October 28, 2009 7:59 AM PDT

More security breaches hit midsize companies

by Lance Whitney
  • Font size
  • Print
  • 6 comments

More midsize companies are being attacked by cybercriminals at the same time they're spending less on security, says a McAfee report released Wednesday.

Across the world, more than half of the 900 midsize businesses (51 to 1,000 employees) surveyed by McAfee for its report, The Security Paradox, said they've seen an increase in security breaches over the past year. Despite the threat, the recession has caused most of these companies to freeze their IT security budgets.

Midsize organizations have seen an increase in cyberthreats in 2009. (Credit: McAfee)

McAfee found that the costs of dealing with a security attack can be high. Over the last year, one of five midsize companies surveyed lost $41,000 in sales on average as a result of a breach. In China alone, 38 percent of the businesses questioned lost an average of $85,000 due to an attack. And more than 70 percent believe a serious data breach could put them out of business, noted the report.

Organizations think a breach could put them out of business. (Credit: McAfee)

But as the recession has grown, IT budgets have dropped. Almost 40 percent of the companies trimming their IT security budget plan to limit the purchase of new security products. And more than a third are switching to cheaper security software to cut expenses, even though they realize that may put them at greater risk.

"An organization's level of worry and awareness about increasing threats has not overcome the downward pressure on budgets and resources," said Darrell Rodenbaugh, senior vice president of global midmarket for McAfee, in a statement. "But this creates a vicious cycle of breach and repair that costs far more than prevention."

Midsize companies also may underestimate their risk, according to McAfee. Among companies with fewer than 500 employees, more than 90 percent believe they're protected from cybercriminals and feel they don't face the same threats that larger firms do.

But McAfee discovered that businesses with 101 to 500 people had on average 24 security breaches over the past three years, compared to 15 breaches for those with 501 to 1,000 employees.

In the long run, dealing with the aftermath of a security attack eats up a company's time and expenses. The study found that 65 percent of firms spend less than four hours a week on IT security, but around the same percentage have spent more than a day recovering from security breaches.

"Our research shows that organizations that put more effort on preventing attacks can end up spending less than a third as much as those that allow themselves to be at risk," said Rodenbaugh.

The study was conducted by research firm MSI International, which surveyed 100 midsize businesses in each of the following countries: U.S., U.K., Australia, Canada, China, France, Germany, India, and Spain. The results were compared with prior studies done in North America and Europe.

Lance Whitney wears a few different technology hats--journalist, Web developer, and software trainer. He's a contributing editor for Microsoft TechNet Magazine and writes for other computer publications and Web sites. You can follow Lance on Twitter at @lancewhit. Lance is a member of the CNET Blog Network, and he is not an employee of CNET.
Topics:

News,

Vulnerabilities and attacks

Tags:

McAfee,

security,

viruses,

spyware,

malware,

cybercriminals

Share:
Digg
Del.icio.us
Reddit
Recent posts from Security
More attacks expected on Facebook, Twitter in 2010
GSM crypto code cracked, engineer says
Web-based Lookout protects mobile devices, data
Hackers claim to crack Kindle copyright armor
Using Facebook and Twitter safely
Report: FBI investigating Citibank cyberattack
White House appoints cybersecurity chief
So, is it safe to tweet now?
Related
McAfee uncovers riskiest domains
More attacks expected on Facebook, Twitter in 2010
Trend Micro forecasts future threats
Using Facebook and Twitter safely
McAfee Labs' 2010 threat predictions (podcast)
Web-based Lookout protects mobile devices, data
Report: FBI investigating Citibank cyberattack
Comcast launches bandwidth meter pilot
Add a Comment (Log in or register) (6 Comments)
  • prev
  • 1
  • next
by krosafcheg October 28, 2009 8:20 AM PDT
UK lowest - begs to ask, what are they doing the rest of them are not?
Reply to this comment
by cbscowards October 28, 2009 8:58 AM PDT
Putting their heads a little deeper in the sand?
by gfsdfge October 28, 2009 9:24 AM PDT
Security is a very good selling point for the Cloud computing initiatives. I would trust a major name brand (Google, Oracle, Microsoft, IBM, etc.) with a good SLA to be far more secure than most mid-sized and small enterprises. There are also a ton of small businesses that put up LAMP or cheap Windows sites a long time ago. These outfits do not have the expertise or the time to keep up on security.
Reply to this comment
by ThinkBeforeYouPost October 28, 2009 9:32 AM PDT
Amazing! A study shows that the security threat is higher than ever and that companies stand to lose a lot of money in an attack. In a recession, a lot of companies are tempted to reduce their IT security budget, but the study clearly shows that it would be a big mistake. Thank you for the potentially life-saving information!
And the study was conducted by...?
Oh right, then.
Reply to this comment
by JBSimmons October 28, 2009 1:45 PM PDT
Oh, yeah. This was conducted by McAfee. McAfee is not THE solution to security problems. I have had other software catch things before McAfee did. Having only ONE package is not THE solution either. One has to have an overlapping of two or three of the best packages for the best overall protection. That has been my experience over the past 4 years. Your experience may differ.
Reply to this comment
by tommy122 October 29, 2009 11:12 AM PDT
These problems will never go away until very stiff penalties are imposed on these criminals. These people are stealing just as much so as if they robbed a bank. The penalty should be the same.
Reply to this comment
(6 Comments)
  • prev
  • 1
  • next
advertisement

15 sites that went kaput in 2009

Web sites launch all the time, but they also shut their doors. We highlight 15 that bit the dust this year.

Top 10 news stories of the decade

Let the debate begin: Was the iPhone more important than iTunes? Was anything bigger than Google finding a great business model? CNET offers its list of the 10 most important stories of the '00s.

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET