Study From SBTI And Symantec Exposes Small Business Information Security Gaps And Provides Insight On How To Mitigate Risk

July 20, 2005 The Small Business Technology Institute (SBTI), a US-based non-profit organisation dedicated to fostering technology education and adoption among small businesses, and Symantec, the global leader in information security, today announced the results of a new report titled “Small Business Information Security Readiness.” According to the July 2005 report, preventing and resolving information security incidents is a critical challenge for small businesses in the United States. The report confirms that small business information systems are increasingly vulnerable to attack, and urges the adoption of security technology, proactive policies and stronger vigilance to protect information assets and minimise business risk.

The report findings reveal that the rate of information security exposure is growing as small businesses deploy increasingly sophisticated information technology (IT) infrastructure and automate more of their business processes. The report concludes that small businesses must take immediate steps to protect themselves from the productivity and economic losses that occur when sensitive business data is compromised as a result of viruses, hackers, privacy threats or disasters.

“Small businesses represent an extremely high point of exposure for the US economy based on their significant contribution to the Gross Domestic Product (GDP) and their insufficient information security readiness,” said Andrea Peiro, CEO and practice director of Market Intelligence for the Small Business Technology Institute. “This issue is of critical importance to small businesses. Any data loss or system downtime resulting from security incidents can severely affect their ability to do business. SBTI has identified a significant opportunity for small businesses to mitigate the risks and improve operational control by embracing a proactive approach to information security based on solutions designed expressly for their needs.”

“Small businesses are just as likely to experience information security threats and risks as large enterprises, so it’s pertinent they have the right resources to protect their critical assets,” said Enrique Salem, senior vice president, security products and solutions, Symantec. “Symantec has played an instrumental role in protecting small businesses through the security solutions we offer and our educational books and CD-ROMs, which address the unique needs of small businesses. Symantec’s partnerships with organizations like the SBTI have given us the opportunity to conduct research and create tools that allow us to lead the way in providing small businesses with the right resources to truly be secure.”

Key Findings Signal Escalating Information Security Risk for Small Businesses

· The accelerating adoption of networking and mobile computing infrastructures is driving greater security exposure for small businesses. They can significantly minimise risk by adopting more sophisticated security measures. Small business technology adoption is growing rapidly in areas such as networking, mobile computing and Internet access, even among one-person, home-based businesses. However, many small businesses lack sufficient security controls over even basic systems such as e-mail (20 per cent are not secured) and wireless networks present a new area of concern (60 percent are not secured). Most small businesses (75 per cent) perform no formal information security planning to counter these threats.

· Small businesses consider information security a priority, but are not increasing their investment in protection to keep pace with increasing threats. The majority of small businesses (56 per cent) have experienced at least one security incident in the past year, citing computer viruses, spyware and other malware as the main cause (60 per cent). Yet only a small number (30 per cent) have increased spending on information security solutions and less than half (43 per cent) allocate a specific budget for these solutions.


· Small businesses continue to call for security solutions and product information that is tailored to meet their unique needs. The majority (70 per cent) of small businesses feel information security product materials could be improved to help them make more informed purchasing decisions, and small businesses continue to call for products which meet specific small business requirements.

· Small businesses demonstrate limited awareness of information security issues and poor understanding of the economic consequences of related incidents. SBTI’s analysis concludes that this lack of knowledge is inhibiting the adoption of adequate information security policies and solutions.

“The National Cyber Security Alliance (NCSA) firmly believes that securing small businesses’ computers plays a crucial role in protecting our nation’s Internet infrastructure,” said Ron Teixeira, executive director, National Cyber Security Alliance. “We support the efforts undertaken by the SBTI and Symantec to shed more light on the security issues affecting small businesses throughout the nation, and we encourage continued education and action to help strengthen the security of small businesses throughout the nation.”

About the Report
This 2005 study employs the Small Business Technology Institute’s “Technology Adoption Index,” a sophisticated model that assesses the position of small businesses in the technology adoption lifecycle. The study involved 1,024 qualified survey respondents in the United States with 1-100 employees, including those operating as home-based businesses and in commercial locations. The report was sponsored by Symantec as part of its efforts to advance the study and understanding of security trends among small businesses. Download a complimentary copy of report and learn more about market intelligence from the Small Business Technology Institute at
ttp://www.sbtechnologyinstitute.org/mi/research.htm.

About the Small Business Technology Institute
The Small Business Technology Institute (SBTI) is a non-profit, public benefit corporation that fosters the adoption of information technology among small businesses. SBTI provides information technology awareness, education, consulting, and support services to businesses with 1 to 300 employees, with a focus on disadvantaged categories. SBTI also provides technology developers and vendors with market intelligence and knowledge to ensure the development of products that meet the needs of small businesses. For more information, visit http://www.sbtechnologyinstitute.org or call (408) 494-0212.

About Symantec
Symantec is the world leader in providing solutions to help individuals and enterprises assure the security, availability, and integrity of their information. Headquartered in Cupertino, Calif., Symantec has operations in more than 40 countries. More information is available at www.symantec.com.