Security breaches grow for midsize companies

Tuesday, April 13, 2010 @ 01:04 PM gHale

More midsize companies are facing attack from cyber criminals while at the same time they are spending less on security, according to a report from security software provider McAfee.

Across the world, more than half of the 900 midsize businesses (51 to 1,000 employees) surveyed said they’ve seen an increase in security breaches over the past year. Despite the threat, the recession forced most of these companies to freeze their IT security budgets.[private]

Conversely, McAfee found the costs of dealing with a security attack can be high. Over the last year, one of five midsize companies surveyed lost $41,000 in sales on average as a result of a breach. In China alone, 38% of the businesses questioned lost an average of $85,000 due to an attack. And more than 70% believe a serious data breach could put them out of business, according to the report.

But as the recession continued, IT budgets dropped. Almost 40% of the companies trimming their IT security budget plan to limit the purchase of new security products. And more than a third are switching to cheaper security software to cut expenses, even though they realize that may put them at greater risk.

“An organization’s level of worry and awareness about increasing threats has not overcome the downward pressure on budgets and resources,” said Darrell Rodenbaugh, senior vice president of global midmarket for McAfee. “But this creates a vicious cycle of breach and repair that costs far more than prevention.”

Midsize companies also may underestimate their risk, according to McAfee. Among companies with fewer than 500 employees, more than 90% believe they’re protected from cyber criminals and feel they don’t face the same threats that larger firms do.

But McAfee discovered that businesses with 101 to 500 people had on average 24 security breaches over the past three years, compared to 15 breaches for those with 501 to 1,000 employees.

In the long run, dealing with the aftermath of a security attack eats up a company’s time and expenses. The study found 65% of firms spend less than four hours a week on IT security, but around the same percentage have spent more than a day recovering from security breaches.

“Our research shows that organizations that put more effort on preventing attacks can end up spending less than a third as much as those that allow themselves to be at risk,” Rodenbaugh said.

The study was conducted by research firm MSI International, which surveyed 100 midsize businesses in the U.S., U.K., Australia, Canada, China, France, Germany, India, and Spain.[/private]

Leave a Reply

You must be logged in to post a comment.