An overwhelming majority of Canadian small and mid-sized businesses (nine in 10 or 94 per cent) understand the importance of protecting their corporate information, a new survey indicates.
That’s the good news.
The bad news is many aren’t doing very much about it.
A big chunk of Canadian SMBs – 35 per cent – haven’t yet taken even basic security measures, such as deploying anti-virus and backup /recovery products, according to the survey conducted by Applied Research-West Inc., a market research firm based in Los Alamitos, Calif.
The survey was sponsored by Symantec (Canada) Corp., and the Canadian findings released today.
It indicates that 60 per cent of Canadian small and mid-sized businesses (SMBs) have yet to install security software on endpoint devices, such as laptops and desktops.
This is significant given that a quarter (25 per cent) of companies polled do not have password protected desktops and laptops, and more than half (54 per cent) have had an instance of a lost or stolen laptop or smart phone.
The study targeted 1,425 small and mid-sized businesses (10 – 500 employees) located in 17 countries around the globe.
There were 200 respondents in Canada (75 in Ontario, 70 in British Columbia, and 55 in Quebec).
The survey has a margin of error of 2.6 per cent.
Obstacles to security
Several variables were investigated to determine why Canadian SMBs aren’t fully protecting their company’s confidential data.
The biggest reason (cited by 47 per cent of the respondents) was “lack of budget.”
That doesn’t surprise Michael Murphy, vice-president and general manager at Symantec Canada.
But he notes that the cost of a data breach would be far greater to companies than any costs incurred on security technology to prevent such a breach.
There are also the non-financial costs of a breach to be factored in, he suggested, such as erosion of customer confidence and damage to the firm’s public image.
A quarter of those polled identified employee skills (or lack thereof) as a top barrier, while one in three indicated there just wasn’t enough time to complete all security related tasks.
Almost one in three (27 per cent) companies polled suffered a data breach, according to the survey report. This may have been unauthorized access to company information, data loss or theft, or a hacker attack on their IT systems.
Such breaches, though, don’t seem to have galvanized Canadian SMBs to beef up their security, even in basic ways.
For instance, 46 per cent of those polled said they lack anti-spam protection, and 40 per cent do not have server backup/recovery protection.
The prospect of their systems being infected with viruses is the top security concern for 79 per cent of the firms polled.
Other concerns include phishing e-mails, loss of information and data breaches.
IT spending to rise
The median annual IT security budget in Canadian small and mid-sized firms is currently around $6,000.
The report also noted that despite the current economic climate, 48 per cent of Canadian SMBs expected their IT budget would rise within the next 12 months. Forty-three per cent said it would remain the same.