48AF3A60-914C-4C95-B1E0-3397FF00C1E9 Created with sketchtool.
Calculator
All regions, All industries, 4 999 employees
7E919FA3-84AA-4530-B42D-91BADB226992 Created with sketchtool.
  • All
  • APAC
  • China
  • Europe
  • Japan
  • LATAM
  • META
  • North America
  • Russia
7E919FA3-84AA-4530-B42D-91BADB226992 Created with sketchtool.
  • All
  • Financial Services
  • Government
  • Industrial/Manufacturing
  • IT & Telecoms
  • Retail & Wholesale
$
Calculate
Calculate your company's security profile

This is the ultimate guide to the cost of IT security. Select the details that match your company to see the average budgets your industry peers spend on IT security (by region, industry, size), what security measures they take, the major threat vectors they encounter, how much money they lose as a result, and what you can do to avoid being compromised. The Calculator has been created as an adjustable tool. The data presented can be updated and/or added to over time based on insights from customers and Kaspersky.

IT security budget in 2021

Data provided by 804 respondents*
All regions, All industries, 4 999 employees
IT Security budget makes up 25% of the total IT spend
View analytics for previous years
average
$ 4 746 223
average
$ 4 746 223
max
$ 67 500 000
2021
2024
Expected change to IT security budget in three years
+ 11 %
year
2021
2024
YoY Dynamics
Find out data for my company

Threats experienced in the last 12 months

Data provided by 905 respondents*
All regions, All industries, 4 999 employees
50%
Data breach
43%
IT Security policies violation by employees
42%
Viruses & malware
42%
Inappropriate IT resource use by employees
39%
Physical loss of company owned mobile devices exposing the organization to risk
39%
Malware infection of BYOD devices
38%
Phishing / social engineering attacks on accounts
37%
Targeted attacks
37%
Physical loss of devices or media
36%
Inappropriate sharing of data via mobile devices
35%
DDoS attacks
35%
Cryptomalware/ransomware
34%
Physical loss of BYOD devices
34%
Incidents involving non-computing connected devices
34%
Electronic leakage of data from internal systems
33%
Attacks on local / branch offices of our company
33%
Fileless attacks
32%
Cryptomining attacks
32%
Incidents affecting suppliers that the business shares data with
31%
Supply chain attacks
24%
Incidents affecting virtualized environments
23%
Incidents affecting IT Infrastructure hosted by a third party
18%
Incidents affecting third party cloud services used by the business
16%
Attacks on point-of-sale (POS) systems
8%
Attacks on online banking services
7%
Financial losses due to attacks on ATM
6%
Attacks on core transactional / back office systems
78%
Any cyberthreat
$ 621 583
Average cost of one incident

Security measures in place

Data provided by 671 respondents*
All regions, All industries, 4 999 employees
64%
Endpoint Protection**
85%
Network Securitу
82%
Web Security
74%
Mobile Security
73%
Security for Virtualization
73%
Storage array / network attached storage security software
73%
Cloud Workload Security
70%
Services - Security Assessment
69%
Services - Threat intelligence
68%
Messaging Security
68%
Services - Incident Response
68%
Anti-DDoS Protection
67%
Services - Security Education & Training
66%
Industrial Cybersecurity
65%
Advanced Persistent Threat (APT) Protection
65%
Services - Managed Detection & Response
65%
Security solutions specifically designed for SaaS applications
64%
Container Security
61%
Network Sandboxing
57%
IoT - Transportation Security
56%
SIEM
48%
SOAR
17%
Services - Industrial Cybersecurity Assessment
Recommendations

With more than 20 years' experience of observing malware as it has evolved from hacktivism to advanced threats, we believe that the security platform of the future is not just about prevention. While your security strategy should be built upon the firm foundation of a multi-layered defense solution, it is important to have a holistic approach - detection, response and prediction. Complex threats are detected by a stack of technologies – collecting data from the network and all types of endpoints, and then processing it with sandbox analysis, event correlation, anomaly detection etc. Threat intelligence is crucial for a modern enterprise security strategy. It is very important to gather as much data as you can. That's why Machine Readable Threat Intelligence is essential to enrich your Security Operation Center.

Want to see more statistics?
Fill out this form to download the report “IT Security Economics 2021: Managing the trend of growing IT complexity”
Download report
Need help with IT security?
Fill out this form and Kaspersky experts will get in touch
Contact me

*These statistics are based on results from an online survey of 3,063 business representatives from companies with 50 and up to 4,999 employees around the world, conducted in 2021 by Kaspersky and B2B International. Statistics based on less than 30 respondents should be used with caution, due to this being a low base.

** The methodology for measuring endpoint protection represents the penetration of endpoint protection in businesses meaning the proportion of corporate endpoints (both physical devices and virtual endpoints) that have endpoint security software installed in the average organization of this vertical and segment

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information

Accept and Close