In a survey conducted by Applied Research and published by Symantec in 2009, revealed that most SMBs were confident about their ability to handle disasters. About 82% of the respondents expressed satisfaction about their disaster recovery plans and 84% asserted that they felt that were adequately protected against disaster. They also expressed confidence that their customers would be understanding and patient about IT outages and downtime. However, the statistics revealed that their confidence was misplaced. Most SMBs experienced at least 3 outages per year due to virus or hacker attacks or natural disasters. Only 23% back up data daily and most SMBs only backup up 60 percent of the company and customer data. These SMBs were at risk and were unwilling to recognize it.
The 2010 survey revealed a continuing trend. But, the 2010 showed that victimized SMBs were now ready to review their security postures and understand the nature of threats they faced. They were willing to identify the gaps in their security stance and get serious about cyber attacks, natural disasters and potential loss of data. The respondents placed IT risk on top of their list of business risk, ahead of criminal activity, natural disaster and terrorism. The average spending on IT risk profiling and IT security was estimated at $51,000 per annum on the average and 2/3rd of the staff time was taken up with securing information against theft or disaster.
The 2011 Disaster preparedness survey conducted by Symantec reiterated the findings of the 2010 survey. They found that the SMBs, by and large, continue to be indifferent to data threats till they actually lose data and experience financial losses, consequent upon data breach. Even among those who had been impacted, only 50% had actually implemented disaster recovery plans.
Industry experts are alarmed at the revealing statistics considering the fact that more than 65% of the Small and medium enterprises in the study were located in areas prone to natural disasters and most of the SMBs had experienced an average of six outages per year due to cyber attacks, power outages, employee errors and upgrades.
Industry experts further, agree that cyber crime can soon become a trillion dollar industry and SMBs that have not taken steps to protect their data will be vulnerable. While it is easy to argue that security vendors are deliberately overstating the security landscape, data shows that the threat is very real. SMBs that have faced the threat are now ready for risk profiling. But, it would be better if SMBs shut the stable door before the horse bolts.