Where Small Business Security Stands Today - A 2014 Survey

Small business (SMB) cyber security is a hot topic for us. On a weekly basis, we at CSID see many SMBs dealing with the aftereffects of getting breached and losing sensitive information. To raise awareness of the importance of SMB cyber security, we surveyed small-to-medium businesses to get an inside look at what concerns them most about cyber security and how they address these concerns. Our 2014 survey uncovered some interesting trends.

This year's survey revealed that SMBs are aware and concerned about security risks like malware, loss of sensitive information due to employee mishandling and phishing attacks. This year's survey also revealed there is a gap that needs to be bridged between understanding these threats and taking action against them. Nearly a third (31 percent) of surveyed SMBs reported that they are not doing anything to protect against security threats, despite 63 percent of respondents claiming that they are worried about detected malware, 38 percent are worried about phishing attacks and 41 percent are concerned about breaches caused by human error.

This is not an unexpected finding. Many of the SMBs I work with are aware of cyber security risks, but don't have the time or resources to do anything about them. We did see a slight change in the mindset in this year's survey. Twenty-two percent of businesses surveyed this year plan on increasing their budget for security-related measures, compared to only 15 percent of businesses we surveyed in 2013.

This year's survey also found that as SMBs grow, so too does the business' attention to security measures. Businesses with fewer than 10 employees are less likely to take measures to protect against security threats. Forty-two percent of businesses with one to nine employees reported they are not taking any measures, compared to 28 percent of businesses with 10 to 19 employees and 23 percent of businesses with 20 to 99 employees. Similarly, 29 percent of businesses with one to nine employees are working with a third party vendor to help with security, compared with 45 percent of businesses with 10 to 19 and 20 to 99 employees. These numbers make sense. As a business grows and has more sensitive data to store, potential entry points into the business expand and security becomes a higher priority.

Overall, the survey demonstrates that SMBs are becoming more aware that they are targets for hackers. The larger the SMB is, the more likely they are to adopt measures to protect against these threats. However, the gap between business awareness about security threats and business action against security threats still needs to be bridged. If you are looking for some advice on how to bridge this gap, check out my column from earlier this month that offers some helpful tips.