According to the results of the Global Corporate IT Security Risks: 2013 [PDF] survey, conducted by B2B International for Kaspersky Lab in April 2013, 60 percent of IT decision makers worldwide say not enough time or money is available to develop IT security policies -- and as a results, fewer than half of them feel that have organized, systematic processes in place to deal with cyber threats.

Only 28 percent of educational institutions are confident that they have sufficient investment in IT security, and only 34 percent of government and defense orgnaizations say they have enough time and resources to develop IT security policies.

Still, 91 percent of companies surveyed had at least one external IT security incident in the past 12 months. A serious security incident costs large companies an average of $649,000, and for small to medium-sized companies, serious incidents cost an average of $50,000.

Still, 28 percent of companies think the costs of guarding against cybercrime are greater than the potential losses, according to the survey results.

"IT security incidents can cause real financial and reputation damage," the report [PDF] states. "These losses can significantly exceed the cost of putting in place IT security tools which would help to avoid leaks of important data, downtime and other unplanned expenses. This is why it is important to invest in the security of the corporate IT infrastructure."