A few interesting surveys concerning small and medium-size businesses (SMBs) and security were released during the past few weeks.
The most interesting element of a survey conducted on behalf of GFI Software by eMediaUSA was the theme that money and budgets, while important, are not the foremost concerns. Fifty-five percent of the 455 respondents spend less than 10 percent of their IT budgets on security and 38 percent spend between 11 percent and 30 percent. Despite the seemingly low spending, 77 percent said their allocation was adequate.
The survey had other intriguing numbers. Forty-eight percent of the companies believe that educating employees better would improve security. The release says 1 in 4 IT executives (it is unclear if the release was referring to precisely 25 percent or was generalizing) think management should sharpen their security knowledge. Four in 10 -- again, it's impossible to say whether the writer means precisely 40 percent or is estimating -- think their networks are not secure enough.
More SMB security numbers were contained in a survey conducted by Access Markets International about the broader landscape of SMB IT spending during 2007. The survey says that small businesses (companies with 99 or fewer employees) are buying antivirus products and security services, while medium-size businesses (with 100 to 999 employees) are focusing on retaining security services and buying hardware. In a finding that bridges the security and storage arenas, SMBs -- in particular, the midsize businesses -- are placing infrastructure and people at more locations.
A third study, released earlier this month by AT&T and reported upon at Computer Technology Review, suggests that a small but significant minority of small businesses are still playing a dangerous game with online security. The carrier reports that 24 percent of SMBs are unconcerned about online security and 10 percent don't take any action to safeguard their online presence. Other numbers lead to a similar conclusion that some companies are in denial: 32 percent report being unconcerned about wireless security and 17 percent don't safeguard their networks.
The story also offered results of an IDC survey, which said that 93 percent of responding companies back up their data, with 47 percent doing so more than once a day. Twenty-nine percent assign a person to handle security, with 24 retaining an outside firm.
Clearly, the SMB market is beckoning ever more clearly to vendors. For instance, Sophos late last month released Sophos Security Suite Small Business Edition. The product features version 2.5 of PureMessage for Microsoft Exchange 3.0. The software, which is aimed at small businesses, scans e-mail for accidental and premeditated data leaks and guards against hackers, viruses, spyware and spam. Earlier, Covad and McAfee partnered to bundle services to the sector. Covad customers, this story says, now can get McAfee Total Protection for Small Business repackaged as the Business Essentials offering.
Eyes often glaze over when reading survey results. The percentages tend to come in big bunches and the questions seem to be slight variations of each other. The trick is to try to assess the big picture. In the case of SMB security, the takeaway is that many companies are paying attention, but too big a minority have their heads buried in the cyber sand.