McAfee and MessageLabs have announced global research that reveals the majority of small- and medium-sized businesses (SMBs) believe an IT security breach would be detrimental in achieving their business priorities.

However, few are overtly proactive in their fight against infringements due to resource restrictions from other business related priorities.
The latest industry research, "SMBs in a Connected World: Business Success Means Facing New IT Security Threats," conducted by research firm IDC and commissioned by MessageLabs and McAfee, found that 80% of the 450 SMB IT decision makers interviewed feared an IT security threat such as an e-mail virus.
However, as senior SMB IT professionals are more entrenched in the company's day-to-day business than enterprise CIOs, they are less able to take on a proactive approach to security threats.
The IDC research indicates that company size plays an important role in the way senior management views security. Firmly linking IT security to the business health and success of the SMB community, the research shows that only 8% of respondents stated that improving IT security was a top business priority. Furthermore, enterprise CIOs place IT security at a much higher level of importance than SMB IT professionals.
IDC raises the question: "How can SMBs face present and future threats while being occupied by daily tasks?"
Despite a clear understanding of the threat situation and its potential effect on the well-being of the company, the biggest challenge SMBs face in 2007 are reactive, maintenance-focused activities such as keeping up-to-date with security solutions (39%), keeping up-to-date with new threats (38%) and keeping costs down (33%).
SMBs are more focused on keeping the business operating rather than strategically planning for future threats. IDC states that managed security services provide an effective and responsive answer to the dilemma in the SMB community, one of its top 10 predictions for the IT security market in 2007.
"Small- and medium-sized business behavior towards security is very tactical and meets their immediate requirements," says Eric Domage, European research manager, Security Products & Solutions, IDC. "However, the next generation of threats are not understood, not analysed and the complexity cannot be handled internally.
"Remotely managed security solutions will help SMBs fill the gap between their understanding of the threat and the real dangers. SMBs must consider managed security service providers as natural partners for an accurate level of security."
The IDC research also highlights the importance of the connected world for SMBs as it reveals that SMBs are increasingly reliant on the Web for company communications, operational effectiveness and reaching their business objectives. Ninety percent of respondents actively or semi-actively use the Internet to further their business goals and achieve business priorities. Eighty-seven percent use e-mail as a key communication tool. In addition, at least 40% of the SMB working day is spent accessing e-mail and the Web.
"Security has a direct impact on every critical part of a business including reputation, productivity and business continuity," says Mark Sunner, chief security analyst, MessageLabs. "Although it appears SMBs now have a better understanding of the risks, it still appears that many are unable to prioritise or dedicate the resources to deal with security appropriately.
"Without a comprehensive security solution, many SMBs may be oblivious to the fact that they're being attacked, with the realisation only obvious once the damage has been done."
Vimal Solanki, senior director of worldwide product marketing for McAfee, adds: "The Internet has provided a convenience to SMBs to do business, but has
also opened the door for complex threats. Businesses need security tools that proactively protect their computers and gives them piece of mind. Outsourcing daily security tasks can save time and money and allow SMBs to focus on their core businesses."
Another critical reason why SMBs need to raise priority levels on security is because of the legal requirements for information management. More than half of all respondents (53%) stated that compliance with external, legally binding regulations or rules defined by the government or another authority is mandatory. The highest proportion is in Germany, where 62% of respondents must adhere to these stipulations. Almost a quarter of UK respondents (24%) did not know if they were required to comply or not.
While it's not a top business priority, SMB professionals predict strong growth in IT security spending over the next 12 months with more than 90% stating that they will spend more resources on IT security in 2007, a 20% increase from 2006 figures. The same IT professionals state that their total IT expenditure will increase by almost 30% next year, which leads IDC to question if IT security is being taken seriously enough as part of the IT mix.
Other regional statistics include:
* SMBs in all countries believe that increasing profit is the first priority, though the positioning for improving IT security is ever-changing. In the US it ranks second, the UK ranks fifth, Germany ranks it fourth, and Australia is seventh.
* In all countries aside from the UK, the larger SMBs (130-250 employees) rate improving IT security as more important than their smaller counterparts (80-120 employees).
* Sixty-two percent of respondents strongly agreed that they use e-mail and the Web to conduct its business, with the highest being in Australia (68%).
* Currently, less than one-third of all respondents outsource all or part of their IT infrastructure or operations to a third party IT services company. Australia leads the way in the managed services approach with 39% of respondents stating that they outsource all or part of their IT infrastructure or operations, closely followed by the UK with 35%. The US is the lowest with 23%, although 78% of those respondents claim to outsource all.
* Eighteen percent of respondents admitted that that they had had an IT security breach in their company. Australia was the lowest with 16%, and the highest was in Germany with 21%.