Mid-sized companies which try to cope with the economic downturn by cutting computer security budgets are risking losing more money as they open themselves up to cybercrime.
In a situation which will undoubtedly play out across the whole business scene, cutting back on IT security is a false economy, and say McAfee, is often justified by the companies thinking that the cybercriminal is only interested in larger companies. This say McAfee is the Security Paradox and is the title of a comprehensive research report on mid-sized companies and their approach to IT security.
The McAfee report shows that half of mid-size companies surveyed globally have seen more security incidents in the past year. Indeed, one mid-sized company alone lost $43,000 on average to security incidents. Yet the majority of these same companies are nevertheless reporting spending freezes on their IT security budgets.
But mid-sized companies mistakenly believe that cybercriminals will overlook them for bigger targets. The McAfee report showed that 43% of mid-sized companies questioned believed that companies with 501+ employees are most at risk for a security attack.
Whereas, in reality, on average companies with less than 500 employees actually suffer from more attacks.
Darrell Rodenbaugh, senior vice president of global midmarket for McAfee, said:
“An organization’s level of worry and awareness about increasing threats has not overcome the downward pressure on budgets and resources. But this creates a vicious cycle of breach and repair that costs far more than prevention. Our research shows that organizations that put more effort on preventing attacks can end up spending less than a third as much as those that allow themselves to be at risk.”
The McAfee report goes on to say that 65% of midi-size organisations surveyed worldwide spend less than four hours a week on IT security proactively, but nearly the same amount (67%) spend more than a day recovering from IT security attacks. The report also highlighted the varying approaches in countries across the world. Interestingly, the countries where companies invested the least time on prevention, Canada and France amongst them, suffered the greatest financial losses and downtime from cybercrime. And they required a week, or longer to recover from their most recent cyber-attack.
Other facts that the report also revealed include:
- in 2008, US mid-sized companies spent a total of $17.2 billion fixing IT security incidents;
- last year, on average, a single US mid-sized company spent more than $75,000 a year on IT security incidents;
- the mid-sized company has seen, on average, a 322% increase from 2008 to 2009 of average cyber-attacks;
- over half (56%) of mid-sized companies globally have seen more security incidents this year than last, and 29% suffered a security breach in the last year;
- in the past there years, of the mid-sized companies that have had security breaches, those with 101 to 500 people have had about 24 incidents compared to only 15 incidents for organizations with 501 to 1,000 employees.
Guest Article by Neil Camp