Following my recent article about managing the cyber risk, you may be wondering how much you need to spend to ensure adequate cybersecurity for your business. That is a sensible question, as there is no limit to the amount you could spend, and we know that 100% security from cyberattacks is as unrealistic as 100% physical security. You want value for your money, don’t you?

Risk Dice

This is where the basic principles of risk management become relevant. See my book Load The Dice Kindle ASIN: B00R58W9NQ

What do I mean? Think about the probability and potential severity of each risk., in this case the cyber risk.

  • What data is on your computer?
  • How crucial is it?
  • Where is it backed up?
  • How easily could you reinstall your software?
  • How likely is it that your business would be specifically targeted?
  • How dependent are you on other organisations that are more likely to be targets?

When you have the answers to all the above, you are then in a position to review your cybersecurity.


There are three options.

  1. You can do this alone or with your own IT people.
  2. You can see me or another risk management consultant., such as
  3. Or you can go to a more advanced cybersecurity firm, perhaps one that does penetration testing like

Or you could always do what the NHS did. Wait and see what the dice do. I think it’s better to load them in your favour.

It’s your decision. It’s your business.