The GFI software SME security report of 2009 stated that 46% of UK SMEs experienced decrease in their sales and 37% of SMEs reported flat growth. With this, about 44% of the SMEs planned to cut down their expenses on IT. Only 19% of them had a plan to increase any.
It was found that 23% of the SMEs were interested to increase their IT budget for IT security which is ranked 6th in the priority list. Over three quarters, 78% of them were more concerned on external IT security than the internal ones. Among them, 88% concerned about threats from virus attacks, 87% of them about accidental data corruption and 77% about spam.
Coming to the internal security, 50% of them were concerned of the data theft by employees. Virus attacks through USB sticks were the major concerns for about 55% of them. Around 59% of the SMEs were worried about staff losing USB sticks. At that time, 72% of them had an estimation of likely increased level of threat to IT security because of the recession. Because of lack of knowledge regarding the emerging internal threat, the security system in these organizations was not up to the mark.
Almost 100% of the firms used basic security measures such as password protection and anti-virus software. However, most were vulnerable in terms of portable basic storage device network access management (45%), network event blogger (55%) and web filling (61%).
There was even inadequacy in attitudes to securing and monitoring sensitive information. Only 41% were able to identify potential sensitive data, 64% checked for viruses before allowing the laptops to link to the network and only 47% could track information about uploaded or downloaded software. On the whole, the survey revealed a lack of proper insight amongst the UK SMEs into the current IT needs.