According to Kaspersky Lab’s 2014 IT Security Risks summary report, conducted in collaboration with B2B International, 94 per cent of companies have experienced some form of external security incident within the past 12 months. But despite this nearly-universal rate of encounters with cybercrime, businesses tend to prioritise IT spending – which includes IT security – quite differently depending on their size.
The survey found that businesses with fewer than 100 employees are significantly less likely to prioritise their IT strategy than larger businesses, potentially leaving smaller businesses with security gaps that could cripple these growing companies. Only 19 per cent of companies with fewer than 25 employees ranked IT Strategy as one of their top strategic concerns, and this response rate was almost the same – 21 per cent – for businesses with 26-99 employees. But in businesses with 100 employees or more, the rate of IT Strategy prioritisation rose sharply to 30 per cent or higher, with 35 per cent of enterprises ranking IT Strategy one of their top two priorities.
IT Strategy Perceptions
Despite these facts about the continued growth of cybercrime, small and medium-sized businesses are clearly regarding their IT strategy, and by extension their IT security, as less important than their larger competitors. In fact, market research shows us that very small businesses tend to underestimate IT-threats the most. One reason for this lack of security awareness can be traced back to the mindset of “security by obscurity,” a common assumption that cybercriminals won’t waste their time targeting small businesses, and that small businesses don’t have anything worth stealing to begin with. In fact, some cybercriminals prefer targeting SMBs instead of larger businesses since they know that small and medium companies are often not fully protected, leading them to perpetrate thefts that are smaller in value but much easier to accomplish. In fact, this latest survey data shows that even SMBs with only 100 employees can expect to pay hefty costs resulting from malware infection and data loss. These costs can include professional services to advise companies after a serious incident ($10,000 average cost for SMBs), IT training for staff to prevent further breaches ($5,000 average cost for SMBs), as well as damage to the businesses’ reputation, which by itself can be enough to bankrupt a small business.
Across Regions and Industry Verticals
IT Security Risks Survey 2014 found that the level of IT strategy prioritisation was influenced not only by the size of the business but also by the industry the business operates within. IT Strategy is one of the top two strategic concerns for over one-third of all Telecoms (40 per cent), IT/Software providers (36 per cent), Government/Defence organizations (35 per cent), and Educational institutions (34 per cent). Surprisingly, companies providing Consumer Services and E-commerce & Online Retail don’t pay as much attention to IT strategy. Only 14 per cent of E-Commerce & Online Retail companies consider development of IT strategy as a key strategic concern of the company (and only four per cent of them consider it as the top priority), ranking this segment as the lowest rate of response.
The survey also examined this attitude from a regional perspective since security threats are widely spread around the world. (About 33 per cent of all users’ computers connected to the Internet were subjected to at least one web attack during Q1 2014.) Looking at data across the regions, we can see that IT Strategy is currently not a hot issue in the Middle East or in emerging markets, areas where only a shocking five per cent and ten per cent of companies, respectively, feel that IT strategy is one of the top two strategic concerns. These figures stand in contrast to a significantly larger rate of prioritisation reported in China (25 per cent) and Russia (18 per cent).
To learn more about the latest IT security risks read the Survey 2014: A Business Approach to Managing Data Security Threats.
About Kaspersky Lab
Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions. The company is ranked among the world’s top four vendors of security solutions for endpoint users*. Throughout its more than 17-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for large enterprises, SMBs and consumers. Kaspersky Lab, with its holding company registered in the United Kingdom, currently operates in almost 200 countries and territories across the globe, providing protection for over 300 million users worldwide. Learn more at www.kaspersky.com.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.