83% of SMBs have no formal cyber-security plan

A significant chunk (40%) of the more than 1 billion cyber-attacks prevented by Symantec in Q1 2012 involved businesses with less than 500 employees. Yet, in their recent joint survey with the National Cyber Security Alliance (NCSA) it was revealed that just 17% of SMBs (250 employees or less) have a formal cyber-security plan.

It's not that SMBs aren't aware of the risks posed by a cyber-attack. Three-quarters believe a safe online environment is critical for overall success; 80% even provide mandatory Internet safety training.

According to the survey, losing access to the Internet for a stretch of 48 hours would be disruptive for 55% of businesses and for 38% it would be extremely disruptive.

Despite this, 83% have no formal cyber-security plan in place and 59% have no contingency plan should they be attacked by hackers or hindered by viruses and malware. Indeed, 18% said they wouldn't know if their computer network had been compromised.

"It's terrifying that the majority of U.S. small businesses believe their information is protected, yet so many do not have the required policies or protection in place to remain safe," said Brian Burch, vice president of Americas Marketing for SMB, at Symantec.

An interesting, and positive, highlight of the survey is that companies "born of the recession" are almost 20% more likely than older SMBs to have a plan, in writing, to keep their business safe from cyber-threats.

Ways in which SMBs can improve online safety practices include strong passwords, frequent updates of security tools, implementation of encryption technology to protect against unauthorized access and comprehensive staff training.

Tags: company policy, cyber-attacks, Internet security, malware, online safety, small business, SMB survey