Symantec: SMBs Ignore Basic Security Measures


The findings of the 2009 Global Small and Mid-sized Business Security and Storage survey conducted by IT security firm Symantec has revealed what most of us have quietly known all along - that many SMBs do not implement basic security measures. Conducted in the first quarter of 2009, the survey involved 1,425 companies from around the globe, and reflected a pattern of neglect pertaining to security matters among SMBs.


A summary of the key findings:


  • 42 percent don't have a dedicated IT staff.
  • 41 percent cited the lack of employee skills as a barrier to security.
  • 56 percent have no endpoint security.
  • 53 percent are without backup and recovery systems.
  • 35 percent lacked antivirus protection.
  • Almost half do not back up their desktop PCs.


Probably more astounding of all was the fact that the median IT security budget for the surveyed organizations came in at just $4,500 per year, which limits the training options for staff or for acquiring the necessary tools to implement basic security measures.


The overall findings were not specific to a region either: 600 firms surveyed hailed from the Asia Pacific region, and 200 are from the United States. Participants come from over 17 countries.


However, it is not as if small and midsized businesses are completely unaware of the importance of security. According to Ray Boggs, vice president of SMB research at IDC, they have instead chosen to focus on business opportunities rather than paying adequate attention to the risks of inferior protection.


Herein resides the crux of the matter: The onus is on small and medium-sized businesses to decide to wake up, pull up their socks, and close the gap on the dismal security situation. While we are on this topic, you really should bookmark Ralph DeFrangesco's Data Security blog if you have not already done so.