Bangalore: McAfee's report, The Security Paradox, claims that more than half of midsize companies surveyed globally have seen more security incidents in the past year, and a single midsized company lost $43,000 on average to security incidents. Meanwhile, the majority of these same companies reported spending freezes on their IT security budgets.

This paradox occurs in part because midsize companies are under the mistaken impression that hackers prefer to target larger companies. Almost half of midsize organizations surveyed (43 percent) think larger organizations with 501 plus employees are most at risk for a security attack. In truth, organizations with less than 500 employees actually suffer from more attacks on average.

"An organization's level of worry and awareness about increasing threats has not overcome the downward pressure on budgets and resources," said Darrell Rodenbaugh, Senior Vice President of Global Midmarket for McAfee. "But this creates a vicious cycle of breach and repair that costs far more than prevention. Our research shows that organizations that put more effort on preventing attacks can end up spending less than a third as much as those that allow themselves to be at risk."

McAfee's study found that 65 percent of midsize organizations surveyed worldwide spend less than four hours a week on IT security proactively, but nearly the same amount (67 percent) spend more than a day recovering from IT security attacks. Threat and response varied greatly from country to country, but uniformly the countries where companies invested the least time on prevention - Canada and France among them - suffered the greatest financial losses and downtime from cybercrime when it happened, requiring a week or longer to recover from their most recent cyberattack.