Cost of Cyber Attacks vs. Cost of Cyber Security in 2021

We have heard some people complain that cybersecurity services are too expensive. While most find these expenses to be worthwhile, we wanted to address this argument and show why it is fallacious. You cannot expect to get high-quality professional services without paying a fair price for them, and that’s just one-half of the equation. On the other side, it is also obvious that the potential cost of a cyberattack is far greater than the likely cost of an adequate cybersecurity budget. Let’s delve into the subject and see exactly what we can learn.

The Cost Of Cyber Attacks

Let’s start by getting a rough idea of how much a cyber attack can cost. Unfortunately, it is hard to pin down specific numbers here because the costs can vary considerably. For instance, when ransomware hackers go after large multinational corporations, they tend to ask for huge ransoms (sometimes in the millions) because they know their target can afford to pay. In contrast, smaller-scale ransomware attacks tend to ask for a lot less.

Annual Worldwide Costs

The annual costs of cybercrime are staggering, as we can see from this report. Produced by McAfee, this report gathered many records of cybercrime losses (public and private) and tallied up the total losses. In 2020, these losses added up to more than one trillion dollars. We can also see that these numbers have been increasing dramatically since 2018, so the increase is likely to continue.

Average Costs Per Company

We need to narrow down these numbers to make them more useful, so let’s take a look at the average cost (per year) that a single company will lose as the result of a cyberattack. Be aware that these are averaged numbers, so they don’t reflect every individual company. According to our numbers, the losses depend greatly on the size of your company. This fits with what we have already told you: The more you have, the more you are likely to lose. Here’s the raw data for your perusal:

  • Small companies (1-49 employees) lost an average of $24,000 each in 2020
  • Medium-sized companies (50-249 employees) lost an average of $50,000 each in 2020
  • Large companies (250-999 employees) lost an average of $133,000 each in 2020
  • Enterprise-level companies (1000+ employees) lost an average of $504,000 each in 2020

Random Examples

To complete our research on the approximate costs of cyberattacks, let’s look for some specific examples. These will be chosen at random to make sure that everything is objective and fair.

  • 1. Solarwinds, a company that makes business software, was compromised at some point in 2020. This was an advanced persistent threat (APT) that proved very hard to detect. In total, the company reported losses of $25 million to its investors.
  • 2. Amazon was targeted with a DDOS attack earlier this year, and it succeeded. They were only down for a little over an hour, but the total losses were somewhere in the neighborhood of $75 million.
  • 3. In May of 2021, Brazilian meatpacking company JBS was the victim of a ransomware attack. The ransom alone was $4.4 million, and the loss of revenue might have been even greater.
  • 4. On May 6, the Colonial Pipeline was hacked, and the ransom paid by the company was reported as $5 million.

The Cost Of Cybersecurity

As with the costs of cyber attacks, the costs of good cybersecurity will vary a lot. The company you choose, as well as the services you desire, will play large roles here. However, we want to get some approximate figures. Let’s see how much the average company is likely to spend on cybersecurity per year.

According to this report, the average company will spend somewhere between 6% and 14% of their annual IT budget on cybersecurity. That is less than a quarter of the total amount allocated for cybersecurity in general, so that’s actually not that bad at all. On average, most companies spent around 10% of their IT budget.

So, how large is your IT budget? Take that number and multiply it by 0.10. That will tell you the amount that you are likely to spend on cybersecurity per year. Compared to many other business expenses, this is pretty negligible. How negligible? Well, let’s look for some average numbers regarding IT budgets.

According to these figures, the average company spends 3.2% of its total revenue on IT costs. This approximate figure holds true across industries of all kinds and companies of all sizes. We are also told that a small company will generally have a budget of less than $5 million. Mid-size organizations will normally spend between $5-20 million. Larger organizations will normally spend $20-50 million per year. Thus, we can calculate the average cybersecurity costs for these businesses (assuming that all of them spend about 10% of their total IT budget on cybersecurity).

  • Large businesses: Between $2 million and $5 million spent on cybersecurity per year
  • Mid-size businesses: Between $500,000 and $2 million spent on cybersecurity per year
  • Small businesses: $500,000 or less spent on cybersecurity per year

Although these numbers are far from small, we have already seen that cyber attacks tend to be much more expensive. Not only that, but the damage to a company in terms of reputation is incalculable.


As you can see, the benefits of good cybersecurity are well worth the expense. When you consider the fact that only about 3% of your revenue needs to go in this direction, the facts become obvious. Cyber attacks against large companies will ask for millions of dollars (perhaps even billions if they think you are capable of paying!). As such, it pays to employ the help of competent cybersecurity professionals. If you are looking for competent IT services in New Jersey, give PCH Technologies a call at (856) 754-7500.