Tackling IT security threats is key to business success in SMB market

MessageLabs and McAfee, Inc announced that new global research reveals that the majority of small and medium sized businesses (SMBs) believe an IT security breach would be detrimental in achieving their business priorities, however few are overtly proactive in their fight against infringements due to resource restrictions through other business related priorities.

The latest industry research, “SMBs in a Connected World: Business Success Means Facing New IT Security Threats,” conducted by IDC and sponsored by MessageLabs and McAfee, found that 80 percent of the 450 SMB IT decision makers interviewed feared an IT security threat, such as an email virus, however a proactive approach is prohibited through senior SMB IT professionals being more ‘business-orientated’ than enterprise CIOs and thus tending to be highly involved in the company’s daily business achievement.

The IDC research indicates that company size plays an important role in the way that senior management views security. Firmly linking IT security to the business health and success of the SMB community, the IDC research outlines that only eight percent of the respondents stated ‘Improve IT Security’ as a top business priority. Enterprise CIOs place IT security at a much higher level of importance than that of the SMBs. IDC raises the question “How can SMBs face present and future threats while being occupied by daily tasks?”

Despite a clear understanding of the threat situation and its potential effect on the well-being of the company, the research highlights that the biggest challenges SMBs anticipate for 2007 are reactive, maintenance-focused activities, such as keeping up-to-date with security solutions (39 percent), keeping up-to-date with new threats (38 percent) and keeping costs down (33 percent). SMBs are more focused about keeping the shop open for business rather than thinking strategically about possible future threats. IDC states that managed security services provide an effective and responsive answer to the dilemma in the SMB community, one of its top ten predictions for the IT Security market in 2007.

Staying Connected In a Connected World

The IDC research also highlights the importance of the connected world for SMBs as it reveals that SMBs are increasingly reliant on IT and the Web for company communications, operational effectiveness and reaching their business objectives. Ninety percent of respondents actively or semi-actively use the Web to further their business goals and achieve business priorities. Eighty-seven percent use email as a key communication tool. The results further cite that at least 40 percent of the SMB working day is spent accessing email and the Web.

“Security has a direct impact on every critical part of a business including reputation, productivity and business continuity,” said Mark Sunner, Chief Security Analyst, MessageLabs. “Although it appears SMBs now have a better understanding of the risks it still appears that many are unable to prioritize or dedicate the resources to deal with security appropriately. Without a comprehensive security solution many SMBs could be oblivious to the fact that they’re being attacked, with the realization only obvious once the damage has been done.”

“The Internet has provided a convenience to SMBs to do business, but has also opened the door for complex threats,” said Vimal Solanki, senior director of worldwide marketing for McAfee. “Businesses need a security blanket that proactively protects their computers and gives them piece of mind. Outsourcing daily security tasks can save time and money and allow SMBs to focus on their core businesses.”

Another critical reason why SMBs need to raise priority levels on security is due to the legal requirements for information management. More than half of all respondents (53 percent) stated that they are now obliged to comply with external, legally binding regulations or rules defined by the Government or another authority. The highest proportion is in Germany where 62 percent of respondents are confined to these stipulations. Almost a quarter of UK respondents (24 percent) did not know if they were obliged to comply or not.

Secure Spending Trends

Although not a top business priority, IT professionals in the SMB community are predicting strong growth in IT security spending over the next 12 months with more than 90 percent stating that they will spend more on IT security during 2007. This increase is likely to be 20 percent more than 2006 figures. The same IT professionals state that their total IT spend will increase by almost 30 percent next year which leads IDC to question if IT security is being taken seriously enough as part of the IT mix.

Other Regional Statistics:

* Increasing profit is the first priority for SMBs in all countries although the positioning for improving IT security is ever changing. In the United Kingdom it is fifth, Germany ranks it fourth, Australia is seventh and the United Stated is second.

* In all countries aside from the United Kingdom, the larger SMBs (130-250 employees) rate improving IT security as more important than their smaller counterparts (80-120 employees).

* Sixty-two percent of respondents strongly agreed that they use email and the web to conduct its business, with the highest being in Australia (68 percent).

* Currently, less than a third of all respondents outsource all or part of their IT infrastructure or operations to a third party IT services company. Australia leads the way in the managed services approach with 39 percent of respondents stating that they outsource all or part of their IT infrastructure or operations, closely followed by the United Kingdom with 35 percent. The United States is the lowest with 23 percent although 78 percent of those respondents claim to outsource all.

* Eighteen percent of respondents admitted that that they had had an IT security breach in their company. Australia was the lowest with 16 percent and the highest was in Germany with 21 percent.

Research overview

These findings are based on the results of 450 interviews with SMBs of 80-250 employees, across the United States, the United Kingdom, Germany, and Australia. The interviews were undertaken in November 2006 and all respondents were responsible for, or actively involved in, the IT decision-making process for their organizations. Vertical industries included professional services, business services, manufacturing, financial services, banking, media and marketing.

Don't miss