This is the ultimate guide to the cost of IT security. Select the details that match your company to see the average budgets your industry peers spend on IT security (by region, industry, size), what security measures they take, the major threat vectors they encounter, how much money they lose as a result, and what you can do to avoid being compromised. The Calculator has been created as an adjustable tool. The data presented can be updated and/or added to over time based on insights from customers and Kaspersky.
IT security budget in 2018
Data provided by 45 respondents*
Europe, Finance, 4 999 employees
IT Security budget makes up 21% of the total IT spend
$ 6 418 885
$ 6 418 885
$ 52 500 000
Expected change to IT security budget in three years
Incidents affecting third party cloud services used by the business
Inappropriate IT resource use by employees
Phishing / social engineering attacks on accounts
Incidents affecting suppliers that the business shares data with
Incidents affecting IT Infrastructure hosted by a third party
Incidents affecting virtualized environments
Attacks on core transactional / back office systems
Attacks on online banking services
Financial losses due to attacks on ATM
Attacks on point-of-sale (POS) systems
$ 1 073 283
Average cost of one incident
Companies that rely on monetary transactions for their core business have always been a lucrative target for cybercriminals. With advances in fraud technologies, cybercriminals are switching their focus away from the ‘easy pickings’ of customers to the more challenging but rewarding targets provided by services providers themselves. The most pressing issues for financial services providers are: targeted attacks, embedded systems security (ATMs, POS), the human factor, cloud availability, fraud and ransomware. All interconnected security systems aim to address the rapid detection of sophisticated attacks, but the response and prediction security stages are generally the subject of less attention, while they actually require greater levels of investment. Anti-targeted attack solutions, embedded systems security and specialized solutions for use in datacenters – all of these are ‘must-haves’ for financial services businesses.
European financial institutions report that they have to deal with a higher than average number of targeted attacks on a daily basis, along with a large number of employees misbehaving or falling victim to social engineering, and a significant proportion of incidents affecting their virtual infrastructure. Therefore, it is highly recommended that these organizations continuously train cyber forensics specialists as well as regularly raise the overall level of cyber awareness among all of their employees. The reliable protection of virtual infrastructure that doesn’t affect performance also requires specialized virtualization-ready software. Attacks on POS terminals and online banking services are also quite frequent in Europe. These are not secured enough and give cybercriminals a way to real money, credit cards, and an entry point to the corporate network for targeted attacks. This further drives the demand for embedded systems security and anti-fraud solutions.
Want to see more statistics?
Fill out this form to download the «On the Money: Growing IT Security Budgets to Protect Digital Transformation Initiatives» report
*These statistics are based on results from an online survey of 6,687 business representatives from companies with up to 4,999 employees around the world, conducted in 2018 by Kaspersky and B2B International. Statistics based on less than 30 respondents should be used with caution, due to this being a low base.