Average SMB now spends approximately $51,000 a year to protect their information
Symantec Corp. released the findings of its 2010 Global SMB Information Protection Survey.
The survey found that small and mid-sized businesses (SMBs with 10 to 499
employees) are now making protecting their information their highest IT
priority, as opposed to 15 months ago when a high percentage had failed to enact
even the most basic safeguards. This shift makes sense as SMBs are facing
increased threats from cyber attacks, lost devices and loss of confidential or
proprietary data. The survey is based on responses from 2,152 SMB executives and
IT decision makers in 28 countries in May 2010.
“Small and mid-sized organizations are facing increased risks to their
confidential information—including bank account numbers, credit card information
and customer and employee records. Whether it’s due to a malware attack, a
server crash, or a stolen mobile device, loss of information can be highly
detrimental, if not fatal for an SMB,” said Bernard Laroche, senior director of
product marketing at Symantec. “A year ago, a Symantec survey found one-third of
SMBs did not have the most basic protection of all—antivirus protection. It is
exciting to see that SMBs acknowledge the risks they face and are taking action
to protect their information more completely.”
Survey Highlights
- SMBs surveyed showed a heightened interest and increased investment in
information protection. They rank data loss and cyber attacks as their top
business risks, ahead of traditional criminal activity, natural disasters and
terrorism. SMBs are now spending an average of $51,000 a year, and two thirds of
IT staff time working on information protection, including computer security,
backup, recovery and archiving as well as disaster preparedness. Eighty-seven
percent of SMBs have a disaster preparedness plan, but there is still work to be
done as only 23 percent rate their plan pretty good/excellent. - Loss of critical business information threatens SMBs. Seventy-four percent
of SMBs surveyed are somewhat/extremely concerned about losing electronic
information. In fact, 42 percent have lost confidential or proprietary
information in the past. As a result, 100 percent of companies who have lost
data have seen direct losses such as lost revenue or direct financial costs such
as money or goods. - One of the main issues for SMBs is lost devices. Almost two-thirds of
businesses polled have lost devices such as laptops, smartphones or iPads in the
past 12 months. One-hundred percent have at least some devices that have no
password protection and cannot be remotely wiped of their data to protect their
confidential business information if lost. - Cyber attacks are a crucial threat to SMBs. Seventy-three percent of the
respondents were victims of cyber attacks in the past year. Thirty percent of
those attacks were deemed somewhat/extremely successful. One-hundred percent of
SMBs saw losses such as expensive downtime, loss of important corporate data as
well as personally identifiable information of customers or employees. These
losses led to direct costs for all respondents such as lost productivity, lost
revenue and loss of customer trust.
Symantec’s Recommendations
- Educate employees: Develop Internet security guidelines and educate
employees about Internet safety, security, and the latest threats. Part of the
training should focus on the importance of regularly changing passwords and
protecting mobile devices. - Safeguard important business information: SMBs are facing increased
risks to their confidential information so safeguarding this data is critical.
One data breach could mean financial ruin for an SMB. Implement a complete
protection solution to ensure proprietary information—whether its credit card
information, customer data or employee records—is safe. - Implement an effective backup and recovery plan: Protecting
information is more than implementing an antivirus solution. Backup and recovery
is a critical component of complete information protection to keep SMBs’
desktops, servers and applications running smoothly in case of
disruption—whether it’s a flood, an earthquake, a virus or a system failure. One
outage could mean customer dissatisfaction and costly downtime, which could be
catastrophic to the business. - Secure email and web assets: Select a mail and Web security solution
that can help mitigate spam and email threats so SMBs can protect sensitive
information and spend more time on day-to-day activities. Spammers and phishers
will use current events and social engineering tactics to get users to give up
personal information such as credit card and banking information.
