Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Last year midsized companies spent a total of $17.2 billion fixing IT security incidents according to new research out this week from McAfee.

McAfee recently had MSI International surveyed 900 companies with between 51 and 1,000 employees to find that in the past year a single midsized organization lost $43,000 on average due to security incidents and that 56 percent of these companies suffered an increasing number of security incidents.

Nearly 30 percent of small businesses suffered a breach in the last year and McAfee reports that there has been a 322 percent increase in cyber attacks waged on midsized organizations in the past year.

Most midsized organizations are aware that security breaches can have dire consequences—71 percent of IT management at these companies believe there is some chance a serious breach could put their company out of business. However, many of these organizations are under the mistaken perception that hackers like to target larger companies. Approximately 43 percent think that organizations with more than 500 employees are at greater risk for an attack.

But McAfee’s survey actually found that companies with 101 employees to 500 employees suffered 60 percent more incidents than those with 501 to 1000 employees. 71 percent of IT directors in the midsized companies surveyed believe there is some chance a serious data breach could put their company out of business.

“An organization’s level of worry and awareness about increasing threats has not overcome the downward pressure on budgets and resources,” said Darrell Rodenbaugh, senior vice president of global midmarket for McAfee, in a statement about the report. “But this creates a vicious cycle of breach and repair that costs far more than prevention.”

McAfee’s found that 75 percent of midsized companies cut or froze their security budgets in the past year. Around 65 percent of these companies spend less than four hours per week on proactive IT security.