As reported in DarkReading, "The respondents ranked data loss and cyberattacks as their top business risks, ahead of traditional criminal activity, natural disasters, and terrorism, according to the report."
And it is not merely booked losses and overall risk awareness that have seen an increase - the level of resources being consumed by information security efforts has also continued to grow.
"SMBs are now spending an average of $51,000 a year -- and two-thirds of IT staff time -- working on information protection, including computer security, backup, recovery, and archiving, as well as disaster preparedness," the report reveals.
And what is wrong with data like this? Nothing, except for what it says to those SMBs still trying to decide their company's direction regarding future investment in technology and security.
According to the data, if an SMB only suffered an average loss from compromised data systems every four years, they would save money compared to a company with an average security outlay.
And even worse, the company that did make the investment in security has no guarantee they will not suffer a data loss event in the same period, as the study also reveals: "forty-two percent [of SMBs] have lost confidential or proprietary information in the past. All of the companies that lost data reported seeing direct financial losses, such as lost revenue or costs in money or goods. Seventy-three percent of the respondents were victims of cyberattacks in the past year. Thirty percent of those attacks were deemed somewhat or extremely successful. All of the victims saw losses -- such as downtime, loss of important corporate data, or loss of personally identifiable information of customers or employees..."
So is security bunk? The simple answer is No.
Information security best-practices do not create an impenetrable bubble of protection, but it does offer mitigation of risk if and when an event does occur.
Good security practices are like a healthy diet, and compliance audits are something like rigorous exercise. Neither will guarantee you a long and disease free life, but it is a fact that a poor diet and lack of exercise simply invites problems.
It is the same for information security efforts for the SMB. The Symantec report presents data as averages, and it is the quality and due diligence of corporate security programs that will decide which side of average your company will fall.
In the 1980s and 1990s, business applications and data were largely confined within and protected by a Local Area Network (LAN). The 2000s introduced a significant change. Download this white paper now to learn why the shift to the cloud is changing how companies think about and manage their IT infrastructure. more
Microsoft moved to the cloud in 2014, and, as a result, Office 365 is taking off. Now, Okta customers are connecting to Office 365 in increasing numbers. This eGuide explains why IT departments should plan and deploy solutions around identity and mobility management in concert with their Office 365 roll out to get maximum user adoption. more
For most companies, Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) play a central role in coordinating identity and access management policies. When on-premise applications are integrated to Active Directory or LDAP, users get the best possible experience. That's why Okta's cloud-based identity and access management service provides a highly useful single integration point. more
With more and more businesses adopting Software-as-a-Service (SaaS) applications, enterprise IT is fundamentally changing. This whitepaper presents the eight biggest Identity and Access Management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them. more