The Security Paradox report that examines security concerns at midsize organizations around the globe

October 28, 2009

3 Min Read


SANTA CLARA, Calif., Oct. 28, 2009 " McAfee, Inc. (NYSE: MFE) today released research finding that midsize organizations are cutting their security budgets at the same time that cyberthreats are escalating, according to McAfee's report The Security Paradox. The study found that more than half of midsize companies surveyed globally have seen more security incidents in the past year, and a single midsized company lost $43K on average to security incidents. Meanwhile, the majority of these same companies reported spending freezes on their IT security budgets.

This paradox occurs in part because midsize companies are under the mistaken impression that hackers prefer to target larger companies. Almost half of midsize organizations surveyed (43 percent) think larger organizations with 501+ employees are most at risk for a security attack. In truth, organizations with less than 500 employees actually suffer from more attacks on average.

"An organization's level of worry and awareness about increasing threats has not overcome the downward pressure on budgets and resources," said Darrell Rodenbaugh, senior vice president of global midmarket for McAfee. "But this creates a vicious cycle of breach and repair that costs far more than prevention. Our research shows that organizations that put more effort on preventing attacks can end up spending less than a third as much as those that allow themselves to be at risk."

McAfee's study found that 65 percent of midsize organizations surveyed worldwide spend less than four hours a week on IT security proactively, but nearly the same amount (67 percent) spend more than a day recovering from IT security attacks. Threat and response varied greatly from country to country, but uniformly the countries where companies invested the least time on prevention—Canada and France among them—suffered the greatest financial losses and downtime from cybercrime when it happened, requiring a week or longer to recover from their most recent cyberattack.

Additional research findings:

* Last year, midsize organizations in the United States spent a total of $17.2 billion fixing IT security incidents * On average, in 2008 a single midsize organization in the United States spent more than $75,000 a year on IT security incidents * There has been a 322 percent increase from 2008 to 2009 of average cyberattacks against midsize organizations in the United States * 71 percent of IT directors in the midsized companies surveyed believe there is some chance a serious data breach could put their company out of business * 56 percent of midsize organizations globally have seen more security incidents this year than last, and 29 percent suffered a security breach in the last year * Of the midsize organizations that have had security breaches, those with 101 to 500 people have had about 24 incidents in the past three years, compared to only 15 incidents for organizations with 501 to 1,000 employees

McAfee's report The Security Paradox was conducted by MSI International and looked at security spending in the last year by companies with 51-1,000 employees in Australia, Canada, China, France, Germany, India, Spain, the United Kingdom and the United States. The results were compared to previous studies conducted in Europe and North America.

The full methodology and data is available upon request. To download the The Security Paradox report please visit:

About McAfee, Inc.

McAfee, Inc., headquartered in Santa Clara, California, is the world's largest dedicated security technology company. McAfee is relentlessly committed to tackling the world's toughest security challenges. The company delivers proactive and proven solutions and services that help secure systems and networks around the world, allowing users to safely connect to the Internet, browse and shop the web more securely. Backed by an award-winning research team, McAfee creates innovative products that empower home users, businesses, the public sector and service providers by enabling them to prove compliance with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights