Information security is a high priority for small business owners. However, a 2005 survey by the Small Business Technology Institute reveals that small business owners:
- Don't really understand the true economic impact of information security exposures
- Don't really understand the very real threats they need to manage against
- Tend to be much more reactive after a security incident than proactive to significantly reduce the possibility of such an event occurring
Purchase influencers and decision makers are primarily non-technical, and need to be educated about:
- Their true level of vulnerability, quantified in business terms
- Their company's ability to deal with threats
- How to approach the problem from both a business and a technical perspective
As the global business eco-system becomes ever more inter-connected and small businesses become more and more electronically linked to larger supply chains, their lack of information security readiness will spread the risk through all levels of the economy.
- Approximately 70% of small businesses consider information security a high priority, and more than 80% exhibit confidence in their existing protective measures.
- ...but 56% have experienced one or more security incidents in the past 12 months...making perception at odds with reality.
- 74% of small businesses do not have an information security plan.
- At lease 40% of even the smallest businesses utilize local networks and mobile computing tools
- ...but almost one-fifth of them do not use virus scanning for e-mail - one of the most basic and widely known information security protection measures
- ...and over 60% do not protect their wireless networks with even the simplest form of encryption
Source: Small Business Technology Institute Survey, July 2005