In-Depth

Mid-Size Enterprises are Prime Targets

Mid-size shops are increasingly -- even disproportionately -- coming under attack by hackers, yet few security budgets are rising.

Mid-size shops are being pummeled -- cracking activities targeting mid-size shops exploded by 322 percent from 2008 to 2009. Paradoxically, IT security budgets are holding steady, even in the midst of this onslaught. Almost three-quarters of companies either maintained or slashed their security budgets; only one-quarter increased how much they spend on security.

That's one conclusion of a new study sponsored by McAfee, which found that one in five mid-size shops had been successfully penetrated -- at an average cost of about $40,000 -- by hackers.

The study, conducted by market research consultancy MSI International, found that things are especially bad in China, where almost two-fifths (38 percent) of mid-size shops had been compromised by hacking attacks.

It's part of a disturbing trend in which cracking activities targeting mid-size shops exploded by 322 percent from 2008 to 2009.

The study's title -- The Security Paradox -- hints at one of its conclusions, namely, that IT security budgets are holding steady (and in some cases declining) at a time when hacking activity is at an all-time high. Almost three-quarters of companies either maintained or slashed their security budgets in 2009, according to McAfee officials. Only one-quarter increased their security spend.

It isn't as if they don't know better, either. "Companies are well aware of the threats. They're not in denial. More than three-quarters of companies around the world are concerned about being a target of cybercrime. Fully 71 percent think there is some chance a serious data breach could put their company out of business," the report indicates.

"Still, an even greater number have not grown their IT security budgets this year. Nearly 40 percent of companies who are decreasing their IT security budgets in 2009 plan to eliminate or cut down on the purchase of new security products."

The problem is especially acute in mid-size shops, which -- in general -- have fewer resources than do their bigger brethren. "This is what creates the 'midsize paradox' -- long list of threats and the cost of ignoring them weighed against a resource investment rarely up to the challenge," McAfee researchers write.

Not only do mid-size shops know better, but they also have a good grasp of what's at stake: in the U.S., for example, almost three-quarters (71 percent) believe that a serious data breach could jeopardize the viability of their businesses. In China, almost 90 percent cite similar concerns.

To the extent that shops of all sizes opt to freeze (or slash) their security budgets, McAfee (like other security vendors) will suffer. At the same time, the researcher stresses, shops can cut costs -- even security-related costs -- without sacrificing security.

"A cost-cutting environment provides an opportunity for companies to make their IT security solutions more streamlined and effective. The result of this approach is fewer security breaches, less downtime and revenue loss, and less risk in one of the toughest economies in decades," the report asserts.

"Combining consolidated protection with centralized management is a security best practice, according to leading analysts. This combination is critical for proactively identifying potential risks and stemming loss of time and revenue. It also gives companies the greatest visibility into compliance status while lowering costs as much as 50 percent compared to a point-product approach."

Must Read Articles