There are a couple of well-known facts reinforced by the AVG survey:
- SMBs are exposed to the same security threats as large enterprises.
- SMBs do not have the expertise and resources to counter threats.
- SMBs are increasing their risk profile by expanding the use of social networks and Web-based resources.
- SMBs are more susceptible to catastrophic business failure from a security breach than enterprises.
The good news is more than three-quarters of SMBs surveyed by AVG recognized that a security breach could have a significant impact on their business operations and 83 percent believe IT security is critical to the success of their business. These two pieces of data are what makes the lack of security among so many small businesses curious.
AVG isn’t the first security vendor to uncover a total lack of security protection among SMBs. In fact, a Symantec research project last year found as many as one-third of all SMBs have no anti-virus or basic security protections. A big part of the problem is talent – or the lack thereof. AVG reports only 39 percent of SMBs have employees with a high level of IT competence and more than half have no access to IT expertise.
The problem goes beyond the lack of expertise, but the lack of planning. The obvious answer is for solution providers to engage with SMBs to ensure they have a basic level of security protection. In fact, SMBs want solution providers to help them determine their security needs. The problem is SMBs are price sensitive, even when it comes to security.
Part of the reason SMBs are insecure is because of the way they’re sold security technologies. Their limited budgets and lack of knowledge often translate into conservative technology adoption. From a supply-side perspective, the IT marketplace looks at these limited budgets and often pushes the point-product that is within the SMBs reach. The result is a disconnect in completeness, functionality and benefit in SMB security.
It’s little wonder that 83 percent of SMBs say they want security that’s tailored to their needs and budget. For solution providers, this means acting as a trusted advisor and consultant, working with SMBs to determine their true risk exposure and then working with vendors to devise holistic security solutions that match both budget and threats.