News & Insights
Recent Posts
- What You Need to Know About Business Insurance
- Tax Identity Theft: Businesses Are at Risk, Too
- Rethinking Payment Options for Your Business
- Fine-Tune Your Tax Withholding After Filing Your Return
- Cost Segregation Studies Can Reveal Substantial Tax Savings
- Charting the Path Forward: Why Strategic Planning Matters More Than Ever
- The Business Lifecycle Part 2: The Start-Up Stage
- 7 Questions Every Business Owner Should Ask About Their Financial Reporting
Businesses Should Carefully Contemplate Their Cybersecurity Budgets
Is your company spending enough on cybersecurity? Unfortunately, it’s a question every business owner must contemplate carefully these days. The 2025 Security Budget Benchmark Report found that cybersecurity budgets increased by 4% this year, based on survey responses from nearly 600 Chief Information Security Officers collected by IANS Research and Artico Search.
That may sound impressive. But it’s a notable decline from the 8% budget growth in 2024 and the lowest rate in five years, according to the annually conducted report. This trend suggests that many businesses are balancing cybersecurity needs with broader macroeconomic pressures, including constrained hiring and rising operating costs. With cyberattacks on the rise, thoughtful budgeting is essential to mitigate your company’s exposure.
Deciding How Much is Enough
If you’ve never created a cybersecurity budget, you’re not alone. Very small businesses often fold these costs into general technology spending. However, as your company grows, cybersecurity becomes a core part of risk management. A dedicated budget helps ensure you’re allocating enough resources to protect operations; maintain compliance obligations; and preserve the trust of customers, employees and other stakeholders. After deciding to create a cybersecurity budget, you must answer an inevitable question: How much is enough? There’s no single percentage that applies to every business. Generally, spending should align with a company’s reliance on technology and risk exposure. Businesses that depend heavily on digital systems or store confidential information typically require more robust protections than those with simpler environments. Begin by reviewing your current technological infrastructure for factors such as:- How your systems are set up and managed
- What protections are already in place
- Whether past issues (such as phishing attempts or notable downtime) indicate vulnerabilities
Building the Budget
When you have all the pertinent information in hand, identify what you need to do to maintain existing defenses and shore up weaknesses — and calculate how much you need to spend. Most companies have recurring cybersecurity expenses, such as:- Software subscriptions
- System updates
- Data backups
- External monitoring or support