McAfee Says Midsize Businesses Face Security Budget Cuts, Challenges

McAfee reports on the IT security struggles of midsize businesses. Though more than half of businesses surveyed said they have seen more security incidents in 2009 than 2008, 75 percent reported having to cut or freeze their IT security budgets.

Midsize businesses are slashing their security budgets even as cyber-threats continue to grow, according to a report from McAfee.

In a survey of 900 employees of midsize businesses around the globe conducted by MSI International, 75 percent of the respondents reported cutting or freezing their IT security budgets in 2009. At the same time, 56 percent of the respondents reported seeing more security incidents this year than last, and 29 percent admitted to suffering a data breach in the past year.

"More than 90 percent of people surveyed in companies with 500 employees or fewer feel protected from cyber-attacks, even though the evidence is hardly on their side," said the McAfee report, entitled "The Security Paradox." "The truth is that companies with fewer than 500 employees suffer more attacks on average than their larger counterparts. Of the midsize organizations that have had security breaches, those with 101 to 500 people have had roughly 24 incidents in the past three years, compared to only 15 incidents for organizations with 501 to 1,000 employees."

Federal IT security spending is expected to increase significantly. Click here to read more.

The authors continued, "Our research shows that in the past year midsize organizations in the United States have spent a total of $17.2 billion fixing IT security incidents. On average, in 2008 a single midsize organization in the United States spent more than $75,000 a year on IT security incidents."

About 60 percent of the U.S. respondents said it had taken their businesses more than a day to recover from their most recent cyber-attack. That number stood at 86 percent in China and 70 percent in India. Overall, McAfee found that 65 percent of surveyed midsize organizations worldwide spend less than 4 hours a week on proactive IT security.

Database security takes proper planning. To read more, click here.

"An organization's level of worry and awareness about increasing threats has not overcome the downward pressure on budgets and resources," Darrell Rodenbaugh, senior vice president of global midmarket for McAfee, said in a statement Oct. 28. "But this creates a vicious cycle of breach and repair that costs far more than prevention. Our research shows that organizations that put more effort on preventing attacks can end up spending less than a third as much as those that allow themselves to be at risk."