Forty-Six Percent of SMBs a Victim of Cybercrime – Most Lack a Dedicated Security Resource

Despite using industry standard protection methods, 46 percent of U.S. SMBs have fallen victim to cybercrime, up two percent from last year.

Those numbers are according to the results of study conducted by Panda Security, which surveyed nearly 10,000 SMBs around the globe and more than 1,500 in the United States.

The United States edition of Panda Security’s second annual International Barometer of Security at small- and medium-sized businesses (SMBs) showed that thirty-one percent of businesses are operating without anti-spam, 23 percent have no anti-spyware and 15 percent have no firewall.

“Many SMBs simply don’t have the resources in terms of budget, time and human capital to devote to protecting their computers and sensitive data,” said Sean-Paul Correll, threat researcher at PandaLabs. “The study results are proof that IT service providers and vendors have an important role to play in educating small businesses on threats, and helping them determine the best way to protect themselves.”

Additional findings from the study include:

Investment in Security

• Security budgets remain about the same as last year
• Only 63 percent of companies in the U.S. confirmed they had someone dedicated to security management
• Thirteen percent of U.S. SMBs are operating with no security systems in place. Fifty-seven percent of this group reported the reason for lacking security was that it is viewed as not important or necessary;
• Of the companies that do have protection in place, 36 percent said they were using free solutions that are designed for home users. Ninety-seven percent said they have installed an anti-virus solution on their computers. However, 12 percent admitted these systems were out of date;
• The most widely used security solutions are anti-virus and firewall products, while anti-spam solutions are not extensively implemented.

 Infections

• The infection ratio at U.S. companies has slightly increased since last year (46 percent in 2010 compared to 44 percent in 2009). It has dropped in Europe (49 percent in 2010 compared to 58 percent in 2009);
• U.S. SMBs named the Internet and USBs/external memory devices as the top methods for computer infections to enter the company (32 percent).
• E-mail (21 percent) and downloads/P2P (14 percent) were the other popular infection points; 
• Viruses are the most popular threat SMBs are encountering (45 percent), followed by spyware (23 percent). 

“SMBs should invest in security solutions that protect their servers and network communications, and include advanced security features such as centralized and policy-based management,” said Correll.

Its important to realize that not complying with security standards can result in massive fines and loss of business and reputation, something SMBs can’t afford to risk. SMBs are subject to many of the same state and federal rules and regulations as large organizations.

A study of executives and finance professionals from SMBs across 38 industry sectors in the United States conducted earlier this year showed that 63 percent worry about cyber theft, yet lack knowledge on how to protect their businesses.