How much should your school spend on cybersecurity?

Recent surveys put cybersecurity spend at 3-7% of total IT budget for education. Schools sitting below 3% typically have meaningful gaps; schools above 7% are usually paying for either redundancy or unmanaged tool sprawl. A defensible target for most schools is 4-5%.

A complete cybersecurity budget includes:

• Licences (vendor product fees), usually 50-60% of total
• Services / management, 25-30%
• Staff time, 10-15% (existing IT lead time)
• Training, 3-5%
• Incident reserve, 5-10%

Missing the last two is a common pattern; both bite when an incident lands.

Two main levers:

• Auto-resolution: Coro's 95% automated handling means staff time on incident triage drops dramatically. For a school with 5,000 events / month, that is the difference between 80 hours and 4 hours of triage.
• Tool consolidation: replacing 4-5 point products with one AI-native platform typically saves 30-40% of licence spend even before management cost reduction.

The framing that lands is "cost of prevention vs cost of incident". UK breach response cost has averaged £4,000-15,000 even without ransomware. Ransomware adds zeros. A £6,000 annual cybersecurity budget that prevents one incident over the term has paid for itself many times over.