Are you overspending or underspending on cybersecurity?

July 23, 2021 - Research v113

Cyber-attacks cost organizations millions of dollars from disrupting operations, replacing devices, damaging reputation, and paying ransom charges and regulatory fines. To mitigate the risk of security breaches, organizations employ IT personnel and purchase cybersecurity software. Instead of cybersecurity budgets adjusting based on fear or perceived threats, organizations should treat cybersecurity as an insurance market weighing the risks and determining the value-added of security. Nucleus determined that an organization worth $20 million with an average loss of $2 million from a cyber-attack should spend no more than $1,013,167 if there is a 50 percent chance of an attack. If there is a 20 percent chance or 10 percent chance, then the organization should spend no more than $408,427 and $204,740, respectively.