At least 60 per cent of IT decision makers in GCC feel that not enough time or money is available to develop IT security policies. As a result, barely half of the companies feel that they have highly-organised, systematic processes to deal with threats.
These findings emerged from the recent Global Corporate IT Security Risks 2013  survey conducted by B2B International for Kaspersky Lab in 2013 among business representatives around the world.
Meanwhile, even a single measure, such as, implementing IT security policies for mobile devices, could significantly reduce the risks posed by smartphones and tablets in a corporate IT environment. The survey showed that in GCC almost 45 per cent of companies have no such policies . Even where mobile security policies have been implemented, resources are still inadequate, as about 26 per cent complained that budget increases were insufficient, while 13 per cent complained there was no extra funding made available.
A serious incident costs large companies an average of US$649,000 (approximately RO249,865); for small and medium-sized companies the bill typically comes to about US$50,000 (RO19,250). A successful targeted attack can cost a company up to US$2.4mn (RO924,000) in direct financial losses and additional costs. 
The situation is especially bad in the educational industry, where globally only 28 per cent of organisations are confident that they have sufficient investment in IT security policies. What is even more critical, only 34 per cent of the government and defence organisations surveyed all around the world, claim that they have enough time and resources to develop IT security policies. The remaining two thirds are in constant danger of losing confidential governmental information.
According to the survey, 93 per cent of the companies had at least one external IT security incident, and 92 per cent reported internal incidents in the past 12 months. Such incidents can cause financial and reputational damage. Losses can significantly exceed the cost of putting in place IT security tools which would help avoid leaks of important data, downtime and other unplanned expenses. This is why it is extremely important to invest in IT infrastructure security.
According to the survey, 45 per cent of companies still regard security issues as things that ‘happen to others’ - although this complacent attitude has been in decline since last year. Another problem is that 42 per cent of companies mistakenly think that the costs of guarding against cyber crime are greater than the potential losses.