Midsize companies are cutting their security budgets at the same time that cyberthreats are escalating. According to McAfee’s report "The Security Paradox", more than half of midsize companies globally have seen more security incidents in the past year, each losing an average of $43 000.00 to security incidents.

Meanwhile, the majority of these same companies reported spending freezes on their IT security budgets.
This paradox occurs in part because midsize companies are under the mistaken impression that hackers prefer to target larger companies. Almost half of midsize organisations (43%) think larger companies with 501-plus employees are most at risk for a security attack. In truth, organisations with less than 500 employees actually suffer from more attacks on average.
"An organisation’s level of worry and awareness about increasing threats has not overcome the downward pressure on budgets and resources," says Jayson O’Reilly, regional manager for Africa at McAfee. "But this creates a vicious cycle of breach and repair that costs far more than prevention. Our research shows that companies that put more effort on preventing attacks can end up spending less than a third as much as those that allow themselves to be at risk."
McAfee’s study found that 65% of midsize organisations worldwide spend less than four hours a week on IT security proactively, but nearly the same amount (67%) spend more than a day recovering from IT security attacks.