A reasonable order of magnitude is 3 to 8% of the IT budget for an unregulated SME, more for NIS2 sectors or organisations handling sensitive data. The initial spend typically targets EDR, MFA, immutable backups, security awareness and a posture audit to prioritise the roadmap.
EN
FR