Many businesses are beginning to realise the opportunities that IT can bring, helping them achieve key growth targets. Seeking productivity improvements from the latest technology, IT budgets are typically increasing.

However, cyber security budgeting is where some businesses are falling short.

As criminals increasingly turn to technology to attack businesses, and extort millions of pounds, cyber security must be one of your top business priorities.

What often happens is that the IT budget is allocated annually, with cyber security comprising of merely a percentage of that overall IT budget.

The problem with this approach is that it leads to cyber security becoming an afterthought – plus, it eats into the IT Budget. This means that a single budget ends up trying to support both growth and security objectives and, ultimately, fails to succeed at either.

Ideally, your business should be maintaining a separate cyber security budget.

What’s the difference?

In short, your IT budget should cover the means of achieving growth with new technology. It should also include your day-to-day IT spend on projects and the equipment necessary for your team members to do their job.

On the other hand, your cyber security budget is geared towards shoring up your investments with enhanced cyber security measures and risk management.

Both are incredibly important aspects of your business. It’s a fine balance between investment and insurance.

IT Budget: What Should it Include?

Hardware is an obvious one. Your budget must include computers, servers, printers, laptops, telephone systems, company mobiles, and any other electronic devices that play a role in the daily running of your business.

However, your IT budget covers more than this.

For a start, you’ll have to factor in the recurring software costs for all the programmes your business uses on its devices. Microsoft Office 365 is one example of this. These are typically billed either monthly or annually.

You’ll also need to consider the ongoing operational costs in your IT department. This means calculating the cost of your current staff (including external contractors) and that of recruitment for new talent.

Other costs might include ongoing project expenses. For example, perhaps your business is moving to a cloud-based infrastructure or even implementing a new ERP system. These are complex projects and require planned investment in order to be a success.

And with significant changes comes the potential for confusion, frustration, and potential disaster. This is why change management should always be budgeted for as part of any major change to business infrastructure.

Cyber Security Budget: What Should it Include?

Your budget for cyber security measures must fall outside of your IT budget. This means that your insurance measures against a disaster (such as a cyber attack) remain robust and cannot be watered down.

But what falls into the remit of a cyber security budget?

If your business uses a managed service provider (MSP) then you’ll want to factor this monthly retainer into your cyber security budget. A security-focused MSP is the driving force behind your cyber security activities, so it’s one of the first things you’ll need to budget for.

Your day-to-day cyber security solutions are another aspect of your cyber security budget. Whether it’s endpoint security that protects your devices, network security that ringfences your business network, or email security that safeguards your users from phishing scams – these solutions (amongst others) are your primary defence against cyber crime.

Your business and disaster recovery (BCDR) plan must also form part of your cyber security budget. Even with all the best cyber security solutions in place, it only takes one employee to make a mistake, or one patch missed, and your business could suffer indefinite downtime (see Travelex as a recent example of this). Investment in BCDR is investment in your business’s survival, should the worst happen.Speaking of employee error, end user IT awareness training must be an integral part of your cyber security budget.

Why? Well, if your team isn’t aware of what to look out for, then you’re far more likely to suffer a cyber attack.

Conversely, equipping your team with knowledge, and helping them know their enemy, might just save your business an enormous amount of stress, time, and money in the long term. In fact, IT awareness training decreases the likelihood of a cyber attack by 75%!

At Neuways, we are business technology consultants – this means that we’re able to implement IT in a way that serves your business needs.

Want to speak to an expert? Call us on 01283 753 333 or email