The Kaspersky IT Security Calculator is based on an annual online survey conducted among thousands of IT and business decision-makers around the world. In 2021, Kaspersky and B2B International interviewed 3,063 respondents from companies with 50 and up to 4,999 employees. Representatives were from 31 countries, working in different industries and company sizes. The statistics presented in the Kaspersky IT Security Calculator are self-reported by survey respondents and are for directional use.


The Calculator statistics are based on respondents' answers from the following countries:

North America

USA and Canada


Germany, Spain, France, Italy, Poland, United Kingdom, Czech Republic, Belgium, Hungary, Netherlands


Australia, India, Indonesia, Malaysia, Singapore


Brazil, Colombia, Mexico, Peru, Chili, Argentina


Saudi Arabia, Turkey, UAE, South Africa

Russia and CIS



Survey respondents were screened for their level of influence on IT security decisions within their organization and knowledge of IT security matters. All responses were aggregated into categories defined by region, industry, and company size. It should be taken into account that the more respondents that provided data, the more reliable it is. This is why results based on less than 15 respondents are not shown in the Calculator. Instead, search results are expanded for such requests in order to provide a sufficient amount of data. It is also recommended that statistics based on less than 30 respondents are used with caution, due to this still being a low base.

IT security budget

This graph shows the average annual budget companies are spending on IT security at the moment, the IT security budget's share of the total IT spend, and the average percent by which this budget is expected to change in the next three years. The IT security budget estimate is based on the combination of responses to the question below. For the calculation, the intervals in the questions were transformed into continuous variables by taking the midpoint (high and low point for the first and the last intervals respectively). The average value displayed is a trimmed mean.

IT security budget entered by the Calculator user is considered equal to the industry average if it deviates by less than 5% from it.

The questions asked:
  • As a best estimate, how much does your organization currently spend on IT?
  • The scale for this question was displayed in local currencies. Below you can see an example for the USA.
    Less than $2,500Less than $125,000Less than $1.25m
    $2.5k - $5k$125k - $250k$1.26m - $2.5m
    $5.1k - $12.5k$251k - $500k$2.6m - $5m
    $12.6k - $50k
    $501k - $1.25m$5.1m - $12.5m
    $51k - $100k$1.26m - $2.5m$12.6m - $25m
    $101k - $250k$2.6m - $3.75m$25.1m - $50m
    $251k - $500k$3.76m - $5m$50.1m - $250m
    $501k - $750k$5.1m - $12.5m$251m - $1bn
    $750k+$12.6m +$1bn+
  • Roughly, what proportion of this budget is allocated to IT security?
  • Less than 1%
    More than 75%
  • In terms of the total amount of money spent, how do you expect your IT security budget to change over the next three years?
  • 50%+ increase
    30-49% increase
    10-29% increase
    1-9% increase
    No change
    1-9% decrease
    10-29% decrease
    30-49% decrease
    50%+ decrease

Security measures in place

This graph shows the technologies and solutions companies are currently using. The percentage of endpoint protection represents the penetration of endpoint protection in businesses meaning the proportion of corporate endpoints (both physical devices and virtual endpoints) that have endpoint security software installed in the average organization of this vertical and segment.

The question asked:
  • For each of the following IT security solutions, what is your organization's adoption of, or plans to adopt each in the next 12 months?
  • What proportion of the following devices used in your organization have endpoint security software installed?

Threats experienced

This graph shows the cyberthreats and breaches companies fell victim to in the last 12 months, and the maximum cost of one incident per company. The list of threats for financial companies is extended to include those relevant only to this industry. Both lists include the limited number of threats companies faced, compared with the list respondents were questioned on. The threats shown are the most severe.

The maximum cost of an incident to a company includes only companies with 50 and more employees and accumulates the estimated costs a company might incur after a breach in each of the following categories:
  • Lost Business
  • Employing External Consultants
  • Damage to Credit Rating/Insurance
  • Additional PR
  • Compensation
  • Improving Software/Infrastructure
  • Additional Internal Staff Wages
  • Hiring New Staff
  • Training Staff

The questions asked:
  • Has your organization experienced any of the following incidents in the last 12 months?
  • Could you please estimate the total cost to the organization in terms of wages that this allocation / re-allocation of resources has so far represented across all breaches experienced in the last 12 months?
  • Did any of the data breaches you experienced over the last 12 months make it necessary to employ the services of any of the following professionals from outside the organization to address the problem?
  • Please can you estimate the overall additional cost to your business of employing these professionals to assist with the data breaches you have experienced in the last 12 months?
  • Did you experience any loss of contracts or business opportunities as a result of the breach? If so, could you estimate the total value of this lost business?
  • Can you estimate the extra marketing/PR expense your business is likely to incur in repairing this damage?
  • Please also make a similar estimate for the increased financial costs resulting from higher insurance premiums and damaged credit ratings.
  • Were any such payments necessary as a result of the breaches your organization has experienced over the last 12 months? If so, can you estimate the total cost to the organization of these compensation pay-outs?
  • In response to a breach experienced, businesses will often invest in additional staff, training or technology in order to avoid further incidents. Did your organization make any such efforts in response to the data breaches experienced in the last 12 months? If so, could you estimate how much has been spent to date on the measures outlined below?


These useful tips are given by Kaspersky experts depending on company size, industry and region, and are based on Kaspersky's experience of working with business customers over the last 24 years.

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information

Accept and Close