SMB Security Awareness Seems Better


We hope that the results of surveys released by Arrow Electronics and AMI Partners this month hold true for the bulk of medium-size businesses, and that one released last month by McAfee do not.


The Arrow survey found that a majority of respondents told them that the most important issue for their companies' future success is security. The release announcing the survey said that 78 percent of respondents call security a very important business issue. There is great discontent with the current status: a scant third -- 32 percent -- say they are satisfied with the state of security in their organizations. The wording of the release is a bit fuzzy, but apparently the researchers focused on companies with annual sales volumes of $100 million to $1 billion.


There also is good news out of India. Access Markets International (AMI) said companies with fewer than 1,000 employees will spend U.S.$289 million this year on security, which will represent a 32 percent increase over 2007. Companies with 100 to 999 employees -- all but the smallest, in other words -- represent 54 percent of total spending on security. The caveat is that while an increase of 32 percent is good, a total expenditure of $289 million doesn't seem like a huge number.


The newfound interest in security reported by Arrow and AMI is somewhat contradicted by research from McAfee. IT Business Edge posted an item late last month that the security firm says that 52 percent of companies consider themselves too small to be attacked. The piece linked to reports that suggested 43 percent of responding SMBs are so careless that they use the default settings on IT gear.


Perhaps the answer is a new approach.This piece, written by an executive with Panda Security, extols the virtues of security-as-a-service, the security iteration of the increasingly popular software-as-a-service model. The rationale is straightforward: security-as-a-service enables SMBs to avoid big hardware and software investments and relieves them of the need to train or hire security personnel. It's a classic case of having your corporate cake and eating it, too, since security likely will be improved if the cloud-based service is deployed correctly.


The general sense is that SMBs are getting the message that they are not immune to online trouble. Moreover, the constant drumbeat of news about data thefts, viruses and online scams is driving home the point that if trouble hits, it will be serious. Hopefully, findings by AMI and Arrow are harbingers of increasing vigilance by SMBs.