Outsourcing cyber security: How much does it cost?

March 25th, 2020
Outsourcing cyber security: How much does it cost?

If you’re planning to use a third-party IT partner to manage your cyber security solution, you’ll understandably want to know how much it will cost to outsource this.

In this post, we’ve put together some information to give you an idea of what you can expect to pay.

Before you start

It’s probably already occurred to you that the cost of cyber security, like all IT services, it will vary depending on the kind of business you run, the level of help you want and which solution you choose.

Here are some things to consider:

1. The size of your organisation

This is the single biggest factor in how much you may end up spending on cyber security.

If you’re a national company, with multiple offices, staff working remotely and/or using their own devices as well as their work machine, you’ll have to pay more to protect everything than if you are a one-man-band or a small team.

It’s worth thinking about how many devices you own and how many are used – personal devices are particularly vulnerable to hacking as they often don’t have the same level of security as office equipment. People are more likely to download something to their laptop or smartphone, which could allow malware to install itself.

2. Your business priorities

  • Which tool is most important to the day-to-day running of your business?
  • If the worst happens and there’s a breach, what needs to happen first?
  • Do you need to limit the impact of the attack, restore data or just keep things ticking over?
  • What responsibilities do you have to your clients and suppliers?
  • If their data is breached, is that a serious problem?
  • Should you let them know what’s happened?

If you’re in a supply chain, you’ll almost certainly have to let the other businesses in the chain know that they are at risk too. And consider your legal obligations too.

3. How much data you store

If you need to include data backup and recovery, the more you have, the more you need to protect. Larger organisations are likely to have a lot of information to safeguard, but if you’re a smaller business using specialist technology, that could also put up the costs.

Outsourcing Cyber Security: How Much Does it Cost -quote image 01

4. Software, hardware and cloud solutions

Where and how do you store your data? The more locations, the more controls and mitigations you’ll need to put into place.

If your staff have several different key pieces of software they use daily, where are they hosted? How is the data accessed, what controls are in place? This may need additional tools to protect.

5. The costs to your business

If your data is compromised or stolen, a piece of malware is installed or you’re the victim of identity theft, what are the costs to your business? There are specific tools available online that can help you calculate how much time you can afford to spend on restoring your data, but it’s worth thinking about these.

Consider the costs of reputational damage, higher insurance premiums, fees for emergency IT services if you don’t already have a solution in place, fines or other charges if you’re in breach of your industry’s regulations, and the cost of losing one or more clients.

Cyber security options

You may opt for only a ‘basic’ level of security protection, or you may choose to build your package to make sure everything that matters is properly protected. The best way to understand what level of protection you need is with a cyber security risk audit.

Here are some of the things that we offer at ATG, to give you an idea of what a cyber security solution might look like for your business.

1. Emergency support

If you don’t have cyber security and suffer a data breach, you will need to pay for someone to resolve the problem. If you need this done quickly, you’ve lost a lot of information or the restore is time-consuming, you may pay a lot more.

Again, prices will vary depending on what the problem is and the device that needs fixing, but if it’s a smartphone, you could expect to pay between £195 and £295 for a fix. For a hard drive, it could be between £350 to £600.

2. Cyber Essentials accreditation

The UK government approved assessment of your IT system and security, the basic level of Cyber Essentials, which is an internal review, starts at £400 + VAT. The Plus level, which includes external testing, can range from £1,000 to £3,000, depending on the size and complexity of your network.

Outsourcing Cyber Security: How Much Does it Cost -quote image 02

3. Security audit

You may want to have a professional audit carried out on your IT systems to identify vulnerabilities and potential risks. This can be extremely detailed, and include things like external testing, review of security practices, equipment and infrastructure review and check for compliance.

Again, the cost will vary depending on the size of your organisation and how involved the audit is, but you can assume a starting price of around £1,000 to £3,000, increasing for larger companies.

4. Data backup and disaster recovery

Data backup (taking regular copies of all your business information and storing it securely) and recovery (restoring data if it’s lost or compromised) is a key component of protecting your business against cyber crime. Prices start from as little as £3 a month, increasing when you have more information to store and protect.

5. Malware and phishing protection

There are a range of potential risks to a small business and protection is available for those you think could cause a problem. Malware includes viruses, worms and spyware. Phishing is finding out sensitive information by acting as a trustworthy third party and often happens via email.

Firewalls, email and password protection, mobile device security and malware protection are all ways to mitigate against these attacks. If you have a lot of employees, securing email is essential. If you hold a lot of personal information about clients, protecting against theft and ransomware (being asked to pay for the release of data) is recommended.

Budgeting for cyber security

Your IT partner will customise a solution for you which includes everything you’ve identified as important to your business. They will usually give you two options for monthly support packages, which will vary depending on the number of devices, users or what’s needed.

A basic package might start from £5 per user/endpoint, and around £8 for the next level, which includes additional security features. The package should be flexible, so it grows with your business,.

For more information on the solutions we offer here at ATG, why not speak to a member of our team. They’re also on hand to answer any questions you might have about other cyber security issues.