The costs for developing programs in cyber security can be extremely costly for the right person. The actual amount companies spend on cybersecurity is often tied to their IT budget, which helps account for company size and IT infrastructure. Estimates of what companies currently pay vary, ranging from an additional 5.6% to up to 20% of the company’s total IT spend. For example, say a 40-person company pays $3,000 per month to an IT managed service provider to cover their IT needs. Their cyber security budget would come in somewhere between $168 and $600 per month a significant, but not unattainable amount and well worth it given the potential cost of a cyberattack. Small businesses often operate on a tight budget, and in some cases, the person building and approving the budget may not know the value of cyber security. If you’re facing hesitation from leadership, stakeholders or the board of directors, performing a basic risk assessment can be a great way to show them where your company stands and how an investment could bolster protection. Leadership whether the board, C-suite or company owner has a responsibility to guide the company in the right direction, and that includes protecting the company from threats. Your cyber security provider can often help you identify the highest priority and lowest cost items to tackle with your limited budget. From there, you can tailor your cyber security program and slowly grow your budget in the coming years to provide enhanced protection and help mitigate risks. At some point in the not-too-distant future, cybersecurity will be a standing line item on all business’s profit and loss sheet. Just like small businesses build a cost for their accounting software or building alarm system into their finances, they need to start including cybersecurity as a standard expense and business priority. The cost of a comprehensive cybersecurity program is a small price to pay for the peace of mind you’ll enjoy knowing your company is better protected.