Medium organizations around the globe are increasingly concerned about cyberthreats, and the rising number of incidents shared publicly certainly justifies their worries. In the first half of 2009, for example, McAfee Labs saw almost as much new malware as it did in all of 2008. At the same time, most organizations have frozen or cut their IT security budgets. Threats up, budgets down. This is what we call the "security paradox."
The Security ParadoxThe First Global Study that Quantifies the Cost of Reactive Versus Proactive Security in a Midsize Organization
The Security Paradox 1The Security Paradox CONTENTS
Foreword 3
Methodology 4
Key Findings Worldwide 5
Threats Rise, Budgets Fall 6
Worry Tempered By Size 8
Threats and Responses Analysis 9
Threats Versus Budgets 11
The Changing Face of the Threats 12
Moving from Reactive to Proactive 13
The Best Defense in a Downturn 14
Contact 14Foreword
Medium organizations around the globe are increasingly concerned
about cyberthreats, and the rising number of incidents shared
publicly certainly justifies their worries. In the first half of 2009, for ®example, McAfee Labs saw almost as much new malware as it
did in all of 2008. At the same time, most organizations have frozen
or cut their IT security budgets. Threats up, budgets down. This is
what we call the "security paradox."
Those realities are exploited by cybercriminals, who use the downturn to step up the pace. Disgruntled employees are also walking away with valued information assets, while businesses scale back on defense in an effort to get lean. And it's happening at a time when businesses can ill afford downtime, decreased productivity, stolen data, lost sales and a damaged corporate reputation.
This report quantifies security spending within midsize organizations (those with 51 to 1,000 employ-ees). As these companies grow into larger enterprises, we wanted to examine how they allocate their security resources and dollars, particularly as they react to a growing threat landscape. In the last year, one in five midsize organizations had a security incident that directly caused their organization to lose revenue-$41,000 on average. In China, 38 percent of businesses had an incident with an average loss of $85,000. Some 70 percent of businesses believe there is some chance a serious data breach could put their company out of business. About the same number froze or cut their IT security budgets to focus their resources on building or retaining their businesses. When revenues are down, so are budgets.
The good news is that being proactive costs far less than what companies spend during remediation resulting from a cyberattack. With the right solutions in place, midsize organizations can reduce the complexity and cost of deploying and managing security-during a time when doing more with less is the number one priority.
Darrell Rodenbaugh Senior Vice PresidentGlobal Mid-Market Business Unit McAfee, Inc.
The Security Paradox 3Methodology
For this report, McAfee surveyed companies in Australia, Canada, China, France, Germany, India, Spain, the United Kingdom and the United States. The results were then compared to previous studies conducted in Europe and North America.
The study was conducted by MSI International. Approximately 100 surveys were collected in each Medium-sized business members of an online country. The data was weighted by employee size Internet panel were recruited to participate in an to reflect the proportion of companies within the Internet survey. To qualify, the person completing employee range of 51 to 1,000.the survey had to meet the following criteria: MSI International is a full-service marketing intel-. Be employed in a company with 51 to 1,000 ligence firm headquartered in Philadelphia, and employees worldwide has been in business for more than 15 years. In . Be involved in the management of IT products 2004, the company launched a joint venture, and services or have decision-making respon- MSI-ITM B.V., based in Amsterdam, to specialize in sibilities for their company concerning IT and Web-based marketing intelligence solutions. MSI's security issues current clients include leading global, national and regional firms. To learn more, visit www.msimsi.. Be employed in a company that was not com and www.msi-itm.com.considered a government-sector or non-profit organization
4 The Security ParadoxKey Findings Worldwide
56% 78%of midsize organizations are seeing more security of midsize organizations around the world are incidents this year than last concerned about being a target of cybercrime
29% 19%of midsize organizations suffered from a data of midsize organizations had an IT security inci-br... [download for more]
