Security breaches cost SMEs $37,000 a pop

By Beverley Head
Thursday, 29 October 2009 08:42

Security

Small and medium Australian enterprises are particularly vulnerable to computer security breaches, with the average SME breach costing $37,661. Yet in spite of the threat, three in four Australian SMEs last year froze or cut their IT security budgets.

According to an international review of SMEs released by security company McAfee, 54% of Australian SMEs had seen an increase in threats during 2009 – with 67 % believing that a serious IT breach could put them out of business.

Yet 75% had frozen or cut their investment in IT security.

The report, called The Security Paradox, noted that “companies with fewer than 500 employees suffer more attacks on average than other larger counterparts.”

It went on to claim that “From the perspective of the criminal this only makes sense.

“The bigger and more prepared the company the more likely it can identify the perpetrators of a high profile attack and can afford to take legal action against them.”

Andrew Littleproud, McAfee’s regional director for Australia and New Zealand said that McAfee’s research had focussed on businesses with 51-1000 employees and around 100 Australian businesses had been included in the survey.

“For even smaller businesses, the perception is that they are not a target for cybercrime attacks. But organisations of any size have valuable information that can be stolen or sold.” They were also at risk from loss of data on stolen or lost USBs or laptops, he warned.

“Smaller enterprises are vulnerable and need to appreciate that fact,” Littleproud told iTWire. “There are still rich pickings irrespective of the size.”

Although industry analyst Gartner released a report earlier this year indicating security software budgets across all sectors would rise 4 percent in 2010 while security services budgets would increase 3 percent, Littleproud suggested those figures might be inflated by increased enterprise spending, while SMEs continued to spend only scantily on security.

But the costs of a security breach for an SME can be significant. The McAfee report estimated the cost of a breach by calculating the cost of reparation and estimating the costs associated with loss of business during the outage.

While Australia’s average SME loss at $37,661 was significantly less than the $95,594 a breach might cost a typical Chinese SME, it remains considerably more than the $22,313 or $29,134 a breach would cost a US or UK SME.