TIME TO READ: 7 MINUTES
If you could reduce the chances of a cyberattack destroying your business by 90-95%, wouldn’t it make sense to do so?
Of course! That's just good risk management. As long as it doesn't break the bank.
The good news: Implementing high-grade cybersecurity doesn't cost as much as you might think. This WOOF will demonstrate that, by sharing some estimates from PlanetMagpie’s own cybersecurity implementations.
7 Areas Where Every Business Needs Cybersecurity
In June, we published an article about "The 7 Entry Points for Cyberattacks." We'll use those 7 entry points as guideposts, to show you where & how to anticipate costs.
- Network Hardware (switches, service gateways, wireless access points)
- Workstations (desktops, laptops, specialized terminals)
- Cloud Services (private and public)
- Internet Access
- Mobile Devices
PlanetMagpie's cybersecurity stack (collection of solutions) below is designed for small businesses (under 500 employees). Of course, different organizations will have different security needs, depending on factors like size, industry, and data sensitivity.
Real-World Cybersecurity Cost Estimates
1. Network Hardware
Two items here: Network Hardware refreshes, and network vulnerability testing.
HARDWARE: The average lifespan of network hardware is 5-7 years. Using network hardware past its end-of-life opens you up to cyberattacks designed to hit older, unsupported hardware.
Network hardware costs for a 50-person business:
- Switch - $4,700
- Service Gateway - $1,500
- Wireless Access Point - $1,200
- Optional: Security Appliance (for serious front-end network filtering) - $50,000
NETWORK VULNERABILITY TESTING: Quarterly scans provide visibility into where your network may be vulnerable to the latest cyber threats, giving you a chance to remediate risks proactively – $800/quarter
Estimate: $800 per quarter and $7,400 hardware investment (lasts 5-7 years)
Three items here: Monthly server maintenance, cloud backups (for server data), and endpoint detection and response (EDR) on the server side.
MONTHLY SERVICE MAINTENANCE: Essential to patch and update software and firmware – $350-700 per server
CLOUD BACKUPS: $1/GB of storage per month for cloud backups in two geographically separate datacenters, with discounts for high volumes of data
ENDPOINT DETECTION & RESPONSE (EDR): Defends servers from suspected malware. Recommended EDR solution is Sentinel One – $8/month per server
Estimate: $1,308-2,008 per month (assumes 2 servers and 600GB of data)
Three items here: software updates, cloud backups (for user data), and EDR on the workstation side.
SOFTWARE UPDATES: Monthly software and firmware workstation updates – $500 (RMM subscription, plus labor)
CLOUD BACKUPS: $12/month per workstation
EDR: Sentinel One also protects workstations from malware attacks – $5/month per workstation
Estimate: $1,350 per month (assuming 50 workstations)
Two items here: spam/malware filtering, and Employee Cybersecurity Training.
EMAIL FILTERING: Gets rid of spam/malware before it hits the inbox. Recommended solution is modusCloud – $5/month per account
EMPLOYEE CYBERSECURITY TRAINING: $500 once per year; listed under Email because the majority of cyberattacks happen through email, which the training emphasizes
Estimate: $250 per month (assuming 50 accounts) plus $500 yearly
5. Cloud Services
One item here: Third-party cloud backups for the data stored in cloud services.
CLOUD BACKUPS: Inexpensive backup to safeguard data normally living on cloud services.
- Microsoft 365 Cloud Backups (including
Exchange, SharePoint Online, and OneDrive] – $5 per month per account
- Google Workspace Cloud Backups - $4 per month per account
Estimate: $200-250 per month (assuming 50 accounts)
Three items here: VPN, Multi-Factor Authentication (MFA), and web traffic filtering.
VPN: Use a Hardware VPN for stronger access control – $5,500 (10 concurrent users)
MULTI-FACTOR AUTHENTICATION (MFA): A secondary protection on the VPN – $30 per month
WEB FILTERING: Disallows employee access to categories of sites known to contain malware and lower employee productivity – $5 per user per month
Estimate: $280 per month plus $5,500 first year for VPN (licensing renewals thereafter)
7. Mobile Devices
One item here: Mobile Device Management, or MDM.
MDM: Helps manage the mobile phones on your network. A 'Lite' version comes free with Office 365 Business, though a more feature-rich version (MS Intune) only costs $6/user per month.
- MDM provides: Software updates to devices, segregation between personal and corporate data, remote wipe when phones are lost/stolen, and more.
Estimate: Free to $300/month (assuming 50 devices)
NOTE: Some of the pricing above is hardware/software alone, due to related labor costs being project-dependent, but in no case is the labor a significant figure compared to the solution cost. Please check with your IT team or consultant
for exact figures.
PRO TIP: Consider cybersecurity business insurance. With this cybersecurity stack, your rates may be more reasonable than you think, and your business is protected in a worst-case scenario.
Comparing Cybersecurity to Cyberattack: Manage the Risk Now, Prevent Destruction Later
Do these costs seem high to you? If so, let's weigh them against the costs of a cyberattack.
The 2020 average cost of a data breach was $3.8 million!
(Source: IBM Security)
Are you a target? Well, by the end of this year ransomware is expected to attack a business every 11 seconds. So, yes, you are.
(Source: Cybersecurity Ventures)
How long does it take to recover from a cyberattack? (That's if you do recover—cyberattacks can & do kill businesses all the time!)
- IF YOU HAVE VIABLE CLOUD BACKUPS: 3 days to 2 weeks. Disaster recovery conducted by IT experts ranges from $20,000 to $200,000.
- If you only have local backups, you may not recover. The recent ransomware strains also destroy local backups to keep you from using them.
- IF YOU DO NOT HAVE BACKUPS: 2 weeks to 6 months! Costs range from $200,000 to $3+ million.
- If you decide to pay the ransom in the hopes of getting your data back (80% don’t, even after paying), then factor in the ever-increasing price of Bitcoin payments.
- Finally, factor in the cost of business downtime, whether you could recover from a complete data loss, and the damage to your company’s reputation.
Compare this to the estimated costs above. Much less than what a cyberattack could cost you!
Right now, cyberattacks rank near the top (if not THE top) of the most dangerous risks to your business. Take the "ounce of prevention" approach, and you can greatly reduce that risk. The cost is not that high, compared to the alternative.
Looking to improve your IT operations' efficiency this year? Contact us for a network review (no obligation!) at firstname.lastname@example.org.