There are two reasons you’ve come to this blog. First, you may be curious about cyber security and how to protect your company from cyber threats. Or second, you’ve previously fallen victim to ransomware and are looking to protect your company from future cyber attacks. Either way, you need answers to the following questions “How much does cybersecurity cost, and what’s included?”.
This blog breaks down cyber security expectations and the costs and fees associated with data security. As Managed IT and Cybersecurity experts, we’ll also give you insight into industry best practices and security standards.
Which products and services make up cyber security?
If you take away one thing from this blog, it's to understand there’s no one-size-fits-all solution to cyber security.
Cyber security needs a layered approach that’s custom-tailored to the budget and needs of your business. Unfortunately, not every company will have the budget for the newest products or services, so you need to consider your options carefully.
Investment in cyber security generally falls into two categories: Products and Services.
Cyber security products are the solutions, software, or devices that help safeguard your data. These are products such as:
- Endpoint security and antivirus software
- Spam filtering
- Two factor-authentication
When it comes to products, you’ll also need to consider who will take ownership of managing these tools.
Cyber security services are the professional services that help protect your organisation against cyber threats through implementation, auditing, and planning. These types of services include:
- End-user security awareness training
- Security program development – policy implementation etc.
- Security architecture review
- Monitoring services
- Vulnerability assessment
- Penetration testing
- Compliance auditing
Why is cybersecurity important for business?
Cybercriminals are constantly devising new ways to infiltrate a network via security vulnerabilities and inflict harm. A ransomware attack can severely impact those companies who least expect a cyber-attack and are yet to develop an incident response plan.
According to a data breach report, there have been more security breaches in the last 12 months than in the past 15 years combined, Canalysus Research, 2021.
£100K - £200K is the average ransom request an SMB UK business is likely to face. While it would undoubtedly sting paying the ransom, most companies could afford to take the hit. However, paying the ransom doesn’t fix your issues overnight. It can be a lengthy process, and there’s a 40 – 50% chance that you won’t get your data back.
You'll need to consider the cost of downtime through lost productivity and revenue. And also the impact on reputation, GDPR fines (4% of annual turnover), financial penalties, and legal and PR fees.
Now more than ever, business leaders are concerned about:
- Securing your organisation and its network to keep up with emerging threats or compliance requirements.
- Accounting for third-party cyber vulnerability risk assessment during mergers and acquisitions.
- Keeping client and business information secured to avoid a damaged reputation after a successful cyber attack on your business.
What factors determine cyber security costs?
While keeping sensitive client and business data is a top priority for most companies, cost often determines the decision outcome. Unfortunately, when it comes to setting your cybersecurity budget, you can't find the answers you need by simply, “how expensive is cyber security?” the cost depends on many things.
Cost factors for cyber security include:
- Company size: The more employees you have, the more opportunities for a cyberattack. Not to mention, more employees means more opportunities for successful phishing attacks and business email compromises. As a result, larger organisations require more cyber security spending than smaller businesses.
- Type of data: Businesses that collect more sensitive data need additional security layers to comply with compliance regulations.
- For example: If you’re a medical provider, your data needs to be secured under the Health Insurance Portability and Accountability Act (HIPAA).
- Businesses in commerce or professional services that store credit card information must ensure they’re Payment Card Industry Data Security Standard.
- Products & Services: The more products and services, the higher the cost. Businesses that choose cyber security products and services should expect to pay more than if they select products.
- Self-Install vs Professional Install: You can buy security products to set up yourself or get a professional to help install the product. Additional setup fees will apply.
- Security Audits: Organisations can periodically conduct third-party audits to ensure they are updated with the latest security and compliance standards.
The cost of cybersecurity products & software
A solid cyber security framework includes software and physical products that will help strengthen your network against attacks. As Managed Cybersecurity providers with many years of experience behind us, we understand the threat landscape and the solutions needed to help protect your business.
A firewall protects your network by filtering traffic and acting as a guard between your internal network and the rest of the world. Without a Firewall, your business systems could be left wide open and vulnerable to attack. It also serves as another protective layer to block malicious software.
Firewalls come with an admin console that allows the administrator to be notified of any threats. You can also configure the network if additional workstations or devices are required. To access the console, you’ll need a monthly subscription from the vendor.
Depending on your needs and the size of the network, the average monthly fee ranges from £40 to £500 per month. Of course, you’ll also have to account for the hardware cost.
When installing your firewall hardware, we recommend investing in a security professional to do the job. This way, you can ensure it’s set up correctly.
Endpoint security and antivirus software
Endpoint security and antivirus software are essential for a solid cyber security foundation. However, while both security solutions offer threat detection and protection, Endpoint Detection and Response (EDR) is a more professional security solution.
Antivirus manages basic threats and monitors activity from possible malicious web pages, software, files, and applications. While antivirus is better than nothing, these programs don’t usually catch advanced threats, such as ransomware. They are also unlikely to alert you of an attack.
Businesses should pay between £0 - £20 per user per month for basic antivirus.
Endpoint detection and response (EDR)
Endpoint Detection and Response (EDR) antivirus software offer an advanced protection layer. It combines real-time monitoring and data collection with automated rules for response and analysis. These solutions allow immediate detection and remediation, making them great for businesses that want to minimise downtime.
EDR allows you to manage the business network and connected devices remotely from one central location. Giving you better visibility and control over your business network – this is great if you have remote workers. However, some detections may require further action by the network administrator to remove them entirely. Time is money when it comes to malware; the deeper it creeps into the network, the more expensive things get!
Businesses can assume an average cost range of £5 - £10 per user per month, depending on the level of sophistication.
One of the most common ways malware enters a network is through email scams known as Phishing. 85% of businesses believe their organisation’s web or email spoofing volume will remain the same or increase in the coming year.
Email protection solutions are where a third party filters the emails before they are received. These services specialise in email protection and are updated to catch even the most advanced email compromise attempts.
Most businesses will pay between £0 - £2 per user per month for a quality email protection service.
Two-factor authentication, also known as multi-factor authentication, is a smart way to protect your network, accounts, and logins. Two-factor authentication (2FA) is a security procedure that needs two credentials, such as a password and a code, for you to be logged in.
Two-factor authentication software can be implemented in a variety of ways. For example, free authentication apps like Google Authenticator can easily be set up and accessed via your phone. This is a good solution for individuals and small businesses and might even be included with your current email provider.
Paid two-factor authentication platforms, like Microsoft Authenticator, are a good investment for businesses wanting advanced features such as:
- Blocking anonymous networks
- Employee monitoring and admin portals
- Enforcing device trust policies
The cost for two-factor authentication can be £0 – £5 per user per month for your business.
Costs of professional cyber security services
Several factors determine the hours and cost of data protection from a cyber security company. First, you need to understand what you are paying for.
Cyber security audit (Vulnerability assessment)
A cybersecurity audit is designed to be a risk assessment review and analysis of your business’s IT systems. A security engineer can pinpoint weaknesses and gaps in your infrastructure. They'll also test if the cybersecurity safeguards are up to scratch. As cyber threats continue to evolve, there’s a lot of value in periodic vulnerability assessments.
Expected cost for a good vulnerability assessment: £1,500.
Most business leaders don’t have time to think about or are uninterested in the efforts it takes to protect an organisation. Outsourcing your cyber security with threat monitoring services helps you stay focused on growing your business. You can rest assured that a security professional keeps you cyber secure. Plus, they'll have the most up-to-date information and best practices.
Threat monitoring is often a recurring fee.
Security awareness training
Traditionally IT security relies on investment in technology: antivirus, updates, and multi-factor authentication to prevent avoidable mistakes. However, Cyber Criminals know that many IT users are not security-aware and target them as the weakest link. Training such as simulated Phishing campaigns can teach your employees to recognise and report phishing attempts. Therefore reducing the risk of your business becoming compromised.
Security Awareness Training fills this gap:
- Promote a company-wide security culture.
- Raise awareness of common social engineer, fraud, and other suspicious requests.
- Realistic phishing email campaigns redirect staff that click links or enter details to relevant training. Expect the number of ‘fails’ to fall from 30% - 60% to 5%-10% within a year.
The cost of Phishing campaign training depends on the size of your company. However, for a business of 30 employees, it averages at £1000 per year.
Backup and Disaster Recovery planning
No one can predict the future; unplanned outages, weather events, and cyber-attacks are inevitable and unplannable. It’s for these reasons an effective backup and disaster recovery (BDR) plan will become your most important line of defence.
To help keep data secure, backup disaster recovery needs to be performed quickly to minimise downtime; therefore, you need a robust BDR plan.
BDR is a combination of data backup and disaster recovery solutions that work together to ensure a company’s business continuity. With many components to consider when designing a recovery plan, we recommend seeking help from an expert. The cost of which depends on your current company setup and needs.
What should you expect from a cyber security services company?
With cyber-attacks at an all-time high, now is the time to increase your security defences to help combat new threats.
Investing in each service or solution individually is costly and time-consuming to manage. Instead, you may benefit from outsourcing your security to a cybersecurity partner for a fixed monthly fee. Not only will they manage your security tools and solutions for you, but they'll run regular audits on your business to make sure you're aligned to compliance needs and industry best practices.
Netitude can help you identify security solutions and best practices to meet your budget and business needs. We can cover your every need with a range of managed IT services and cybersecurity services.
Want to learn more about cyber security for your business? Request a call from one of our experts.