Cybersecurity describes measures you take to protect your computer and information from unauthorized access. Concerns about cybersecurity are relatively new. According to the dictionary, the term “cybersecurity” wasn’t even in use before 1989, the first viruses started a decade later, but large-scale computer attacks didn’t make headlines until about 10 years ago. The IRS and courts have yet to tackle specific costs related to cybersecurity measures. However, given commonly known tax rules, I think there’s some guidance to be found.
The cost of off-the-shelf software can be expensed as a Section 179 deduction. Alternatively the cost can be deducted ratably over 36 months.
The monthly fee for cloud-based solutions is also fully deductible.
Different tax rules apply to self-developed or customized software, which is something that small businesses don’t do.
Like anti-virus and malware software, firewall software also protects computers from incoming threats. The cost of firewalls is treated the same as anti-virus software.
Ransom paid to hackers
If you experience a ransom demand and pay it in order to unfreeze your computer, the cost may be deductible. The experts are not clear on how to claim the write off. Here are two options:
- Take it as an ordinary and necessary business expense
- Claim it as a theft loss
But the IRS could argue that it’s a nondeductible illegal payment (see Code Sec. 162(c)(2) which bars a deduction for illegal bribes, kickbacks, and other payments.
If you have in-house employees doing IT work, their compensation is deductible just like that of any other employee. If you use an outside IT service, the fees are fully deductible as an ordinary and necessary business expense.
As cybersecurity takes a front burner for business concerns and companies invest money in addressing these concerns, expect to see IRS guidance on write-offs. Court decisions are sure to follow.