hardware cost.

When installing your firewall hardware, we recommend investing in a security professional to do the job. This way, you can ensure it’s set up correctly.

Endpoint security and antivirus software

Endpoint security and antivirus software are essential for a solid cyber security foundation. However, while both security solutions offer threat detection and protection, Endpoint Detection and Response (EDR) is a more professional security solution.

Antivirus software

Antivirus manages basic threats and monitors activity from possible malicious web pages, software, files, and applications. While antivirus is better than nothing, these programs don’t usually catch advanced threats, such as ransomware. They are also unlikely to alert you of an attack.

Businesses should pay between £0 - £20 per user per month for basic antivirus.

Endpoint detection and response (EDR)

Endpoint Detection and Response (EDR) antivirus software offer an advanced protection layer. It combines real-time monitoring and data collection with automated rules for response and analysis. These solutions allow immediate detection and remediation, making them great for businesses that want to minimise downtime.

EDR allows you to manage the business network and connected devices remotely from one central location. Giving you better visibility and control over your business network – this is great if you have remote workers. However, some detections may require further action by the network administrator to remove them entirely. Time is money when it comes to malware; the deeper it creeps into the network, the more expensive things get!

Businesses can assume an average cost range of £5 - £10 per user per month, depending on the level of sophistication.

Email protection

One of the most common ways malware enters a network is through email scams known as Phishing. 85% of businesses believe their organisation’s web or email spoofing volume will remain the same or increase in the coming year.

Email protection solutions are where a third party filters the emails before they are received. These services specialise in email protection and are updated to catch even the most advanced email compromise attempts.

Most businesses will pay between £0 - £2 per user per month for a quality email protection service.

Two-factor authentication

Two-factor authentication, also known as multi-factor authentication, is a smart way to protect your network, accounts, and logins. Two-factor authentication (2FA) is a security procedure that needs two credentials, such as a password and a code, for you to be logged in.

Two-factor authentication software can be implemented in a variety of ways. For example, free authentication apps like Google Authenticator can easily be set up and accessed via your phone. This is a good solution for individuals and small businesses and might even be included with your current email provider.

Paid two-factor authentication platforms, like Microsoft Authenticator, are a good investment for businesses wanting advanced features such as:

  • Blocking anonymous networks
  • Employee monitoring and admin portals
  • Enforcing device trust policies

The cost for two-factor authentication can be £0 – £5 per user per month for your business.

Costs of professional cyber security services

Several factors determine the hours and cost of data protection from a cyber security company. First, you need to understand what you are paying for.

Cyber security audit (Vulnerability assessment)

A cyber security audit is designed to be a risk assessment review and analysis of your business’s IT systems. A security engineer can pinpoint weaknesses and gaps in your infrastructure. They'll also test if the cyber security safeguards are up to scratch. As cyber threats continue to evolve, there’s a lot of value in periodic vulnerability assessments.

Expected cyber security cost for a good vulnerability assessment: £1,500.

Threat monitoring

Most business leaders don’t have time to think about or are uninterested in the efforts it takes to protect an organisation. Outsourcing your cyber security with threat monitoring services helps you stay focused on growing your business. You can rest assured that a security professional keeps you cyber secure. Plus, they'll have the most up-to-date information and best practices.

Threat monitoring is often a recurring fee.

Security awareness training

Traditionally IT security relies on investment in technology: antivirus, updates, and multi-factor authentication to prevent avoidable mistakes. However, cyber criminals know that many IT users are not security-aware and target them as the weakest link. Training such as simulated Phishing campaigns can teach your employees to recognise and report phishing attempts. Therefore reducing the risk of your business becoming compromised.

Security Awareness Training fills this gap:

  • Promote a company-wide security culture.
  • Raise awareness of common social engineer, fraud, and other suspicious requests.
  • Realistic phishing email campaigns redirect staff that click links or enter details to relevant training. Expect the number of ‘fails’ to fall from 30% - 60% to 5%-10% within a year.

The cost of Phishing campaign training depends on the size of your company. However, for a business of 30 employees, the cyber security cost averages at £1000 per year.

Backup and Disaster Recovery planning

No one can predict the future; unplanned outages, weather events, and cyber attacks are inevitable and unplannable. It’s for these reasons an effective backup and disaster recovery (BDR) plan will become your most important line of defence.

To help keep data secure, backup disaster recovery needs to be performed quickly to minimise downtime; therefore, you need a robust BDR plan.

BDR is a combination of data backup and disaster recovery solutions that work together to ensure a company’s business continuity. With many components to consider when designing a recovery plan, we recommend seeking help from an expert. The cyber security cost of which depends on your current company setup and needs.

What should you expect from a cyber security services company?

With cyber attacks at an all-time high, now is the time to increase your security defences to help combat new threats.

Investing in each service or solution individually drives up your cyber security cost and is extremely time-consuming to manage. Instead, you may benefit from outsourcing your security to a cyber security partner for a fixed monthly fee. Not only will they manage your security tools and solutions for you, but they'll run regular audits on your business to make sure you're aligned to compliance needs and industry best practices.

Netitude can help you identify security solutions and best practices to meet your budget and business needs. We can cover your every need with a range of managed IT services and cyber security services.

Want to learn more about cyber security for your business? Request a call from one of our experts.