IT Security Calculator: North America, 1000 - 4999 employees

Calculate your company's security profile

This is the ultimate guide to the cost of IT security. Select the details that match your company to see the average budgets your industry peers spend on IT security (by region, industry, size), what security measures they take, the major threat vectors they encounter, how much money they lose as a result, and what you can do to avoid being compromised. The Calculator has been created as an adjustable tool. The data presented can be updated and/or added to over time based on insights from customers and Kaspersky.

IT security budget in 2020

Data provided by 152 respondents*

North America, All industries, 4 999 employees

IT Security budget makes up 26% of the total IT spend

View analytics for previous years

average

$ 11 513 916

average

$ 11 513 916

max

$ 140 625 000

2020

2023

Expected change to IT security budget in three years

+ 8 %

year

2020

2023

YoY Dynamics

Find out data for my company

Threats experienced in the last 12 months

Data provided by 165 respondents*

North America, All industries, 4 999 employees

49%

Data breach

47%

Viruses & malware

44%

IT Security policies violation by employees

44%

Inappropriate IT resource use by employees

43%

Phishing / social engineering attacks on accounts

42%

DDoS attacks

42%

Targeted attacks

42%

Malware infection of BYOD devices

42%

Inappropriate sharing of data via mobile devices

41%

Physical loss of company owned mobile devices exposing the organization to risk

40%

Incidents affecting suppliers that the business shares data with

39%

Cryptomalware/ransomware

38%

Attacks on local / branch offices of our company

36%

Electronic leakage of data from internal systems

35%

Physical loss of devices or media

35%

Physical loss of BYOD devices

34%

Incidents involving non-computing connected devices

33%

Fileless attacks

31%

Cryptomining attacks

28%

Supply chain attacks

24%

Incidents affecting IT Infrastructure hosted by a third party

24%

Incidents affecting third party cloud services used by the business

23%

Incidents affecting virtualized environments

15%

Attacks on point-of-sale (POS) systems

Attacks on online banking services

Financial losses due to attacks on ATM

Attacks on core transactional / back office systems

85%

Any cyberthreat

$ 1 046 250

Average cost of one incident

Security measures in place

Data provided by 131 respondents*

North America, All industries, 4 999 employees

92%

Network Securitу

85%

Web Security

85%

Cloud Workload Security

84%

Mobile Security

84%

Storage array / network attached storage security software

80%

Fraud Prevention

80%

Services - Incident Response

79%

Endpoint detection & response (EDR)

79%

Security for Virtualization

79%

Security solutions specifically designed for SaaS applications

79%

Services - Threat intelligence

77%

Anti-DDoS Protection

76%

Services - Security Assessment

74%

Services - Managed Detection & Response

73%

Advanced Persistent Threat (APT) Protection

73%

Services - Security Education & Training

73%

Messaging Security

73%

Industrial Cybersecurity

71%

Container Security

68%

Network Sandboxing

68%

Endpoint Protection**

65%

IoT - Transportation Security

55%

SIEM

48%

SOAR

16%

Services - Industrial Cybersecurity Assessment

13%

Embedded Systems Security

Recommendations

Government organizations are a key target for cyber-terrorism and state-sponsored attacks, so we recommend investment in a targeted attack detection and mitigation strategy, including empowering the SOC with the most advanced possible threat intelligence. It’s also important for government bodies to be fully aware of high profile cyber-espionage campaigns through comprehensive, practical reporting from security knowledge providers. Compliance is a big issue for government organizations, so we also recommend using an on-demand version of threat intelligence for isolated networks, where regulation excludes any data transfer outside the IT system's perimeter. To educate employees about the cyberthreats and behaviors that put government bodies at risk, it is highly recommended that organizations conduct cybersecurity awareness training among staff.

North America is one of the most developed regions from an IT and telecommunications standpoint, making this area a high priority for attackers armed with the latest cyberthreats. Government institutions in North America have been affected by targeted attacks with increasing frequency. This means they need to increase their anti-targeted attack capabilities, better train their security professionals and establish a firm contract with a renowned cybersecurity services provider.

Want to see more statistics?

Fill out this form to download the IT security economics 2020 executive summary: «Investment adjustment: aligning IT budgets with changing security priorities»

Download report

Need help with IT security?

Fill out this form and Kaspersky experts will get in touch

Contact me

*These statistics are based on results from an online survey of 5,266 business representatives from companies with 50 and up to 4,999 employees around the world, conducted in 2020 by Kaspersky and B2B International. Statistics based on less than 30 respondents should be used with caution, due to this being a low base. The significant increase in the IT security budget in 2020 may be caused by the change of the survey sample for several verticals and significant fluctuations in budgets in these verticals.

** The methodology for measuring endpoint protection has been changed: now it represents the penetration of endpoint protection in businesses meaning the proportion of corporate endpoints (both physical devices and virtual endpoints) that have endpoint security software installed in the average organization of this vertical and segment.