McAfee’s Security Paradox Report – SMB Are Targets

As predicted, mid-sized companies are reporting an increase in cyber-threats.  Unfortunately, most are also freezing their IT security budgets, and are not very knowledgeable in basic security controls, according to a report released by McAfee today.

According to McAfee’s “The Security Paradox” study, more than half of the mid-sized companies surveyed have seen increased security incidents  from mid-2009 to mid-2010.  16% of those who had been hacked reported it took them more than a week to recover from the damage.  About a third of the organizations were attacked repeatedly, and over half of those incidents were serious enough to take up to five hours to investigate and fix.

Worldwide, 75% of the companies responding to the survey reported either flat or declining security spending.  The country-breakdowns showed similar patterns in the US and Canada, with only a quarter of the organizations reporting increased security spending.  Over half of the surveyed organizations also admitted to limited knowledge of the regulatory and compliance requirements pertinent to their organization or industry.

  • 1 in 5 mid-size organizations had a security incident that directly caused revenue loss —$41,000 on average.
  • In China, 38% of businesses had an incident, with an average loss of $85,000.
  • The average number of cyberattacks against mid-size organizations in the US jumped 322% from 2008 – 2009.
  • 70% of businesses believe a serious data breach could put their company out of business.
  • 70% of businesses froze or cut their IT security budgets to focus their resources on building or retaining their businesses.

Budgets are down, attacks are up, mid-size is the new target, and knowledge levels are poor.  A perfect storm…

Full article at  e-Week   Get the report from McAfee (annoying info gathering required)