Anti-Virus Software and Firewalls Becoming Commonplace Among SMBs Though 2.2 Million SMBs With PCs Still Don’t Have Any IT Security
AMI’s Analysis Reveals Sharp Differences in IT Security Adoption by SMBs – Less Than One-Third of 7.6 Million SMBs Drive 70-80% of Total IT Security Spending
Network Associates and Symantec Remain Dominant Brands While Demand For Enterprise Strength Solutions Attracts Check Point and Other Players
NEW YORK – September 25, 2002 – Total U.S. small and medium businesses (SMB) spending on IT security will reach $1.4 billion during 2002, spurred in part by the events of September 11. AMI forecasts this spending to increase by 31% annually to reach over $5.3 billion by 2007. The focus on IT security has increased very significantly since September 11, 2001 and nearly one-sixth of all SMBs with PCs cited September 11 for enhancing/deploying IT security. Yet, almost 2.2 million SBs with PCs still remain without any form of IT security.
The above findings were released today by New York-based Access Markets International (AMI) Partners, Inc., a leading consulting firm specializing in IT, Internet, telecom and business services market intelligence, trends and strategy with a strong focus on global small and medium business (SMB) enterprises. AMI conducts IT industry’s most comprehensive annual tracking
surveys of small and medium business (SMB) enterprises in several countries including the U.S., France, Germany, U.K., Australia, China, India, Japan, South Korea, Brazil and Mexico.
The survey found that while anti-virus software and firewalls are becoming commonplace among SMBs, they are also increasingly using other security measures like intrusion detection, VPNs, remote data backup, redundant systems, remote network security management, etc. “U.S. small and medium businesses are realizing that as they increase their use of Internet-based
applications that expose their customers’ as well as their own business data, IT security would have to become an integral part of their operations” said Anil Miglani, Vice President at AMI. Reflecting this new focus on IT security, many SMBs give high importance to security when purchasing new products, developing new systems and selecting IT service providers. Nearly one-fifth of the US SBs that don’t currently sell their products and services via the Internet cited security as the reason for not doing so.
The spending on security is being driven by the increasing utilization of Internet and networking related technologies by SMBs, which increase their risk and vulnerability to various forms of unwanted intrusions by others. AMI estimates that over 5.5 million U.S. SMBs use the Internet, of which nearly 56%, or slightly over 3 million use broadband. In addition, about 93% of all MBs and 40% of SBs use LANs.
The rising inter-connectivity among businesses is also leading many large businesses to influence their customers and suppliers to enhance their IT security. Over half of all MBs and over one-fourth of all SBs sell to large businesses and 87% of MBs and 62% of SBs report purchasing goods and services from large businesses. “Their large purchasing power gives large businesses tremendous ability to influence their SMB business partners,” said Andy Bose, CEO and Founder of AMI Partners. Indeed, one-third of all
MBs and 13% of all SBs reported that their large customers are influencing them in their use of new technologies.
SMBs are also increasingly relying on VPNs (virtual private networks) to provide secure remote access to their employees (who either sometimes work at home or travel for business purposes) as well as their branch offices and customers & suppliers, who have direct access to the SMBs’ information sources. AMI estimates that nearly one-quarter of a million SBs and 40,000 MBs currently use VPNs and projects these numbers to increase to almost 3 million SBs and 91,000 MBs by 2007. The Jolt of September 11 While IT security had been gaining importance for quite some time due to factors like notorious viruses and worms, portable PC thefts, internal and external sabotage, website defacements, denial of service attacks and fears of fraud, the events of September 11, 2001 brought the subject front and center. Not only did they create a sense of physical vulnerability among businesses, but they also raised cyber-terrorism from being a mere possibility to a distinctly probable occurrence. Thus, over a million small businesses (approx. 16% of all SBs) and almost 40,000 medium businesses (39% of all MBs) deployed or strengthened their IT security after September 11
including using anti-virus software, firewalls, data backup, system redundancies, etc.
While the alarmist tone of the early post-9/11 period has abated in recent times, security has continued to be a high priority for proactive SMBs. Thus, 23% of small businesses and 62% of medium businesses felt (in the 2002 study) that it was important for them to enhance their IT security over the next 12 months, up significantly from last year, when 12% of small businesses and 44% of medium businesses considered it important to enhance their IT security.
The events of September 11 also made SMBs aware of their vulnerability to other failures. As a result, 12% of SBs and 24% of MBs deployed/enhanced backup measures to guard against failures in power systems, telephone and Internet access lines, etc. In addition, 18% of MBs reported having deployed/enhanced physical surveillance of their office locations.
However, even after all the publicity given to IT security in recent times, almost one-third of all small businesses still don’t use any security measures at all, reflecting the enormous diversity among the U.S. SMBs in their attitudes toward new technologies.
Emerging Industry Trends SMBs are often prevented from adopting IT security by their limited budgets and technical skills. Most of them don’t employ any full-time IT experts to help them implement and maintain new security-related technologies. The
wide range of IT security threats have spawned an equally wide range of security solutions, overwhelming these SMBs.
Fortunately, IT security vendors have been increasingly focusing on SMBs which have provided a welcome avenue of growth to vendors seeking new markets, especially in light of the delay in the revival of enterprise spending. As a result of this refocusing, vendors are either developing new products or adapting existing ones to the needs of the SMBs, which often
have limited budgets and technical skills:
∑ Vendors are integrating security into their hardware and software products to make them safer.
∑ Vendors like Network Associates/McAfee now offer IT security solutions via the ASP model, which includes automatic updates of software and virus definitions, minimizing the time and technical skills required by the users to maintain the service.
∑ Vendors like Network Associates and Symantec now offer bundled software packages that integrate the functionality of anti-virus, firewalls, intrusion detection and content filtering.
∑ Several vendors now offer separate plug ‘n play security appliances which require little technical knowledge on the part of the users (e.g. Celestix, Check Point, Network Associates, NetScreen, Nokia, SonicWALL, Symantec, etc.). These appliances also provide integrated functionality of firewalls, VPNs, content filtering, etc.
∑ Finally, vendors are also increasingly offering IT security as an outsourced managed service, whereby even mid-sized and large businesses can outsource their entire IT security operations to an external service provider.
IT Channel Partners Rise to the Occasion The emphasis on IT security was also seen in a separate study of U.S. SMB channel partners, conducted around the same time as the SMB end-user study (i.e. May-June, 2002). The study revealed that almost two-thirds of the channel partners offer firewalls, 58% offer data backup & disaster recovery and 48% offer VPNs. In addition, 36% are involved in designing & developing custom security systems for their clients and 22% offer outsourced managed security services. These channel partners, including system integrators, VARs (i.e. value-added resellers), independent software vendors and IT
consultants, etc. play a crucial role in helping SMBs select, acquire and implement new technology solutions, especially since SMBs lack adequate in-house skills and resources to accomplish these tasks on their own. SMB Market Segmentation
A more detailed analysis by AMI grouped the 7.6 million U.S. SMBs into four tiers based on factors like their current and planned adoption of new technologies, attitudes towards technology, etc. (In addition, these four tiers also vary significantly in their average size, industry specialization, types of customers and suppliers, employee mobility, etc.) The analysis revealed that less than one-third of all SMBs belonging to Tier 1 and Tier 2 account for nearly 70-80% of total IT security-related spending by all SMBs. These SMBs tend to be early adopters of most new technologies, have a high technological orientation and view IT as an integral part of
their business. On average, they spend about 5-10 times as much on IT as their counterparts in Tier 3 and Tier 4.
In sharp contrast to these high spenders, the remaining (more than) two-thirds of all SMBs that belong to Tier 3 and Tier 4 are somewhat reluctant adopters of new technologies, waiting for new products to become commonplace and more affordable before acquiring them. Nearly 2.2 million of these SMBs have not implemented any security solutions, including anti-virus software, making them highly vulnerable to internal and external threats.
Thus, while the more technology savvy SMBs – who comprise less than one-third of the U.S. SMB population – were quick to pick up the message of 9/11 and enhance their IT security, the vast majority of less savvy ones didn’t. It’ll take a concerted effort by the industry to raise the security awareness of these businesses and educate them about the need for security. About Access Markets International (Partners) Inc. (AMI-Partners) AMI-Partners specializes in IT, Internet, telecommunications and business services strategy, venture capital and actionable market intelligence, focusing on global small medium business (SMB) enterprises. The
AMI-Partners mission is to empower the firm’s clients for success with the highest quality data, business planning and “go-to-market” solutions. AMI-Partners was founded in 1996 under the name of Access Media International (USA), Inc. (AMI-USA) by Andy Bose, formerly a group vice president at IDC. Since its inception, the firm has built a world-class management team spanning 10 to 25 years in IT, telecommunications, online communications, and multimedia. The team is comprised of individuals whohave formerly built careers at leading companies such as Cablevision, Compaq, IBM, IDC, JPMorgan, McKinsey and other industry-leading companies.
AMI-Partners has shaped the go-to-market SMB strategies of more than 130 leading IT, Internet, telecom and business services companies in the last five years. The firm is well known for its IT and Internet-adoption-based segmentation of the SMB Markets; for its annual retainership services based on global SMB tracking surveys; and for its proprietary database of several thousand SMBs in the U.S., Europe, Asia-Pacific and Latin America. The firm invests significantly in collecting survey-based information with several
thousand SMBs globally through the industry’s most comprehensive SMB survey instrument, and is considered to be the leading benchmark for tracking SMB trends.