Mid-Size Businesses Suffer More Cyberattacks As Security Budgets Tighten

By Matthew Harwood

A recent survey shows that cybercriminals are increasingly attacking mid-sized businesses at the same time that firms freeze or cut their IT security budgets due to the tough economy, reports


The international survey conducted by McAfee found that more than half of businesses with 51 to 1,000 employees have seen cyberattacks increase over the past year as they trim security budgets. "Threats up, budgets down," said McAfee. "This is what we call the 'security paradox.”

Weak defenses often leads to real financial pain, according to

McAfee found that the costs of dealing with a security attack can be high. Over the last year, one of five midsize companies surveyed lost $41,000 in sales on average as a result of a breach. In China alone, 38 percent of the businesses questioned lost an average of $85,000 due to an attack. And more than 70 percent believe a serious data breach could put them out of business, noted the report.

Mid-sized businesses in the United States didn't fare much better than their Chinese counterparts, spending an average of $75,000 on security incidents.

As mid-sized businesses try to weather the current global downturn by cutting their IT security budgets, the McAfee report shows they play a game of chance that can be far more expensive in the long run.

“An organization’s level of worry and awareness about increasing threats has not overcome the downward pressure on budgets and resources,” according to a statement by Darrell Rodenbaugh, senior vice president of global midmarket for McAfee. “But this creates a vicious cycle of breach and repair that costs far more than prevention. Our research shows that organizations that put more effort on preventing attacks can end up spending less than a third as much as those that allow themselves to be at risk.”

To put it more bluntly: being cheap now could cost you dearly later.

Investing in defense saves time too, McAfee discovered. Sixty-five percent of mid-sized businesses spend less than four hours a week on proactive IT security. Yet when attacks do occur, 67 percent of firms spend more than a day recovering from them.

McAfee also noticed another disconcerting trend for smaller mid-sized businesses: They're becoming the target of choice for cyberattackers. The conventional wisdom among mid-sized businesses was that cybercriminals attacked the bigger fish in the financial sea. But McAfee's data contradicts this.

Of the mid-sized businesses that suffered a security breach over the past three years, it was the smaller ones that were attacked most. Smaller mid-sized businesses employing 101 to 500 workers were hit 24 times while larger mid-sized businesses employing 501 to 1,000 workers were hit 15 times.

Hackers, it seems, are opportunistic predators.

♦ Screenshot of McAfee Web site

View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.