IT security spending slashed during recession

02.04.2009
The recession is forcing smaller and mid-sized businesses to cut back on IT security, even though most companies expect security threats to increase.

That's according to a survey by security software company GFI, which found that 37 percent of SMEs regarded security as an area of minimal investment - or one that could be cut if necessary.

Not only that, the SMEs often have the wrong target, with four times as many of them seeing external threats as the most pressing for any company. According to the survey, 78 percent see internal attacks the biggest threat, whereas a company's own employees can do much more damage.

According to a recent survey from the Ponemon Institute, six out of ten employees stole company data after leaving their jobs, while McAfee calculated that the total economic losses from insider security breaches reached US$1 trillion last year.

Announcing the results of the survey, GFI CEO Walter Scott said employers had an unrealistic expectation that none of its employees would betray the company. As an example, he cited how one of his former employees, with an exemplary work record, had joined a small business and went on to embezzle $600,000, something that could not have been predicted. But, he said, if not criminal activity like this, businesses could also be at risk from memory devices like USB sticks, bearing viruses, or from smartphones and netbooks.

"Too many small businesses think that they're too small to be at risk," said a GFI spokesman. "There's an attitude that it will never happen to me."