April 09, 2009, 12:03 PM — Interesting findings in a new Symantec survey of 1,425 small and medium businesses. Bottom line: Small and medium-sized businesses understand security risks, but a high percentage have failed to enact basic safeguards.
Here's the release:
Symantec Corp. released the findings of its 2009 Storage and Security in SMBs survey. The study found that while SMBs are familiar with cyber risks and have clearly defined goals for security and storage, a surprisingly high number have yet to take even the most basic steps towards protecting their businesses, such as implementing antivirus or backing up their data. The study is based on surveys of 1,425 small and medium businesses in 17 countries during the first quarter of 2009.
SMBs Understand the Problem
Our research shows that SMBs clearly understand the importance of security. While they do rate viruses as their top security worry, more than 70 percent also say they are somewhat/extremely concerned about spam and data breaches. Respondents also report that protecting their information, network and servers are their top goals (mentioned as somewhat/extremely important by at least 94 percent).
“Many small and midsized businesses are at a crossroads—aware of the need to strengthen their IT security infrastructure but unsure how to do so with limited resources,” said Kevin Murray, senior director, product marketing, Symantec. “As with their enterprise counterparts, security threats to small and midsized businesses are increasing in complexity, number and frequency, and the volume of information they must protect and maintain continues to expand.”
SMB Security Gap
Despite understanding the security risks they face, a surprising number of SMBs are neglecting basic safeguards. For example, three of five (59 percent) have not implemented endpoint protection (software that protects “end points” such as laptops, desktops and servers against malware). Forty-two percent of SMBs do not have an antispam solution. Almost half do not backup their desktop PCs, leaving their important information at risk. Finally, one-third of SMBs do not have the most basic protection of all -- antivirus protection.
“Of course SMBs know better, but they are too often focused on business opportunities outside the company to pay attention to the risks they are taking right at home,” said Ray Boggs, vice president of SMB research at IDC. “SMBs operate in a world full of risk, but many are taking unnecessary chances by failing to secure their data the way they should.”
Simple Protection Could Prevent Catastrophic Loss
According to the study, when SMBs do suffer IT loss, it is likely to be in an area where basic protection measures could have prevented loss. For example, the leading cause of loss reported by SMBs was “system breakdown or hardware failure.” Installing desktop and server backup solutions is an easy task and would have provided excellent protection against losses from such a problem.
Staffing and Budget Driving the Gap
The study reveals that staffing and budget are two key factors driving the SMB security gap. Forty-two percent of SMBs don’t have a dedicated IT staff--they either have no one managing their computers or they use staff that has other jobs. In fact, the leading barrier to security cited by SMBs was a lack of employee skills (41 percent). SMBs also mention a lack of awareness of current threats (33 percent) and lack of time (28 percent) as chief barriers. Insufficient budgets are also a factor. The median IT security budget was just $4,500 per year.
SMB IT Budgets on the Rise
In a sign that things may be improving, SMBs reported that IT budgets are trending upward. Fifty percent of respondents state they plan to increase IT security and storage spending in the next 12 months. To increase IT security spending in a major recession is a strong sign that SMBs value IT security.
About the Storage and Security in SMBs Survey
Symantec’s Storage and Security in SMBs survey was conducted in February of 2009 by Applied Research. The study targeted 1,425 small and medium sized businesses (10-500 employees) located in 17 countries around the globe. There were 200 respondents in the United States. Worldwide the survey has a 95 percent confidence level with a margin of error of 2.6 percent.