UK medium to large companies each lost an average of £16,000 through security breaches and yet nearly two thirds have cut or frozen IT security budgets, research has revealed.
That is despite a third of medium to large companies surveyed in the UK by security firm McAfee admitting their defences had been breached by hackers in the past year.
UK respondents reported more cyber attacks than anywhere else in the world, with each company attracting around 40 attacks a year.
The number of attacks is also increasing with 57% of respondents reporting more incidents and threats from 2008 to 2009.
These businesses are under the misapprehension that hackers prefer to target larger organisations, said Greg Day, security analyst at McAfee.
"The smaller the business, the less they think that they will be attacked, but in reality hackers are indiscriminate in choosing targets," he said.
This is because criminals target security vulnerabilities rather then specific companies or organisations, so all businesses are vulnerable regardless of size, said Day.
"But successful attacks on smaller companies often have a more devastating impact because they lack the resources of larger companies to recover quickly," he said.
For this reason, he said, it is even more important for smaller organisations to invest adequate time and money to ensure they have adequate defences against cyber attack.
Failure to keep pace with cyber threats leads to the vicious cycle of breach and repair, said Darrell Rodenbaugh, senior vice president of global midmarket for McAfee.
"The research shows that organisations that put more effort into preventing attacks can end up spending less than a third as much as those who do not," he said.