The Small Business Technology Institute (SBTI) and Symantec released the results of a new report titled “Small Business Information Security Readiness.” According to the July 2005 report, preventing and resolving information security incidents is a critical challenge for small businesses. The report confirms that small business information systems are increasingly vulnerable to attack, and urges the adoption of security technology, proactive policies and stronger vigilance to protect information assets and minimize business risk.
Key Findings Signal Escalating Information Security Risk:
*The accelerating adoption of networking and mobile computing infrastructures is driving greater security exposure for small businesses. They can significantly minimize risk by adopting more sophisticated security measures. Small business technology adoption is growing rapidly in areas such as networking, mobile computing and Internet access, even among one-person, home-based businesses. However, many small businesses lack sufficient security controls over even basic systems such as e-mail (18 percent are not secured) and wireless networks present a new area of concern (60 percent are not secured).
Most small businesses (74 percent) perform no formal information security planning to counter these threats.
*Small businesses consider information security a priority, but are not increasing their investment in protection to keep pace with increasing threats. The majority of small businesses (56 percent) have experienced at least one security incident in the past year, citing computer viruses, spyware and other malware as the main cause (60 percent). Yet only a small number (30 percent) have increased spending on information security solutions and less than half (41 percent) allocate a specific budget for these solutions.
*Small businesses continue to call for security solutions and product information that is tailored to meet their unique needs. The majority (70 percent) of small businesses feel information security product materials could be improved to help them make more informed purchasing decisions and small businesses continue to call for products which meet specific small business requirements.
*Small businesses demonstrate limited awareness of information security issues and poor understanding of the economic consequences of related incidents.
Download a complimentary copy of the report at http://www.sbtechnologyinstitute.org/mi/research/security.htm.
