The study, The State Of SME IT Security: 2008 To 2009, looked at both North America and Europe and found that for the most part SME spending on IT security mirrors that of large enterprises but there are some key differences.

Here is a summary of findings:

SME IT security budgets dip SMEs devoted 9.1 per cent of their company's IT operating budget to security in 2008: down from 9.4 per cent in 2007, but with plans to bring IT security budgets back up to 10.1 per cent in 2009.

Data security is the top issue for SMEs Data security is at the top of the list of issues deemed important (87 per cent), with application security close behind (80 per cent).

But of the issues SMEs deem 'very important', 64 per cent selected data security with the next most common being business continuity/disaster recovery at only 48 per cent.

Protecting data is a critical business objective.

Eighty-two per cent of SMEs describe protecting sensitive corporate data and intellectual property to be a very important or important business objectives for IT security, and the same number say protection of customer data is just as important.Managed security services set to grow Similar to enterprises, SMEs disclose that the two top drivers among firms for using a managed security service provider is the demand for specialised skills (31 per cent) and the need to reduce costs (24 per cent).

This statistic will be interesting to the data centre operators and IT services companies in the Isle of Man.

Lack of a formal business continuity planning hinders SMEs aside from not having any kind of formal business continuity plan in place (45 per cent), another other top challenge is that there is too much emphasis on disaster recovery (26 per cent).

SMEs continue adopting client anti-malware Use of personal firewalls — adopted by 58 per cent of SMEs already — will remain popular, and 19 per cent plan to adopt or pilot a host intrusion prevention system (HIPS) in the next 12 months.

But expect to see SMEs start to complement these with a range of data encryption and protection technologies.

Content filtering is on the rise. Generally, SMEs plan to pilot content filtering for a range of activities such as email, web browser activity, instant messaging (IM), peer-to-peer activities, and voice over IP at almost similar rates internally with a product (10 per cent to 11 per cent) versus externally via a managed service (6 per cent to 9 per cent).

The channels most likely to be blocked outright are IM (18 per cent), peer-to-peer activities (14 per cent), and voice over IP (14 per cent).
SMEs employ fewer application security tools than enterprises. Seventy-two percent of SMEs have tools for application security in place, results that are similar to enterprises (75 per cent).

Yet, when comparing which solutions they use, SMEs only parallel enterprises in their use of application firewalls: adopted by 55 per cent of SMEs versus 53 per cent of enterprises.

Justification hinders data security efforts.

For 84 per cent of SMEs, data security is a challenging issue.

The biggest challenge is in cost and business justification (54 per cent).

SMEs have adopted more email encryption (26 per cent), network storage encryption (23 per cent), and data leak prevention (23 per cent) than other data security technologies.

Buying direct, buying from a network service provider is popular
While there is no strong tendency to go with one source or channel overall, there is generally a slightly larger percentage of SMEs choosing to purchase direct from the manufacturer or through their network service provider.

Security decision-makers are most influenced by peers, less by digital media.

Overall, peers and colleagues (word of mouth) top the list of influential sources of information for informing purchasing decisions, with 35 per cent of SMEs saying that their peers are very important and another 49 per cent of SMEs saying that they are somewhat important sources of information.

Consultants, value-added resellers, and systems integrators are also considered very important by 27 per cent of SMEs, while technology or business publications and magazines are also important and hold the attention of 74 per cent of SMEs overall.

The key takeaways of this research are that SMEs are not unlike their larger counterparts.

They think the same way. Of course their budgets aren't as large, but they have similar priorities.

As budgets are set to grow, this remains a viable market for IT product and services vendors.


>> Sherrilynne Starkie is the managing partner of Strive Public Relations, a strategic communications consultancy serving the Isle of Man. Visit her business blog, Strive Notes for frequent updates www.strivepr.com/notes or follow her on twitter.com/sherrilynne