Today's small to midsize businesses (SMBs) are facing a growing threat from cyber-attacks, and are changing their behavior to keep up.
In a May poll of 2,152 executives and IT decision makers at companies with between 10 and 499 employees, Symantec found SMBs' computer support staff are now spending two-thirds of their time dealing with things related to information protection, such as computer security, backup and archival tasks, and disaster preparedness. Eighty-seven percent said they have a disaster preparedness plan, but just 23 percent rate it as "pretty good" or "excellent."
Driving the push for these plans, as well as the interest in backup and recovery, is the fear of losing data. Some 42 percent reported having lost confidential or proprietary information in the past, and all of those reported experiencing revenue loss or increased costs as a result. Almost two-thirds of the respondents said they lost devices such as smartphones, laptops or iPads in the past 12 months, and all the participants reported having devices that lacked password protection and could not be remotely wiped if lost or stolen.
In the past, SMBs would settle for having antivirus technology, said Bernard Laroche, senior director of product marketing at Symantec. Now, however, they are starting to realize the threat landscape is changing, he said.
"If you look at endpoint usage ... in most SMBs that's the only place where the information resides because people were not backing up ... so if somebody would lose a laptop at the airport or somebody steals the laptop in the back of car or something, then your information is obviously at risk and that can bring a lot of financial impact to small business," he said.
The survey also found SMBs are spending an average of about $51,000 on information protection. The financial damage for those who suffer cyber-attacks can be significant. Cyber-attacks cost an average of $188,242 annually, according to the survey. Seventy-three percent said they were victims of cyber-attacks in the past year, and 30 percent of those attacks were deemed "somewhat/extremely successful." All of the attack victims suffered losses, such as downtime, theft of customer or employee information, or credit card data, Symantec reported.
"The concept of, -I've got an antivirus solution, I'm fully protected,' I think those days are gone," Laroche said.
Clarification: The story was updated to reflect that Symantec was referring to computer support staff of SMBs spending 2/3 of their time on information security.