Midsize Companies Growing Target of Cybercriminals

Author: David Scribner (8 Articles)

David has been in the Supply Chain Management arena for more then a decade. His service with the U.S. Army’s Intelligence Branch during the Vietnam Era Veteran within the U.S Army’s Intelligence Branch helped develop an attention to detail, a positive attitude and an ability to build systems with superior accuracy and efficiency that has earned him a national reputation. Over the years, he has given multiple TV and radio interviews, sharing his insights on Global Business Strategy. David heads up our quality systems and oversees the entire AS9120 SAE ISO 9001:2000 certified process.

According to a recent study conducted on behalf of McAfee, more than half of the midsize businesses surveyed stated they had experienced an increase in security breaches over the past twelve months.  McAfee arranged for a study of 900 midsize companies covering the countries of the United States, United Kingdom, China, Australia, Canada, France, Germany, India and Spain to determine not only the frequency of breaches but also the companies’ investment perspective toward prevention.

McAfee’s report, The Security Paradox, continues on to point out that even though there has been a significant increase in cyber attacks, a number of companies have either frozen or cut back on costs related to IT budgets.  According to McAfee, almost 40 percent of the companies trimming their IT security budget plan to limit the purchase of new security products.  And more than a third are switching to cheaper security software to cut expenses, even though they realize that may put them at greater risk.

While many companies carry a higher level of concern and awareness about increasing cyber threats, the pressure on budgets and resources has served as a disincentive for continued investment.  Unfortunately, this creates a vicious cycle of breach and repair that costs far more than prevention.   In McAfee’s report, they proceed to explain that the cost of dealing with a security attack far outweighs the cost of prevention in the first place.  Based on the survey, over the past twelve months, one in five of the companies surveyed lost $41,000 in sales, on average, as a result of a breach.  McAfee’s research shows that organizations that put more effort on preventing attacks can end up spending less than a third as much as those that allow themselves to be at risk.

Another interesting perspective common in midsize companies is the belief they are less prone to risk from cyber attacks than larger companies.  Over ninety percent of the companies surveyed with an employee base of 500 or fewer felt they are protected from cybercriminals and believe they face a greatly diminished risk than do larger companies.  But, as the report goes on to state, companies of this employment range averaged about 1.6 times the number of cyber attacks at companies with an employment level of 501 to 1,000.

While not addressed in the report, it is important to point out that regardless of how proactive a company is with regard to its IT security, that is simply a beginning point to a company’s overall exposure.  If a company’s suppliers become disrupted due to a cyber attack, it have can long reaching impact on the company’s image and profitability.  For example, failure of a supplier to deliver needed components for a production run due to disruption of its operating system can create delays in the company’s production and result in late deliveries possibly carrying substantial penalties; not to mention the long-term damage to a company’s reputation and performance rating.  When such an event occurs, the company finds itself in a critical shortage situation for needed electronic components and must reach out to alternative sources to fill its production requirements; usually at a greater unit cost than budgeted.

It’s obvious that the focus on cyber attacks continues to be a major concern to everyone.  While pressure on budgets continues, it is critical that companies not forfeit the protection needed to insure the necessary level of protection.  It may be an issue companies need to raise not only within its own operation but with its key suppliers also.