Small and medium-size businesses (companies with up to 999 employees) in India are on track to spend $291 million on security-related investments in 2009, according to a study by Access Markets International Partners. Security software accounts for three-fourths of the total SMB security expenditure, the report found.
The AMI study notes that SMBs are the most vulnerable segment in terms of data security. Two reasons for this are the increasing instances of cyber-threats and a lack of expertise among SMBs in handling such threats. Security software accounts for 73 percent of the total SMB security expenditure.
Abhilash DB, an analyst at AMI-Partners, said the bulk of this amount is spent on anti-virus software. "Security for SMBs is confined mainly to the deployment of an anti-virus solution, and the majority of them lack proper processes and policies for security management," he said.
The dependence on Web-based enterprise solutions and sharing of critical data on corporate networks is rising rapidly among midsize businesses. As employee size increases, the report found the thrust on information security also rises. Even for basic security solutions, upper segment midsize businesses (500 to 999 employees) lead the way in terms of technology adoption.
Adoption of network firewall and IDS/IPS shows significant growth among businesses in this category. On one hand, the growth rate of traditional security solutions such as anti-virus is falling; on the other hand, anti-spyware and anti-spam solutions will record growth rates of nearly 26 percent among Indian SMBs this year.
"Data explosion, electronic threats and increased usage of Web-based solutions are some of the triggers for the adoption of security solutions by India SMBs," said Abhilash. "Indian SMBs are realizing that data security is not just adopting security solutions, but that formulating structured policies is also a critical factor."
The AMI study also notes that manufacturing is increasingly becoming one of the most data-intensive verticals; security managers of these firms are concerned about the possibility of data leakage of process information, product design, shipping transactions, and inventory and customer details. Information security investments are also increasing in the micro-verticals involved in accounting, auditing and book keeping, advertising and PR, research consulting, computer and data processing and legal services.
The report found managed security services is one of the key trends in the SMB security space and that the market for managed security services is expected to grow at approximately 21 percent this year. But Abhilash said the main challenge of service providers will be to convince SMBs to lose their inhibitions in trusting external organizations to handle their internal security.
AMI said it foresees greater traction in this space once SMBs start realizing that security is better managed by managed security services providers than the generalists in their IT department. Another trend the report uncovered is the increasing adoption of unified threat management; AMI predicted traction would increase as more SMBs look for a proactive and unified approach to securing IT infrastructure.