MessageLabs and McAfee announced that new global research reveals that the majority of small and medium sized businesses (SMBs) believe an IT security breach would be detrimental in achieving their business priorities, however few are overtly proactive in their fight against infringements due to resource restrictions through other business related priorities.
The latest industry research, "SMBs in a Connected World: Business Success Means Facing New IT Security Threats," conducted by IDC and sponsored by MessageLabs and McAfee, found that 80 percent of the 450 SMB IT decision makers interviewed feared an IT security threat, such as an email virus, however a proactive approach is prohibited through senior SMB IT professionals being more 'business-orientated' than enterprise CIOs and thus tending to be highly involved in the company's daily business achievement.
The IDC research indicates that company size plays an important role in the way that senior management views security. Firmly linking IT security to the business health and success of the SMB community, the IDC research outlines that only eight percent of the respondents stated 'Improve IT Security' as a top business priority. Enterprise CIOs place IT security at a much higher level of importance than that of the SMBs.
IDC raises the question "How can SMBs face present and future threats while being occupied by daily tasks?"
Despite a clear understanding of the threat situation and its potential effect on the well-being of the company, the research highlights that the biggest challenges SMBs anticipate for 2007 are reactive, maintenance-focused activities, such as keeping up-to-date with security solutions (39 percent), keeping up-to-date with new threats (38 percent) and keeping costs down (33 percent). SMBs are more focused about keeping the shop open for business rather than thinking strategically about possible future threats. IDC states that managed security services provide an effective and responsive answer to the dilemma in the SMB community, one of its top ten predictions for the IT Security market in 2007.
"Small and medium sized business behaviour toward security is very tactical and meets their immediate requirements," said Eric Domage, European Research Manager, Security Products & Solutions, IDC.
"However, the next generation of threats are not understood, not analyzed and the complexity cannot be handled internally. Remotely managed security solutions will help SMBs fill the gap between their understanding of the threat and the real dangers. SMBs must consider managed security service providers as natural partners for an accurate level of security."
"Staying Connected In a Connected World"
The IDC research also highlights the importance of the connected world for SMBs as it reveals that SMBs are increasingly reliant on IT and the Web for company communications, operational effectiveness and reaching their business objectives. Ninety percent of respondents actively or semi-actively use the Web to further their business goals and achieve business priorities. Eighty-seven percent use email as a key communication tool. The results further cite that at least 40 percent of the SMB working day is spent accessing email and the Web.
"Security has a direct impact on every critical part of a business including reputation, productivity and business continuity," said Mark Sunner, Chief Security Analyst, MessageLabs. "Although it appears SMBs now have a better understanding of the risks it still appears that many are unable to prioritize or dedicate the resources to deal with security appropriately. Without a comprehensive security solution many SMBs could be oblivious to the fact that they're being attacked, with the realization only obvious once the damage has been done."
"The Internet has provided a convenience to SMBs to do business, but has also opened the door for complex threats," said Vimal Solanki, senior director of worldwide marketing for McAfee. "Businesses need a security blanket that proactively protects their computers and gives them piece of mind. Outsourcing daily security tasks can save time and money and allow SMBs to focus on their core businesses."
Another critical reason why SMBs need to raise priority levels on security is due to the legal requirements for information management.
More than half of all respondents (53 percent) stated that they are now obliged to comply with external, legally binding regulations or rules defined by the Government or another authority. The highest proportion is in Germany where 62 percent of respondents are confined to these stipulations. Almost a quarter of UK respondents (24 percent) did not know if they were obliged to comply or not.