80 percent of SMBs fear a threat but business management priorities prohibits proactivity
MessageLabs and McAfee, Inc have announced that new global research reveals that the majority of small and medium sized businesses (SMBs) believe an IT security breach would be detrimental in achieving their business priorities, however few are overtly proactive in their fight against infringements due to resource restrictions through other business related priorities.
The latest industry research, SMBs in a Connected World: Business Success Means Facing New IT Security Threats, conducted by IDC and sponsored by MessageLabs and McAfee, found that 80 percent of the 450 SMB IT decision makers interviewed feared an IT security threat, such as an email virus, however a proactive approach is prohibited through senior SMB IT professionals being more business-orientated than enterprise CIOs and thus tending to be highly involved in the companys daily business achievement.
The IDC research indicates that company size plays an important role in the way that senior management views security. Firmly linking IT security to the business health and success of the SMB community, the IDC research outlines that only eight percent of the respondents stated Improve IT Security as a top business priority. Enterprise CIOs place IT security at a much higher level of importance than that of the SMBs. IDC raises the question How can SMBs face present and future threats while being occupied by daily tasks?
Despite a clear understanding of the threat situation and its potential effect on the well-being of the company, the research highlights that the biggest challenges SMBs anticipate for 2007 are reactive, maintenance-focused activities, such as keeping up-to-date with security solutions (39 percent), keeping up-to-date with new threats (38 percent) and keeping costs down (33 percent). SMBs are more focused about keeping the shop open for business rather than thinking strategically about possible future threats. IDC states that managed security services provide an effective and responsive answer to the dilemma in the SMB community, one of its top ten predictions for the IT Security market in 2007.
Small and medium sized business behaviour toward security is very tactical and meets their immediate requirements, said Eric Domage, European Research Manager, Security Products & Solutions, IDC. However, the next generation of threats are not understood, not analyzed and the complexity cannot be handled internally. Remotely managed security solutions will help SMBs fill the gap between their understanding of the threat and the real dangers. SMBs must consider managed security service providers as natural partners for an accurate level of security.
Staying Connected In a Connected World:
The IDC research also highlights the importance of the connected world for SMBs as it reveals that SMBs are increasingly reliant on IT and the Web for company communications, operational effectiveness and reaching their business objectives. Ninety percent of respondents actively or semi-actively use the Web to further their business goals and achieve business priorities. Eighty-seven percent use email as a key communication tool. The results further cite that at least 40 percent of the SMB working day is spent accessing email and the Web.
Security has a direct impact on every critical part of a business including reputation, productivity and business continuity, said Mark Sunner, Chief Security Analyst, MessageLabs. Although it appears SMBs now have a better understanding of the risks it still appears that many are unable to prioritize or dedicate the resources to deal with security appropriately. Without a comprehensive security solution many SMBs could be oblivious to the fact that theyre being attacked, with the realization only obvious once the damage has been done.
The Internet has provided a convenience to SMBs to do business, but has also opened the door for complex threats, said Vimal Solanki, senior director of worldwide marketing for McAfee. Businesses need a security blanket that proactively protects their computers and gives them piece of mind. Outsourcing daily security tasks can save time and money and allow SMBs to focus on their core businesses.
Another critical reason why SMBs need to raise priority levels on security is due to the legal requirements for information management. More than half of all respondents (53 percent) stated that they are now obliged to comply with external, legally binding regulations or rules defined by the Government or another authority. The highest proportion is in Germany where 62 percent of respondents are confined to these stipulations. Almost a quarter of UK respondents (24 percent) did not know if they were obliged to comply or not.
Secure Spending Trends:
Although not a top business priority, IT professionals in the SMB community are predicting strong growth in IT security spending over the next 12 months with more than 90 percent stating that they will spend more on IT security during 2007. This increase is likely to be 20 percent more than 2006 figures. The same IT professionals state that their total IT spend will increase by almost 30 percent next year which leads IDC to question if IT security is being taken seriously enough as part of the IT mix.
Other Regional Statistics:
Increasing profit is the first priority for SMBs in all countries although the positioning for improving IT security is ever changing. In the United Kingdom it is fifth, Germany ranks it fourth, Australia is seventh and the United Stated is second.
In all countries aside from the United Kingdom, the larger SMBs (130-250 employees) rate improving IT security as more important than their smaller counterparts (80-120 employees).
Sixty-two percent of respondents strongly agreed that they use email and the web to conduct its business, with the highest being in Australia (68 percent).
Currently, less than a third of all respondents outsource all or part of their IT infrastructure or operations to a third party IT services company. Australia leads the way in the managed services approach with 39 percent of respondents stating that they outsource all or part of their IT infrastructure or operations, closely followed by the United Kingdom with 35 percent. The United States is the lowest with 23 percent although 78 percent of those respondents claim to outsource all.
Eighteen percent of respondents admitted that that they had had an IT security breach in their company. Australia was the lowest with 16 percent and the highest was in Germany with 21 percent.
These findings are based on the results of 450 interviews with SMBs of 80-250 employees, across the United States, the United Kingdom, Germany, and Australia. The interviews were undertaken in November 2006 and all respondents were responsible for, or actively involved in, the IT decision-making process for their organizations. Vertical industries included professional services, business services, manufacturing, financial services, banking, media and marketing.
MessageLabs is a leading provider of integrated messaging and web security services, with over 15,000 clients ranging from small business to the Fortune 500 located in more than 80 countries. MessageLabs provides a range of managed security services to protect, control, encrypt and archive communications across Email, Web and Instant Messaging.
These services are delivered by MessageLabs globally distributed infrastructure and supported 24/7 by security experts. This provides a convenient and cost-effective solution for managing and reducing risk and providing certainty in the exchange of business information.
About McAfee, Inc.
McAfee Inc., the leading dedicated security technology company, headquartered in Santa Clara, California, delivers proactive and proven solutions and services that secure systems and networks around the world. With its unmatched security expertise and commitment to innovation, McAfee empowers home users, businesses, the public sector, and service providers with the ability to block attacks, prevent disruptions, and continuously track and improve their security.