CDW Corporation released its 2009 Report on Small Business Resilience last month. This report was based on a survey of 613 small businesses around the country, and examined various issues such as how SMBs are responding to the economic recession, as well as factors that contribute to what is termed "business survivability."
To get a better understanding of the facts, I pored through the report and took a closer look at the demographics of the surveyed companies. According to the data, half of these companies had fewer than 20 employees, while the other half have 20 to 99 employees. Despite their smaller sizes, these companies are no just-started-yesterday establishments. Indeed, just over 80 percent of the surveyed businesses have been in business for at least five years (64 percent have been in business for more than 10 years), which I believe allows the study to portray an accurate picture of the average small business.
The following findings caught my attention:
These are IT threats that any IT professional worth their salt would not have delayed in addressing. Probably related to the dismal numbers when it comes to protecting themselves against common security threats, 55 percent of those small companies with a company-wide network do not have regular IT support. Further compounding the issue, though, is the fact that a mere 46 percent even have a business continuity (BC) or disaster recovery (DR) plan.
In a way, the above findings are not surprising when taken in context of an earlier study by the National Cyber Security Alliance (NCSA) and Symantec, in which 1,500 SMBs across the United States were surveyed. While the focus of both reports was different, it is clear when looking at them that small businesses as a whole are by far the weaker party when it comes to the area of IT security.
This is a situation that is unlikely to be rectified overnight, unfortunately. What is clear to me, though, is that business owners and IT managers would be well served if they were to spend a bigger slice of their budget and efforts in securing their small businesses. Alternatively, small businesses can get an external service provider or consultant who can manage or advise on areas of their IT such as security, DR and BC.