Small to medium-sized businesses (SMBs) in the United States are increasingly the victims of cybercrime, according to a survey from security firm Panda Security, released Friday.
The survey found that close to half of U.S. SMBs (44 percent) were hit by some form of cybercrime. Ten percent of U.S. SMBs surveyed were hit so bad that they had to stop production -- worldwide, the average was 30 percent. Some 50 percent of companies in the survey lost time or productivity as a result of being infected.
“IT security is a major issue for small and mid-sized businesses because these companies often lack the in-house staff and resources to fight off increasingly sophisticated and exponentially more targeted Internet attacks," Luis Corrons, PandaLabs technical director, told SCMagazineUS.com in an email. "These companies also tend to be pretty distributed in nature, often employing a high percentage of remote workers and consultants."
The study surveyed 5,760 companies worldwide, with up to 400 computers deployed. U.S. SMBs said that viruses affected their companies the most (41 percent), followed by spyware (26 percent). Viruses also ranked first worldwide, with 55 percent of respondents saying that category of malware was the biggest threat to their businesses.
It's not that SMBs are unaware of the threats. Some 97 percent of U.S. SMBs have installed anti-virus and 95 percent claim their security systems are up to date. But many still lack other common security protections. A sizable minority, 29 percent, said they have no anti-spam in place, 22 percent are without anti-spyware technology and 16 percent do not have firewalls. In addition, 52 percent said they have no web filtering solution in place. Even security training seems to be overlooked. Some 39 percent of respondents said that they have yet to be trained about IT threats.
Of U.S. SMBs that reported they had no security systems in place, 27 percent said they just aren't important or necessary, and 20 percent thought they were too expensive, the study found.
"Despite strong efforts in the US to educate businesses about the importance of computer security, a staggering number of small and medium-sized businesses have become victims of cybercrime," Corrons said in a statement.
"In addition, it was surprising to see so many businesses fail to adopt the most basic security measures, such as anti-spam and firewall protection," he said. "There are relatively few barriers to entry for small and medium sized businesses to access this level of protection, which can make a lot of difference in the end."