"Across the board, between 80 and 86 percent of most organizations are focusing on avoiding internet threats that impact business operations," said Jim Hurley, Aberdeen vice president of research and author of the report.
The number two spending driver is maintaining customer trust in the company brand, with 40 to 50 percent of the survey respondents citing that factor. Much farther down on the list are complying with government regulations and avoiding employee misuse of data.
The report is based on 210 businesses, a majority of them small with annual revenues of $50 million or less.
Organizations that are focused on segmenting or limiting access to corporate data are getting the most bang for their buck in terms of reducing security incidents, Hurley said.
"Those seeing increases in business disruptions from security events aren't focused on it at all," he said.
Also, companies that are buying best-in-breed security products are having more success in limiting incidents compared to those relying on the security capabilities embedded in their systems and network products, Hurley said.