Adrian Johnson
In the article “Cybersecurity as a % of Computing Infra Spend in 2024,” the author discusses the optimal cybersecurity spend for organizations and how it compares to industry benchmarks. The author uses data from the Spiceworks Ziff Davis State of IT 2024 report to analyze IT spending across various categories. The article focuses on spending on cybersecurity as a percentage of spending on computing infrastructure and emphasizes the importance of understanding an organization’s risk-based choices and tradeoffs.
The author explains that there is no one right amount to invest in cybersecurity, as it depends on the organization’s willingness to accept security-related risks. The article provides a range of cybersecurity spending as a percentage of annual total IT spend on computing infrastructure, with the median amount being 11.1%. The author suggests that organizations can use this data to compare their own cybersecurity spending to industry benchmarks.
The article also introduces an interactive assessment tool developed by Aberdeen that allows organizations to enter their annual cybersecurity investments and see where they fall on the percentile curve derived from the State of IT 2024 dataset. However, the author cautions that this percentile curve primarily provides insight into the affordability of cybersecurity investments rather than the level of risk. To determine the optimal amount to invest in cybersecurity, organizations need to consider both risk quantification and affordability.
The author concludes by teasing the next blog post, which will discuss key capabilities organizations need to quantify security-related risks and make informed business decisions about cybersecurity. The article ends with an invitation to join a webinar on managing choices and tradeoffs in IT spending.
