Top-tier SMBs, in terms of IT best-practices, bring business benefits, but more importantly, these organizations are more secure than their less IT savvy counterparts.
For its Global SMB Survey: IT Confidence Index, which was released today, ReRez, on behalf of Symantec, surveyed nearly 2,500 SMBs in 20 countries to understand how confident these businesses are in using technology to address business goals. “The fundamental takeaway is that SMBs that more confidently engage in IT have better business outcomes,” Anne O’Neill, senior director of marketing at Symantec, told IFSEC Global in an interview.
These top-tier SMBs are marked by a willingness to invest in high-quality IT infrastructure to address scalability for growth, efficiency, and productivity because they see IT as strategic, O’Neill said.
Interestingly, these same attitudes translated into greater IT security, as well. According to the survey, SMBs rated security, disaster preparedness, and data protection as the most significant computing issues. At the same time, greater security levels are one of the key hallmarks of an SMB IT leader.
In fact, 78 percent of top-tier SMBs rated themselves as more secure, compared to only 39 percent of bottom-tier SMBs. Interestingly, 78 percent of SMBs in the US rated themselves as more secure, compared to only 68 percent in the United Kingdom. Whether in the US or UK, though, this self-assessment was born out in real-world results.
In fact, top-tier SMBs reported 51 percent lower annual loss from cyberattacks than the less IT-savvy organizations. That may translate into huge savings for organizations that manage to avoid a breach related to an attack. The Ponemon Institute, for example, puts the average cost of a breach at $136 per record in 2012, compared to $130 per record for 2011. Check out Symantec’s Data Breach Risk Calculator (which takes into account the organization’s size, industry, location, and security practices) to understand the risk of your particular organization.
For SMBs, this focus on security excellence will be increasingly important as these smaller organizations are in the cybercrime crosshairs. Symantec’s 2013 Internet Security Threat Report, for example, found that 31 percent of targeted attacks are now directed at SMBs, a threefold increase over last year.
“Small businesses are the path of least resistance for cyber attackers,” said O’Neill. “Attackers target small businesses and suppliers to get to larger organizations, as well. It’s increasingly important for SMBs to protect their business against data loss and keep systems up to date.”
Although IT security has not traditionally been a driver for IT innovation in SMB organizations, perhaps it’s time to make the security argument when advocating for new IT investments. Let us know whether or not you think your security investments have improved the overall security stance of your company.
Enjoy the latest fire and security news, updates and expert opinions sent straight to your inbox with IFSEC Insider's essential weekly newsletters. Subscribe today to make sure you're never left behind by the fast-evolving industry landscape.
Sign up now!
I’m not sure they needed a study to figure this out but I’m glad they did it. When you have someone technically savvy inside the company it cuts down on the gaping holes that you see with slapped together solutions because the guy who is “really good with computers ” working in accounting is trying to make everyone happy.
Agreed, there is a need for a formalized IT even in small companies where a lot of contractor work may be the ticket for achieving successful coverage. Better to pay a small chunk of change now and security than to pay out or lose a large chunk of change when it fails. I think the study is spot on.
While I have nothing against contractors and have done my fair share of contract work in the past I have to say that having someone who can head up the IT projects even if they are being done by contractors will almost always result in a better product. I know that for really small businesses that a lot of the time they see having an IT person on staff as being overkill. At that point I’d like to suggest that they try mixing things up a bit and do something that I did for years. Talk to people in the… Read more »
One of the intertsting things that the study revealed, but which i didn’t touch upon much, was the importance of the company founder in setting the attitudes about technology. From the top down, there’s nothing to be done if the head person isn’t intertested or engaged in security questions.
The good news is that a change in attitude can lead to a change in the corporate security reality even if the company has been in business awhile.
The emerging Security as a Service (the other SaaS) offerings offer SMBs the combination of an ongoing relationship at an affordable price. These relationships can be invaluable since it is in the best interest of the MSP to create an infrastrcture that works. Otherwise he spends too much time on service calls and remidation.
@Hailey – Not just the attitude of the founder but of the leadership at the time can drastically change how IT is handle in the organization. Where I am working now just underwent a management change and I can tell you the attitude toward IT changed with it. Before it seems that the IT division were the blessed children and could do no wrong. Now the new leadership is pressing security issues hard and not taking any excuses and it has made for a completely new enviroment.
@Jonathan Lipscomb, in a sense that’s good news. That means that you can change things. I guess it’s a two edge sword since it can go to the good or the ill. Out of curiosity, was the IT organization able to shift with the new regime?
@Hailey, I think the court is still out on that one. They have been striving to conform but they are not there yet. There has been put a heavy emphasis on security that should have been there from the beginning but unfortunately it is being tempered by the reality of limited budgeting and economic short fall so I am curious to see how far it gets. Unfortunately security can be expensive sometimes.
Keep us posted. I’d be interested to know which security issues and technologies get the lion’s share of the budget.