48AF3A60-914C-4C95-B1E0-3397FF00C1E9 Created with sketchtool.
Calculator
All regions, Government, 1 000 employees
7E919FA3-84AA-4530-B42D-91BADB226992 Created with sketchtool.
  • All
  • APAC
  • China
  • Europe
  • Japan
  • LATAM
  • META
  • North America
  • Russia
7E919FA3-84AA-4530-B42D-91BADB226992 Created with sketchtool.
  • All
  • Financial Services
  • Government
  • Industrial/Manufacturing
  • IT & Telecoms
  • Retail & Wholesale
$
Calculate

You are very close to another segment. Would you like to see the results for companies with 250 - 999 employees?

Go
Calculate your company's security profile

This is the ultimate guide to the cost of IT security. Select the details that match your company to see the average budgets your industry peers spend on IT security (by region, industry, size), what security measures they take, the major threat vectors they encounter, how much money they lose as a result, and what you can do to avoid being compromised. The Calculator has been created as an adjustable tool. The data presented can be updated and/or added to over time based on insights from customers and Kaspersky.

IT security budget in 2021

Data provided by 29 respondents*
All regions, Government, 1 000 employees
IT Security budget makes up 21% of the total IT spend
View analytics for previous years
average
$ 3 068 364
average
$ 3 068 364
max
$ 18 750 000
2021
2024
Expected change to IT security budget in three years
+ 10 %
year
2021
2024
YoY Dynamics
Find out data for my company

Threats experienced in the last 12 months

Data provided by 38 respondents*
All regions, Government, 1 000 employees
54%
Data breach
50%
Viruses & malware
50%
Inappropriate IT resource use by employees
47%
IT Security policies violation by employees
43%
Phishing / social engineering attacks on accounts
41%
Inappropriate sharing of data via mobile devices
40%
Targeted attacks
40%
Physical loss of devices or media
39%
Fileless attacks
36%
Physical loss of BYOD devices
36%
Electronic leakage of data from internal systems
35%
Supply chain attacks
34%
Malware infection of BYOD devices
34%
Incidents involving non-computing connected devices
34%
Incidents affecting suppliers that the business shares data with
33%
Attacks on local / branch offices of our company
33%
Cryptomalware/ransomware
33%
DDoS attacks
31%
Cryptomining attacks
31%
Physical loss of company owned mobile devices exposing the organization to risk
27%
Incidents affecting IT Infrastructure hosted by a third party
26%
Incidents affecting virtualized environments
18%
Incidents affecting third party cloud services used by the business
73%
Any cyberthreat
$ 426 348
Average cost of one incident

Security measures in place

Data provided by 25 respondents*
All regions, Government, 1 000 employees
60%
Endpoint Protection**
86%
Network Securitу
71%
Mobile Security
70%
Web Security
67%
Messaging Security
66%
Services - Security Assessment
65%
SIEM
61%
Services - Managed Detection & Response
61%
Container Security
59%
Endpoint detection & response (EDR)
59%
Storage array / network attached storage security software
59%
Industrial Cybersecurity
58%
Services - Threat intelligence
57%
Services - Security Education & Training
56%
Anti-DDoS Protection
53%
Network Sandboxing
50%
Advanced Persistent Threat (APT) Protection
48%
Security for Virtualization
46%
SOAR
45%
IoT - Transportation Security
43%
Fraud Prevention
40%
Services - Incident Response
38%
Cloud Workload Security
37%
Security solutions specifically designed for SaaS applications
Recommendations

Government organizations are a key target for cyber-terrorism and state-sponsored attacks, so we recommend investment in a targeted attack detection and mitigation strategy, including empowering the SOC with the most advanced possible threat intelligence. It’s also important for government bodies to be fully aware of high profile cyber-espionage campaigns through comprehensive, practical reporting from security knowledge providers. Compliance is a big issue for government organizations, so we also recommend using an on-demand version of threat intelligence for isolated networks, where regulation excludes any data transfer outside the IT system's perimeter. To educate employees about the cyberthreats and behaviors that put government bodies at risk, it is highly recommended that organizations conduct cybersecurity awareness training among staff.

Want to see more statistics?
Fill out this form to download the report “IT Security Economics 2021: Managing the trend of growing IT complexity”
Download report
Need help with IT security?
Fill out this form and Kaspersky experts will get in touch
Contact me

*These statistics are based on results from an online survey of 3,063 business representatives from companies with 50 and up to 4,999 employees around the world, conducted in 2021 by Kaspersky and B2B International. Statistics based on less than 30 respondents should be used with caution, due to this being a low base.

** The methodology for measuring endpoint protection represents the penetration of endpoint protection in businesses meaning the proportion of corporate endpoints (both physical devices and virtual endpoints) that have endpoint security software installed in the average organization of this vertical and segment

© 2021 AO Kaspersky Lab. All Rights Reserved.

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information

Accept and Close