Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecurityCybersecurity News

A post-pandemic guide to cybersecurity budgeting for 2021

By Bernard Brode
budget
February 3, 2021

Think back – if you can remember those halcyon days – to last November, before the COVID-19 pandemic had taken hold in the West. Like a lot of organizations, you may have taken the opportunity, during a quiet holiday period, to sketch out your cybersecurity budget for 2020. Whatever you decided your company’s IT security budget should be, you’ve probably overrun it.

That’s nothing to be embarrassed about, of course. No-one had “deal with a global pandemic” as a line item in their business plan for 2021.

As organizations start to make their cybersecurity budgets for 2021, though, it’s immediately obvious that this year will bring new and unexpected costs. The global move to work-from-home (WFH) over the past year has left many organizations struggling to protect newly remote staff from a wider and more dynamic threat landscape. In this article, we’ll look at several key (but perhaps unexpected) items that should be in your cybersecurity budget for the coming year.

 

Threat Assessment

Every cybersecurity budget should be based, ultimately, on the level and types of threats that you face. The COVID-19 pandemic has led to a noticeable uptick in cybercrime, while simultaneously forcing employees to work from home, where they are more vulnerable. The bottom line is, therefore, that cybersecurity will cost a lot more in the coming year than it did in the last, and possibly more than ever before.

This headline notwithstanding, it's as important as ever to conduct a thorough threat analysis for your organization - following best practice guidelines for this - before deciding which of the following budget items applies to you, and how much you should spend on them. This threat assessment will also help to justify your 2021 cybersecurity budget, should management question why it is so much higher than previous years.

 

Staff and Training Costs

Back before the pandemic, plenty of companies were in the process of moving to remote work. One of the driving forces behind this shift was the perception that WFH staff cost less than traditional staffing models. It turns out that is not the case, at least when it comes to cybersecurity.

This is because staff members who work from home require significant extra training in order to keep themselves and company digital assets safe. Given the widespread skills shortage that still characterizes the cybersecurity world, this is likely to apply to all teams. Even worse – if staff are not trained adequately, you will have to pay to clean up after their mistakes, which will cost even more.

 

Incident Response

Second, you should consider your risk tolerance, make a reasonable estimate of how many incidents you are likely to have to respond to this year, and how much this will cost. In many organizations, these costs are overlooked, because cybersecurity consultants still make the mistake of thinking that spending enough on prevention will allow them to cut incident response costs to zero. Don't make that mistake. It just doesn’t work like that.

 

Resource Replacement and Upgrade

You should also consider replacing and upgrading your hardware and software resources in response to the shift to WFH. Older laptops with out-of-date security software might be (barely) secure enough to protect your employees and data if they stay behind your corporate firewall, but once they leave the office they are exposed to a much higher level of risk on the open internet.

For this reason, now might be the time to replace aging hardware with newer machines that incorporate biometrics, or to install hardware encryption on older machines. Equally, 2021 is a good time to take a second look at any free but fairly insecure software you might be using. As easy as Google makes it to use their products, there’s a good chance that considering the alternatives will allow you to reduce your chances of a cybersecurity incident. Here’s just one example of the kind of trouble you face with the search engine behemoth.

 

Consultants

This might seem like a bad time to spend thousands of dollars on consultants, but red-hat testing is a great way of understanding the threats you face and understanding how to mitigate them. Research shows that internal battles still hold SOC back in many firms, and a successful pen test is a great way to get everybody focused on the same goal.

 

Insurance

You've probably noticed that your cybersecurity insurance premiums have risen in the last year, and there's a good reason for that. Insurance companies have taken a look at the statistics and decided that remote employees present a huge risk. They are, accordingly, charging more to insure them, and you should make sure that your cybersecurity budget reflects this.

If, on the other hand, you do not currently have cybersecurity insurance at all, you should seriously consider getting it. While an extra expense might seem like a heavy burden to bear at the moment, the savings in the event of a successful attack far outweigh this repeating, predictable cost.

 

Security-as-a-Service

Finally, and particularly if the number of factors above seems like it will increase your budget to unmanageable levels in 2021, it might be time to consider outside help. While there have been third-party security solutions on the market for decades, some have been developed into full-spectrum Security-as-a-Service platforms.

These platforms promise to take care of your cybersecurity in its entirety, leaving you free to focus on more important things. Whether this is true in practice depends on your risk level, type of business, and other factors. But it is certainly worth looking into whether this type of arrangement is a good fit for your business.

 

Expect the Unexpected

While it might not feel like it right now, the kind of root-and-branch assessment of cybersecurity budgets necessitated by the pandemic might, overall, be a positive development. Many firms haven't looked at their budgets and the assumptions they are based on for many years. This review has been long overdue.

Even if you find you are already well-prepared for the coming year, the process of looking afresh at your budget can be instructive. The ability to assess risk and budget accordingly is one of the fastest growing cybersecurity skills and developing expertise in this area could ultimately provide a career boost.

KEYWORDS: cyber security remote work risk management threat assessment

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Bernie brode

Bernard Brode is a product researcher at Microscopic Machines and remains eternally curious about where the intersection of AI, cybersecurity, and nanotechnology will eventually take us.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Red laptop

Cybersecurity leaders discuss Oracle’s second recent hack

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • remote work

    Cybersecurity: A survival guide for 2021

    See More
  • Here are the top political and security risks for 2021 that your organization needs to take prepare for

    Organizations must prepare for these 2021 security risks now, or may fail to make it in a post-COVID world

    See More
  • Security Budgets

    7 security investments for a post-pandemic world

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing