That literally does not matter. There is no amount of money that you can pay today to get a system that can protect against a $15M attack. Literal billion dollar budgets can maybe get you to $1M if management is onboard and following all recommendations. It is not a question of money, it is a question of ability.

Cybersecurity spending is a black hole sucking in immense amounts of money while achieving no useful defense against typical threat actors such as organized crime who routinely target these companies. The current large vendors are all peddling snake oil and there is no value to purchasing it to cure what ails you.

The only correct assessment at this time is assuming you are 100% guaranteed to be hacked by organized crime if you are internet connected. You can then work from there to determine how your operations should be structured. Alternatively, you could demand your vendors take on liability for their security guarantees. They will not, but it will help you smoke out the snakes.