Survey: SMBs Most Worried About Data Loss

According to a new survey by Symantec, small and midsize businesses worldwide are worried about data loss and cyberattacks more than other threats, and most plan to do something about it.The information comes from Symantec's 2010 Global SMB Information Protection Survey, based on responses from more than 2,000 SMBs (up to 500 employees) in 28 countries. When asked to rank five risks in order of their significance, 74 percent chose data loss as #1 or #2, with 58 percent choosing Cyber Attacks in those positions. And with good reason -- 42 percent said they'd lost confidential or proprietary information in the past year, which resulted in lost revenues, damaged reputations, and direct financial costs; and 73 percent said they were hit by cyberattacks. By comparison, only a quarter or fewer were most concerned about traditional criminal activity or natural disasters, and only 16 percent fretted about terrorism.

When asked how they lost that data, the top response, with a mean of 24 percent, was that an outsider illegally took data. (Note: these responses aren't mutually exclusive -- there's more than one way to lose data.) But a lot of lost data went missing with the device it was on: an average of 27 PDAs were reported lost every year, 24 Windows laptops, 22 Mac desktops (I have to wonder how SMBs can average losing 22 Macs a year!), 20 smartphones, and 18 Mac laptops. And every SMB polled said that at least some of their devices were unable to be remotely wiped of confidential information.

But the survey respondents expressed a determination to address these issues. "SMBs are now spending an average of $51,000 a year, and two thirds of IT staff time working on information protection," according to Symantec. Enhancing backup, recovery, and archiving systems in 2010 is "somewhat" or "absolutely" important to 69 percent; enhancing the ability to resume computing quickly after a disaster, to 67 percent; and enhancing their security systems, to 66 percent.

More From InformationWeek SMB:SMB Security: Fight The Right FightDisaster Recovery: SMBs Think They're Ready. Symantec Says They're Not.

Enhanced systems by themselves won't do the trick, though. A total of 69 percent of respondents said their organizations already had data backup and recovery systems installed. But at the same time, while 31 percent said their company backed up data daily and 16 percent weekly, a whopping 47 percent said their company never backed up its data. At first glance, that implies that a fifth of SMBs have backup systems they don't use. When asked why they don't back up their data (presumably this was only asked of those who don't), 39 percent said it just never occurred to them.

The report is chock full of other sometimes bewildering insights into the security habits and plans of SMBs. It's available in PDF form here.