How Much Should Small Businesses Spend on Security?

When it comes to protecting our businesses, we always make sure the key considerations are made. If we have a physical store, we make sure that the doors are always locked and bolted. We make sure that we have the correct insurance and we always make sure that we have a spare set of keys if we were to lose them. With all these considerations being made for our physical assets why do we not give the same attention to our data assets? Here we find out how much small businesses should spend on security.

What Type Of Data Do You Hold

We all deal with data every minute of every day, whether it is our own or someone else’s. In a business context, we need to make sure that we are managing it appropriately, regardless of whether it is personal, sensitive or intellectual. Data breaches can not only cost you customers, they can also cost you a lot in fines. Especially if you do business in some parts of the USA and Europe. When you measure up the rate of fine against the cost of additional security, it really isn’t an unreasonable amount, as some can add up to hundreds of thousands of dollars. Regardless of how much or how little data you think you hold; it will always be worth spending additional money towards trusted programs.


We all use the internet, pretty much every day of our lives and nowadays operating a business is no different. One of the easiest point of hacks for cyber criminals is straight in through our network, which is why you should invest in additional security. It isn’t just internet security you need to invest in. You will also need to invest in your staff. A lot of hacks happen due to staff not understanding the procedure and bypassing security instructions that have already been put in place. When you are thinking about additional security, also factor in staff training into your budget.


Not all our basic email accounts are safe, especially not ones that are free at the point of use. You want to make sure that your emails are encrypted end to end. Not only does this make sure that no one can read your emails if they were to intercept them, it also means that you can be comfortable with sending over sensitive data to other partners.

So How Much Should A Business Spend?

When it comes to securing your business in this online world, the more you spend the more secure you will be. Don’t get me wrong, there are some things that aren’t worth the money and if you don’t have the budget for a consultant, don’t worry. Most of the changes are those that you can do yourself, such as changing the name of your router so hackers can’t figure out the make. Changing over your passwords to three totally random words also doesn’t cost money. However, there are some things that will cost. Staff training especially if you outsource, will cost money but the payoff is worth it. Well trained staff reduce the risk of data breaches and can close the door on potential hacks. Other items that also cost money and will need to be allocated for are virtual private networks or VPN’s. This will keep your network safe and free from any attack or hack. It can be difficult to assess how much to spend on security for your business, but a good rule of thumb to by is whatever your annual spend on IT equipment is, spend 25% of it on security. We appreciate that this may seem like a lot, especially if you are a small business with only a thousand dollars a year, allocating 25% of this may not seem doable. But you will need to measure up the spend against the potential damage that a breech or a hack could cost you. How would your customers feel if they found out all of their personal details had been stolen in an event that was perfectly preventable with a little extra security consideration.

Final Thoughts

When it comes to security for small businesses, many people only consider the bricks and mortar aspect of security. In reality, you should be protecting all of your online and networked assets as small businesses are an easy target for hackers. The best rule of thumb to go by is whatever your annual spend on IT is, spend 25% of it on your internet security. It may seem like a lot, especially if your IT budget is very small, but the fines that you can be issued with are a lot larger in the event of a data breech or a hack. So even if it feels like a big outlay, it is better to be safe than sorry.   

Back to top button