How Secure Are Mid-Market Companies?By Allan Alter | Posted 05-17-2007
One in four SMBs have inadequate IT security.
Even though relatively few companies below $500 million in revenues experienced a security breach in the past 12 months, more IT executives at these companies believe they lack adequate protection from the ravages of viruses, malware and unauthorized penetration of their systems than executives at larger organizations.
Smaller companies suffer from lax security practices.
One reason IT executives at small and mid-size businesses lack confidence in their IT security is that they are less likely to have effective security policies in place, and to get employees to follow those policies. For example, only six of ten have a strong policy covering e-mail attachments, a common source of viruses. In comparison, larger companies have a more thorough and disciplined approach to security. No wonder so many CIOs at SMBs consider careless behavior one of their biggest security worries.
SMBs lag behind on security technology and privacy.
Compared with larger companies, fewer SMBs have invested in, or have had success installing, the 23 security technologies we track. Some, like patch management, intrusion detection and URL filtering, have been successfully put in place by far fewer small and mid-sized organizations. Without these technologies, SMBs have a much harder time staying secure. In fact, small companies may report fewer intrusions simply because they often lack the means to detect them. SMBs are also less strict about protecting customer data. The one bright spot: SMBs are boosting security spending by 8%.