Budget planning: determining your security spend
It’s a common question: “How much should I spend on cybersecurity?” Looking at your peers, analyst guidance, and postings on random security companies’ websites, it’s a difficult question. And there’s not a one-size-fits-all answer.
It may seem counterintuitive, but how much you spend on security is really a trailing indicator of how your company views security. In corporate life, we’re asked to set a budget long before we’ll actually spend the money. So, we talk to our staff, we talk to company leadership and we attend conferences to figure out what we should be doing about cybersecurity and cyber risk management in our organization. Then we put together a budget, which gets kicked around for a while before it’s eventually approved. A few months later we, start finally spending those budget dollars. But by that time we’re really implementing our vision of security as it was 6 or even 12 months ago.
What bucket are you in?
What your vision is depends a lot on how your company views cybersecurity. I’ve found most organizations fall into one of five buckets…