Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Thursday, October 29, 2009

Study: Midsize Companies Cut Security Budgets As Cyber Threats Escalate

McAfee has released research finding from a global study that midsize organizations are cutting their security budgets at the same time that cyberthreats are escalating.

The study found that more than half of midsize companies surveyed globally have seen more security incidents in the past year, and a single midsized company lost $43,000 on average to security incidents.

“In the global study, 56 percent said security spending was flat, and 19 percent said it was decreasing while only 25 said it was on the increase,” said Darrell Rodenbaugh, senior vice president of global midmarket for McAfee.  “In Canada 64 percent were flat, 27 percent increasing and 9 percent decreasing.”

The survey looked at companies with between 51-1000 employees, in nine different countries (Australia, Canada, China, France, Germany, India, Spain, the United Kingdom and the United States) with a minimum of 100 companies per country in the sample size.

The objective, Rodenbaugh said, was to understand the real costs companies are facing today, as well as understand their level of effort in security and the amount of money they spend when a threat hits.

The majority of companies also said they are seeing more threats, more incidents, with 56 percent seeing an increase in threats.
Organizations are spending lots of money reacting to the threats.
Organizations are freezing or cutting their IT budgets.

And the result is that while they spend less time and money on proactive management, they spend more time and money recovering from attacks.

“In the U.S., the typical IT professional spent six or more hours a week proactively, and less than a day recovering.”  Almost half of midsize organizations surveyed (43 percent) think larger organizations with 501+ employees are most at risk for a security attack.

Posted on 10/29