Nearly two-thirds of U.K. small businesses are failing to install patches as soon as they are released by vendors, according to a new study.
The survey of 449 IT managers by secure email service company Inty, found that 59 percent of British SMEs do not deploy new application software patches as soon as they are released by vendors. The main reason was the time required to test patches and roll them out to affected computers.
"It's alarming to see that so many U.K. SMEs could be potentially placing their business at risk all because the patching process has become seen as such a huge task that business are now lagging behind in keeping all their PCs and laptops up to date," said Inty founder Mark Herbert.
Herbert said many smaller organisations think that having a small security vulnerability isn't a concern because they won't be targeted.
"But this simply isn't the case. If you continue to play Russian roulette with your security, then it will only be a matter of when, not if, your security vulnerabilities will be exploited," he said.
Despite these security risks and the lengthy time it takes to manage applications, 46 percent of respondents said that they had been put off adopting an application service provider (ASP) model to help manage their applications in the past because of the risks associated with the traditional ASP model.
They were especially concerned about the reliability of access to critical business applications because a traditional ASP model involves businesses having their application server at the ISP and connecting to it via an internet link, placing them at the mercy of the ISP should the link go down.
But when questioned further, 77 percent of respondents said that they would consider adopting an ASP model if it meant that applications could be managed in a quicker, more efficient way but that would still give them control of the connectivity and delivery of the applications.
The research also found that 61 percent of businesses were wasting money through paying for software licences that they were not using.
"It is outrageous that SMEs in the U.K. should be penalised by having to pay for software licences they aren't using because the software licensing system is inflexible and geared towards bigger businesses with bigger budgets," said Herbert.
"It means that effectively they are throwing money down the drain and today's SME simply cannot afford to do that. Ideally, small and medium sized businesses should be looking for a more flexible software licensing model which will allow them to pay for licences on a monthly per person basis and that will help ease the burden associated with managing applications," he said.