According to GFI, 46% of SMEs were having declining sales figures and 37% showed flat growth. Therefore as a measure to curb their expenses most of the SMEs are cutting down their expenses on IT. In 2009, 44% of SMEs are planning to cut down their IT budget, and only 19% plan to increase.

IT security was ranked 6th in the priority list, with 23% willing to invest in this area. Over last 3 quarters, 78% think external IT security more concerning than internal ones, with 88% being concerned about threats from virus attacks, 87% of them for accidental data corruption and 77% for spam. Many of the SMEs do not make their employees sign on IT security policies.

When it comes to internal security, only 50% are concerned about data theft by employees, 55% about virus attack through USB and 59% about staff losing USB sticks.

72% of them however feel that, if the recession continues, the level of threat to IT security will increase.

Because of lack of knowledge regarding the emerging internal threat, the security system in these organizations is not up to the mark. 100% of firms use basic security measures such as password protection and antivirus software. But the most vulnerable ones being portable basic storage device network access management (45%), network event blogger (55%), web filling (61%).

Security regarding sensitive information is also inadequate, as only 41% are unable to identify potential sensitive data, 64% check for viruses before allowing the laptops to link to the network and only 47% can track information about uploaded or downloaded software.