Methodology

The Kaspersky IT Security Calculator is based on an annual online survey conducted among thousands of IT and business decision-makers around the world. In 2023 , Kaspersky interviewed 1,985 respondents from companies with 50 and up to 10,000 employees. Representatives were from 31 countries, working in different industries and company sizes. The statistics presented in the Kaspersky IT Security Calculator are self-reported by survey respondents and are for directional use.

Geography

The Calculator statistics are based on respondents' answers from the following countries:

North America

USA

Europe

Germany, Spain, France, Italy, United Kingdom

APAC

India, Indonesia, Malaysia, Singapore, Japan, Philippines, China, Thailand, Vietnam, South Korea, Pakistan

LATAM

Brazil, Mexico, Chili

META

Saudi Arabia, Turkey, UAE, South Africa, Egypt

Russia and CIS

Russia
Kazakhstan
STATISTICS FOR THE “ALL COUNTRIES" OPTION INCLUDES ALL THESE REGIONS

Statistics

Survey respondents were screened for their level of influence on IT security decisions within their organization and knowledge of IT security matters. All responses were aggregated into categories defined by region, industry, and company size. It should be taken into account that the more respondents that provided data, the more reliable it is. This is why results based on less than 15 respondents are not shown in the Calculator. Instead, search results are expanded for such requests in order to provide a sufficient amount of data. It is also recommended that statistics based on less than 30 respondents are used with caution, due to this still being a low base.

IT security budget

This graph shows the average annual budget companies are spending on IT security at the moment, the IT security budget's share of the total IT spend, and the average percent by which this budget is expected to change in the next two years. The IT security budget estimate is based on the combination of responses to the question below. For the calculation, the intervals in the questions were transformed into continuous variables by taking the midpoint (high and low point for the first and the last intervals respectively). The average value displayed is a trimmed mean.

IT security budget entered by the Calculator user is considered equal to the industry average if it deviates by less than 5% from it.

The questions asked:
  • As a best estimate, how much does your organization currently spend on IT?
  • The scale for this question was displayed in local currencies. Below you can see an example for the USA.
    1-49 EMPLOYEES 50-999 EMPLOYEES 1000+ EMPLOYEES
    Less than US$1m Less than US$1m Less than US$1m
    US$1m - US$1.9m US$1m - US$1.9m US$1m - US$1.9m
    US$2m - US$4.9m US$2m - US$4.9m US$2m - US$4.9m
    US$5m - US$9.9m
    US$5m - US$9.9m US$5m - US$9.9m
    US$10m - US$19.9m US$10m - US$19.9m US$10m - US$19.9m
    US$20m - US$49.9m US$20m - US$49.9m US$20m - US$49.9m
    US$50m - US$99.9m US$50m - US$99.9m US$50m - US$99.9m
    US$100m or more US$100m or more US$100m or more
  • Roughly, what proportion of this budget is allocated to IT security?
  • Less than 7,4%
    7,5-9,9%
    10-12,4%
    12,5-14,9%
    15-17,4%
    17,5-19,9%
    More than 20%
  • In terms of the total amount of money spent, how do you expect your IT security budget to change over the next three years?
  • 50%+ increase
    30-49% increase
    10-29% increase
    1-9% increase
    No change
    1-9% decrease
    10-29% decrease
    30-49% decrease
    50%+ decrease

Security measures in place

This graph shows the technologies and solutions companies are currently using. The percentage of endpoint protection represents the penetration of endpoint protection in businesses meaning the proportion of corporate endpoints (both physical devices and virtual endpoints) that have endpoint security software installed in the average organization of this vertical and segment.

Threats experienced

This graph shows the cyberthreats and breaches companies fell victim to in the last 12 months, and the maximum cost of one incident per company. The list of threats for financial companies is extended to include those relevant only to this industry. Both lists include the limited number of threats companies faced, compared with the list respondents were questioned on. The threats shown are the most severe.

The maximum cost of an incident to a company includes only companies with 50 and more employees and accumulates the estimated costs a company might incur after a breach in each of the following categories:
  • Lost Business
  • Employing External Consultants
  • Damage to Credit Rating/Insurance
  • Additional PR
  • Compensation
  • Improving Software/Infrastructure
  • Additional Internal Staff Wages
  • Hiring New Staff
  • Training Staff

Recommendations

These useful tips are given by Kaspersky experts depending on company size, industry and region, and are based on Kaspersky's experience of working with business customers over the last 24 years.