This article was updated on July 2, 2018.
Deciding to invest in data security isn't always a high priority among small and midsize businesses. This happens even though — just as with large companies — the information needed to operate and maintain smaller businesses can be both highly sensitive and essential to continued growth.
Determining how much money to invest in data security starts with a realistic appraisal of the cyber threats all businesses face. Small businesses with fewer than 50 employees may assume they're less vulnerable because hackers only target the big guys. Sadly, in many cases, the opposite is true. A cyber thief may regard these businesses as tempting targets precisely because they frequently lack essential data safeguards. The responsibility of protecting an organization from these threats can't be overlooked.
Know the Numbers
According to the cybersecurity firm Kapersky Lab, small businesses can spend an average of $38,000 of direct costs to recover from a security attack, along with indirect costs of $8,000. For a small business, such figures can be catastrophic.
How do you go about determining the right budget for data security? Perhaps the best place to start is to carefully evaluate your current data security infrastructure. When was the last time an IT service or professional thoroughly audited your IT system?
An objective evaluation will establish a baseline, or gap analysis, which you'll need in order to plan your information security strategy. How well-protected is the hardware and software you currently use? It's also important to assess the types of data that need protection — financial, operational, customer, personal — as well as your tolerance for risk.
If you've already instituted a basic data security program, the costs for regular upgrades won't necessarily be significant. Most expenses will likely go to maintenance and ongoing employee training. Starting from scratch will generally require a more substantial investment up-front. Be sure to do due diligence and compare prices.
Improving Cybersecurity on a Tight Budget
Your business can usually take several steps to enhance security without spending more money than you can afford. Internal security awareness is essential, because "even a single short conversation can help employees understand that they are targets," says cybersecurity expert Joseph Steinberg in an Inc. article. "People who believe that criminals want to breach [company data] act differently than people who don't understand this reality."
Seek out popular and less costly software security packages, including antivirus and anti-malware products and application firewalls, while always verifying their proven reliability. Ensure your BYOD policy is buttoned up. Also, hiring an IT security professional to set up your system can be well worth your investment, Steinberg notes, paying "for itself many times over in terms of time, money, and aggravation down the road."
While smaller businesses face a serious challenge when budgeting for data security, the security need is no less critical than for businesses many sizes larger.