Report: SMBs Lack Sufficient Security Standards | eWeek

Report: SMBs Lack Sufficient Security Standards

Écrit par
Nathan Eddy
Nathan Eddy
Apr 13, 2009
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

A survey of small to midsize businesses conducted by security firm Symantec found that while SMBs are familiar with cyber-risks and have clearly defined goals for security and storage, a surprisingly high number have yet to take even the most basic steps toward protecting their businesses, such as implementing anti-virus or backing up their data.

The study is based on surveys of 1,425 small and medium businesses in 17 countries during the first quarter of 2009.
The research shows that SMBs understand the importance of security. While they do rate viruses as their top security worry, more than 70 percent also say they are somewhat or extremely concerned about spam and data breaches. Respondents also report that protecting their information, network and servers are their top goals (mentioned as somewhat or extremely important by at least 94 percent).
“Many small and midsized businesses are at a crossroads-aware of the need to strengthen their IT security infrastructure but unsure how to do so with limited resources,” said Symantec’s senior director of product marketing, Kevin Murray. “As with their enterprise counterparts, security threats to small and midsized businesses are increasing in complexity, number and frequency, and the volume of information they must protect and maintain continues to expand.”
Despite understanding the security risks they face, the study found a large number of SMBs are neglecting basic safeguards. For example, three of five (59 percent) have not implemented endpoint protection (software that protects “endpoints” such as laptops, desktops and servers against malware). Forty-two percent of SMBs do not have an anti-spam solution. Almost half do not back up their desktop PCs, leaving their important information at risk. Finally, one-third of SMBs do not have the most basic protection of all-anti-virus protection.
Ray Boggs, vice president of SMB research at IDC, says midmarket companies know better, but they are too often focused on business opportunities outside the company to pay attention to the risks they are taking right at home. “SMBs operate in a world full of risk, but many are taking unnecessary chances by failing to secure their data the way they should,” he said.

Staffing and budget are two key factors driving the SMB security gap. Forty-two percent of SMBs don’t have a dedicated IT staff. The leading barrier to security cited by SMBs was a lack of employee skills (41 percent). SMBs also mention a lack of awareness of current threats (33 percent) and lack of time (28 percent) as major barriers. The survey also found insufficient budgets to be a factor-the median IT security budget was just $4,500 per year.
In addition, the survey revealed that when SMBs do suffer IT loss, it is likely to be in an area where basic protection measures could have prevented loss. For example, the leading cause of loss reported by SMBs was “system breakdown or hardware failure.” Symantec suggests installing desktop and server backup solutions as a simple form of protection against losses from such a problem.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.