Two-thirds of IT decision makers cite shortage of time or money as the reasons why they cannot strengthen IT security, according to a survey.
About half of the companies feel that they have organised and systematic processes to deal with IT security threats, found the research conducted by B2B International for Kaspersky Lab.
The research was conducted in April 2013 but Kaspersky has only just announced its findings.
A serious incident of IT security could cost an average of $649,000 for large firms and about $50,000 for SMBs, the survey finds., while a successful security attack could cost a firm up to $2.4m in direct financial losses and additional costs.
Despite this, only 28% of firms which operate in the educational industry have sufficient investment in IT security policies, while just34% of the surveyed firms in government and defence said they have enough time and resources to develop such policies.
Out of all the companies, almost half of them didn’t have any IT security policies, while 16% said they have no extra funding available.
About 28% of the businesses mistakenly think that the costs of IT security are greater than the potential losses.
According to the survey, 91% of the firms had at least one external IT security incident, and 85% saw internal incidents during the past year.
According to the survey, a quarter of firms still regard security issues as things that ‘happen to others’.
