Medium-sized companies are cutting their security budgets even as they suffer from increasing numbers of security breaches, according to a study sponsored by security vendor McAfee.
The report, published on Wednesday, is based on a survey of 900 medium-sized companies — with between 51 and 1,000 employees — from nine countries carried out by MSI International. It found that more than half had seen an increase in security threats over the past year, and 29 had suffered a breach.
At the same time, most medium-sized businesses surveyed had frozen or reduced their security spending. In the UK, for instance, 74 percent of the respondents said they had made cutbacks.
"An organisation's level of worry and awareness about increasing threats has not overcome the downward pressure on budgets and resources," said Darrell Rodenbaugh, senior vice president of global midmarket for McAfee, in a statement. "But this creates a vicious cycle of breach and repair that costs far more than prevention."
Over the past year, one in five of the companies surveyed had lost revenue as a result of a cyberattack. The loss amounted to an average of $41,000 (£25,000).
Researchers found a correlation between countries where companies spend less time on security prevention and those where companies take the longest to recover from a security incident. The countries covered were Australia, Canada, China, France, Germany, India, Spain, the UK and the US.
In France, where more than half of the businesses spent one hour or less on defensive measures each week, 45 percent took several days to recover from a security problem. In the UK, by contrast, 53 percent dedicated two to five hours to prevention and 54 percent took less than a day to return to normal.
"The countries where companies invest the least time on prevention suffer the greatest financial losses and downtime from cybercrime when it happens," McAfee said.
The study is available for download from McAfee's website.