For most organizations figuring a cybersecurity budget is often a mix of emotion and guesswork. A recent Gartner report shows most companies spend between 1% and 13% of their IT budget on cybersecurity, with the average at 5.6%. However, calculating cybersecurity budget as a proportion of the IT budget is a flawed approach, because the risk doesn’t necessarily rise if you buy more expensive equipment. A $1,200 laptop can very well be a $7 million security-risk issue. Not too mention, often, spending more on cybersecurity simply means getting more data about threats and more data about what’s going on in your system. To use a medical analogy, it can be like going to the doctor’s office 12 times a day: It really won’t make you any healthier. In order to get the most out of their cybersecurity budget, business leaders need to quantify cyber risk in simple economic terms and they need to understand how their cybersecurity spending impacts business objectives.