You’ve come to this page because you’re curious about cyber security and protecting your company from cyber threats. Maybe you’ve been a victim of ransomware in the past, and are looking to protect your company from future cyber attacks. What does cyber security cost and what’s included?
Proven Data is on the front lines when it comes to data security and malware protection with an incident response division dedicated to these types of attacks. This experience helps our security consultants understand first-hand what ransomware and malware can do to your company. Our team is here to provide all of the insight and information you need to protect your company and keep your data safe.
Anyone is a target. Cyber criminals don’t discriminate based on company size or industry. Their goal is to make financial or political gain from cyber crimes.
This page breaks down the expectations of cyber security and the costs, fees, and rates associated with data security. We will give information on the different types of data protection categories and industry-best practices and standards. This page also includes free cyber security tips that can be implemented to reduce your cyber risk immediately!
What is cyber security?
Cyber security is a comprehensive way to protect an organization’s network from active threats. Many think that cyber security is one single product, technology, or technique that keeps your data safe from cyber threats. This is not the reality.
A robust cyber security framework requires a layered approach that safeguards your organization with products, policies, and procedures. It requires you to proactively implement the solutions and techniques we relay in this article.
A strong cyber security foundation aims to protect your business from threats like:
- Data breaches
- Phishing attacks
- DNS hijacking
- Insider threats
- Denial of service attacks
What makes up cyber security? (Products & Services)
If there’s anything you take away from this article, understand there’s no one-size-fits-all solution to cyber security.
Cyber security requires a layered approach that is custom-tailored to the budget and needs of the individual organization. Not every business will have the budget for the newest and shiniest products or services, so it is essential to carefully consider your options.
Businesses looking to invest in cyber security will find that the expenses fall into two general categories: Products and Services
Cyber security products are the software, solutions, or physical devices that keep your data protected. These are products such as:
- Endpoint security and antivirus software
- Email protection
- Two factor-authentication
Cyber security services describe the professional services that safeguard your organization against cyber threats through implementation, auditing, and planning. These types of services include:
- Vulnerability assessment
- Penetration testing
- Compliance auditing
- Security program development
- Security architecture review
- Monitoring services
Why is cyber security important for business?
Businesses of all sizes are at risk.
You may think you are not a target because you are a small company, but smaller companies are the most vulnerable since they tend to have less protective security controls.
Ransomware affects 62% of small-medium sized businesses and 32% of larger organizations according to the Beazley Breach Briefing 2020. Ransomware can have a severe impact on those companies who least expect a cyber attack and have yet to develop an incident response plan.
Cyber criminals are constantly devising new ways to infiltrate a network via security vulnerabilities and inflict harm on innocent victims.
The overall number of new vulnerabilities in 2019 increased by 17.6% compared to 2018 and 44.5% compared to 2017, according to a vulnerability study. These numbers are concerning, and this upward trend is likely to continue.
Ransomware has proved to be a lucrative business for many organized cyber crime groups, some boasting as high as $2 billion in revenue. Since one of the main motives for cyber criminals is monetary gain, you can understand why they are actively looking for vulnerabilities.
Cyber crime cost businesses in the United States more than $3.5 billion in internet-related cyber crimes and damages according to a 2019 FBI report.
Now more than ever, business leaders are concerned about:
- Their organization and network being secured to keep up with emerging threats or compliance requirements.
- Accounting for third-party cyber vulnerability risk-assessment during mergers and acquisitions.
- Keeping client and business information secured to avoid a possible public shaming or brand damage that follows a successful cyber attack on your business.
What factors determine cyber security cost?
We commonly hear questions about how expensive cyber security is and the cost to protect data. There is a cyber security solution for every business of all sizes in every industry!
Cyber security cost factors include:
- Size of company: The more employees you have = more opportunities for a cyber attack to occur (more computers, workstations, and devices are vulnerable to attacks). More employees also result in more possible opportunities for successful phishing attacks and business email compromise. As a result, larger organizations tend to require more in their cyber security spending than smaller businesses.
- Type of data: Businesses that collect more sensitive data will need additional security layers to ensure they are compliant with industry-standard legal compliance.
- Your data needs to be secured under the Health Insurance Portability and Accountability Act (HIPAA) if you’re a medical provider.
- Businesses in commerce or professional services that store credit card information need to ensure they are Payment Card Industry Data Security Standard (More cybersecurity measures in place for HIPAA compliance, PCI compliant if they’re storing credit cards).
- Products & Services: The more protection you have in the form of products and services, the higher the cost. Businesses that choose both cyber security products and services should expect to pay more than if they just select products.
- Self-Install vs. Professional Install: Cyber security companies can sell you security products to set up yourselves, or you can contact a security vendor to help install the product (usually for additional setup fees).
- Professional Audits: Organizations can periodically conduct third-party audits to ensure they are updated with the latest security and compliance standards.
Costs of cyber security software & products
A solid cyber security framework includes software and physical products that will help fortify your network against attacks. We base these recommended solutions from our threat intelligence gathered on the front lines of ransomware recovery.
A firewall is a crucial security device that acts as the first line of defense to protect your business network’s critical assets. It is commonly a physical product, but can also come in virtual form. Firewalls range in prices between $400 and $6,000.
The firewall protects your network by filtering traffic and acting as a guard between your internal network and the rest of the world. Without a firewall, your business systems could be wide open and vulnerable to attack. It also serves as another protective layer with the ability to block malicious software.
Firewalls come in a variety of sizes, so you will want to choose one that best fits your network’s size and configuration. We recommend you have a security professional install the firewall to ensure it is set up correctly and protects your network. An average firewall configuration costs between $450 and $2,500.
Lastly, your business will likely need a subscription from the vendor to use their administrator console. This console allows the network administrator to be notified of any threats and configure the network if additional workstations or devices are needed. Yearly costs for firewall subscriptions range from $50 to $6,000 annually.
A company seeking firewall protection (product cost + installation fee + monthly/yearly subscription) should expect to pay between $1,500 and $15,000, depending on the size of their network and needs.
Endpoint security and antivirus Software
Endpoint security and antivirus software for your network are essential for a solid cyber security foundation. Both security solutions offer threat detection and protection, however, Endpoint Detection and Response (EDR) can be a more professional security solution depending on the size of your company and network.
Your workstations (the physical locations in an office where a computer or desktop is connected) are used by employees and need to be protected. Servers help connect these workstations at a centrally located point in your network (network servers, database servers, etc.)
Endpoint detection and response (EDR)
Endpoint Detection and Response (EDR) antivirus software offers an advanced layer of protection that combines real-time monitoring and data collection with automated rules for response and analysis. These solutions are great for businesses because they allow for immediate detection and remediation.
EDR allows you to manage the network and connected devices remotely from one central location, giving you greater visibility and control over your business network. Some detections may require further action by the network administrator to remove entirely. If the response isn’t timely, it can be costly for the business as the malware gets deeper into the network!
Businesses can assume an average cost range of $5 – $8 per user per month and $9 – $18 per server per month for endpoint detection response.
Antivirus is a less expensive product (lower cost than EDR) that manages basic threats and monitors activity from possible malicious web pages, files, software, and applications. Although antivirus is better than no security application, these programs often do not catch advanced threats, like ransomware, and may not alert you of an attack.
* Even after you have an antivirus solution in place, it is crucial to monitor the alerts.
Businesses should expect to pay between $3 – $5 per user, per month for basic antivirus on their workstations and $5 – $8 per server, per month.
Additional rates apply for those companies looking for a cyber security service that can help monitor and stop the malware detected on this system.
On average, the pricing for monitoring can range between $100 – $500 per month for a small-sized network to $500 – $2,000 per month for a medium-sized network.
One of the most common ways malware comes into a network is through email. Security group Mimecast found that 85% of businesses believe their organization’s volume of web or email spoofing will remain the same or increase in the coming year. Business email compromise is a major cyber threat and a common entry point for ransomware attacks.
Organizations that use email solutions like G-Suite have built-in email filters that mostly keep your inbox secured. However, many businesses still choose to use their own servers to host their data, not only for cost-saving reasons but also for internal security purposes and auditing.
Businesses can pay for email protection in which a third party filters the emails before they are received. These services specialize in email protection and are updated to catch even the most advanced email compromise attempts. Most of these services charge a per user, per month fee that needs to be accounted for.
Most businesses should expect to pay between $3 – $6 per user per month for a quality email protection service.
If your company is unable to pay for email protection, training your employees to detect phishing attacks can greatly reduce your risks and educate your workers on business email compromise and other email threats.
A smart way to protect your network, accounts, and logins is using two-factor authentication. Two-factor authentication (2FA) is a security procedure that requires two credentials (passwords) for you to be logged in. Think about a house door with multiple sets of locks.. the owner needs to possess both of those keys!
Two-factor authentication software can be implemented in a variety of ways. There are currently free authentication platforms like Google Authenticator that can be set up on your phone and are easy to access. This is a good solution for individuals and small businesses, and might even be included with your current email provider.
Paid two-factor authentication platforms are a good investment for those organizations seeking advanced features such as:
- Employee monitoring and admin portals
- Blocking anonymous networks
- Enforcing device trust policies
The cost for two-factor authentication can be $0 – $10 per user, per month for your business.
What is a hardware security key?
Another two-factor authentication tool is a hardware security key which is a physical authentication device similar to your house or car keys. This device is about the size of a quarter and can fit on your keychain. It plugs into your computer and acts as another security layer (how are the bad guys going to steal your password and your keys from your pocket?)
Hardware security keys range in price for a one time fee of $30 – $60 depending on the manufacturer.
Costs of professional cyber security services
There are several factors that determine the hours and cost of data protection from a cyber security company. You need to understand what you are paying for.
Below is a breakdown of hours needed to complete common cyber cyber security services and assessments:
A vulnerability assessment can help an organization understand where it is most exposed and where the most significant risks are for cyber threats. A cyber security architect will have to:
- Create a security roadmap of your network infrastructure (network topology) and all the connected devices on a given network.
- Identify the weak points for any systems on a network.
- List the order of actionable steps to increase network security.
- Relay this information to the appropriate IT teams and business leaders.
Expected cost for a vulnerability assessment: $1,500 – $6,000 for a network with 1-3 servers and $5,000 – $10,000 for a network with 5-8 servers.
As cyber threats continue to evolve, there’s a lot of value in periodic vulnerability assessments.
Web application assessment
Most businesses rely on the internet to function and generate revenue. A web application assessment is conducted to ensure web applications portals are secure from potential threats. This service can be a one-time cost or a recurring fee depending on your security budget and the requirements of your organization.
The length of time it takes a cyber security professional to complete this assessment is determined by the number of pages that need to be tested and the type of website. Generally, more static content requires less time. Sites with higher levels of functionality and user input will take more time to assess and you can expect up to 40 hours to complete the assessment.
Security architecture review
To understand the holistic security framework of your organization you can request a security architecture assessment. This type of assessment reviews the infrastructure that powers your business. A security architecture assessment is usually a one-time service that will review your network environment and provide you with recommendations to increase security.
Some of the hours used during a security architect assessment are reserved for writing up a report. This type of assessment can take 10 to 15 hours for small businesses and easily up to 40 hours if you want a roadmap of framework controls and operational processes and procedures.
Security program development
Professional cyber security services can establish a complete cyber security program from the ground up for businesses with minimal understanding of network security. This service is typically a one-time fee that includes creating and implementing policies and procedures that dictate the security of your organization. Security program development can take 5 to 20 hours depending on the complexity of the program. Hourly rates range from $149 to $479 per hour.
Most business leaders are uninterested in the day-to-day efforts it takes to protect an organization. Outsourcing your cyber security with threat monitoring services helps you stay focused on growing your business. At the same time, a professional has your back, keeping you cyber secure with the most up-to-date information and techniques. Threat monitoring is often a recurring fee, as a cyber security expert actively looks for cyber threats targeting your business.
Deciding whether to use cyber security products, cyber security services, or both will impact your business’s overall cyber security expenses.
4 ways to protect your data with free cyber security
This page primarily describes the paid products and services associated with a robust cyber security foundation. We understand that not all businesses will have a budget for cyber security, and we believe that the basics of data protection won’t cost you a dime.
Here are ways you can immediately increase your cyber security at no cost:
- Enable Automatic Updates
- Enforce Strict Password Policies
- Enable Access Management Controls
- Create a Cyber Security Culture
#1 - Enable automatic updates
Ensure that your operating system, endpoints, and servers are enabled for automatic updates when released by the manufacturer. Cyber criminals are finding more zero-day vulnerabilities that slip past older versions of the software and hardware you may be using, creating an easy opportunity for a cyber attack.
#2 - Enforce strict password policies
Compromised passwords are a significant risk for your company to be exposed by ransomware. If employees use weak passwords for their login credentials, hackers can use a password generator and “brute force” their way into a network. Enforcing your employees to use complex, unique passwords for their access credentials can have a positive impact on your cyber security framework.
A major concern is open-faced RDP ports in which a network was improperly configured from possibly years ago. These open ports allow unauthorized users to access your network and change security settings (amongst various other security concerns). Make sure the RDP port and password is secure.
#3 - Enable access management controls
A network administrator can change the settings to ensure there is a hierarchy of privilege access management controls. Access management can help thwart cyber attacks if a threat gains access to a lower-level employee email account or one individual server.
#4 - Create a cyber security culture
Most employees of an organization feel little to no obligation to the cyber security goals of an organization or think that it might be “someone else’s job.” Cyber security is everyone’s responsibility, and if you genuinely seek change in your organization, you must create a cyber security culture for the business.
Any of these protections can be done for free (and right now) by a system administrator or the business owner. A cyber security company can help you follow these basic guidelines (plus the advanced protections) for a service fee.
What should I expect from a cyber security services company?
Now that you understand the cost of cyber security for your business, you may be wondering what is right for you and the next steps.
Every business needs to take action now to make sure they have basic levels of protection. Whether you see the value in the paid products in services, the free protection tips are an excellent place to start to make a big difference.
Proven Data is passionate about helping businesses avoid cyber attacks and keeping them secured with the best cyber security tools & techniques used in the industry today. We can help you identify what security practices are best to meet your budget and business needs.
We’re not here to up-sell you on the fanciest, shiniest new security product that you can’t even pronounce. Our purpose is to protect your business with the proper level of cyber security services for now and the future.