What’s an IT Budget and How Much Should I Spend on Cybersecurity?

Category

Cybersecurity Fundamentals, Guides

Risk Level

 

Whether you own a small business, or are the Senior Director of IT at a Fortune 100 company, you are forced into the annual tradition of budgeting. We get it - no one likes budgeting (at least they don’t admit it out loud). Add to that the feeling that 2021 is more uncertain than ever and we understand it's truly at the bottom of your list. Despite the desire to procrastinate, the importance of taking the time to sit down and outline your internal investment strategies with your team is a critical exercise to keeping your company operating.

This article will help you understand the basics of what an IT budget is, its general components, and how cybersecurity should be part of that planning process.

“What do you consider to be IT?”

What might appear as a simple question is nothing of the sort. There are many definitions, but we will use the most expansive and all encompassing; it’s always easier to exclude something than to omit it in error. When we say IT we mean any technology (hardware, software, or service) that supports the operations of your organization. This includes internet bills, cell phone plans, Microsoft Office subscriptions, payments to Managed Service Providers (MSPs), laptops, monitors, servers, and more. If it plugs in, it’s likely part of your IT ecosystem.

“Ok got it. So what’s the budgeting process look like?” 

We’ve identified six categories of IT that will help frame the initial categories of your IT budget.  Don’t be afraid to expand on these, but try not to go crazy and end up with 23 items for the sake of satisfying “more is better.”

The six categories we recommend are:

  1. Personnel

  2. Hardware

  3. Software

  4. Operating costs

  5. Third party service and support

  6. Cybersecurity

Let’s get a little more detailed.

1. Personnel 

This category would vary depending on if you have an in-house IT department or if you’ve outsourced to a third party.  If you have an in-house team, you should include things such as:

  • Current salaries/benefits packages; 

  • Training budgets;

  • Bonuses; and

  • New hire allocations.

If you’ve outsourced to a third party provider, then consider items such as: 

  • Contractor fees; and

  • Placement fees.

2. Physical Hardware

This is the default category for most people.  Here it's important to consider the physical machines that employees use to perform their job functions.  Items like:

  • Storage and email servers;

  • Modems, routers, patch panels, and switches;

  • Devices (e.g., laptops, PCs, tablets, mobile phones, desk phones, printers/scanners/copiers, etc.);

  • Building security and fobs;

  • Video surveillance equipment;

  • Conference room systems (e.g., cameras, speaker phones, etc.); and

  • Lifecycle maintenance, repair, and replacement.

3. Software

This is the complement to the hardware.  Without software your company has fancy monitors and top of the line servers that don’t function.  So this category includes items like:

  • Product seat licenses (e.g., AutoCAD, Revit, Oracle, etc.);

  • Subscriptions (e.g., Microsoft Office 365, Salesforce, Hubspot, etc.);

  • SaaS infrastructure payments (e.g., if your company has moved all IT to the cloud);

  • VoIP platforms (e.g., Zoom);

  • Virtual Desktop Infrastructures (VDIs); and

  • Update and patch programs.

4. Operating Costs

This category is less tangible than others but would encompass items purchased to support running an office.  Items such as:

  • Rent associated with IT space (e.g.; desk space or data center space);

  • Mobile phone bills;

  • Office supplies; and

  • Utility bills (e.g., power, phone line, internet connection).

5. Third party service and support

We’ve already touched on some third party items, but this category includes everything that you outsource.  This could include things like:

  • Building security monitoring;

  • Web hosting;

  • Web design;

  • Digital marketing; and

  • Offsite backup servers.

(and most importantly…)

6. Cybersecurity

To put it simply, this is this category that ensures your systems not only work, but work securely.  Here you should consider strategy, assessments, and training:

“So how do I allocate?”

This depends on where your company is in its lifecycle.  If it’s just starting off, the allocations may be skewed higher than normal as you’re building up operations.  However, if your company is celebrating its 15 year anniversary then it likely has established a good foundation and is just keeping investments tuned up.  Regardless, here is a high-level distribution of funds across your entire IT budget:

allocations_IG Photo.jpg

“So now what?”

Grab a fresh cup of coffee, crack open a new excel workbook and gather your past costs within each of the above categories.  Look for annual patterns, identify gaps, and chart a strategic investment forward.  Your historic data will be a great starting point to see what investments are already in place and help you plan for the future.

For more help getting started, check out our FREE cybersecurity accelerator kit to move into 2021 securely.  If you’re truly not sure where to begin we suggest you take two minutes to take our cyber risk quiz and understand your company's cyber exposure.  If you’re looking to read more tips, tricks, and cybersecurity information, subscribe to our ACT newsletter or check out our latest recorded workshops (all for free!).

No matter what stage you and your company are at, we’re here to provide smarter cybersecurity solutions with our trusted experts.

 

Follow us - stay ahead.


Read more of the ACT

Previous
Previous

Insider Threat: The Real Risk to Your Organization

Next
Next

10 Reasons to Run a Cybersecurity Drill