Mid-sized companies report an increase in cyber-threats this past year, even as many are simultaneously freezing their IT security budgets, according to a report released by McAfee on Oct. 13. The report is based on a survey of more than 1,100 IT managers worldwide working at companies with 51 to 1,000 employees.
According to "The Security Paradox" study, more than half of the mid-sized companies surveyed have seen an increase in security incidents in the 12-month period from mid-2009 to mid-2010 compared with the prior 12-month period. One in five respondents say their organizations had a security incident that directly affected revenue. On average, companies lost $41,000. Of those who had been hacked, 16 percent report that it took them more than a week to recover from the damage.
About one-third of respondents say they were attacked repeatedly, and more than half of those incidents were serious enough to take up to five hours to investigate and fix, according to the report. In the United States, the average number of cyber-attacks against mid-sized organizations more than quadrupled from mid-2008 to mid-2009, McAfee says.
Even as threats increase and grow in severity, IT security budgets are way down. More than half (58 percent) of respondents to the McAfee survey say their organizations spent fewer than three hours per week working on, evaluating and researching IT security options in the past 12 months.
Worldwide, three-quarters of respondents reported either flat or declining security spending, says Darrell Rodenbaugh, senior vice president of global midmarket for McAfee.
Fore more, read the eWeek article Hackers Increasingly Targeting Midsize Organizations: Survey.