Survey Shows Small Businesses Lack Security Procedures

Symantec and The National Cyber Security Alliance studied the security habits and beliefs of small businesses across the U.S. in a September of 2012 survey.  For the survey, a small business is defined one with less than 250 employees.  The results seem to indicate small businesses do feel secure even though they appear to lack security policies and practices.  Here’s a sampling of the survey results:

*Over 70 percent of small businesses believe strong cyber security and online safety are good for the company brand.

*Over 80 percent do not have a written cyber security plan and 60 percent do not have a privacy policy for handling  customer and employee confidential information.

*About one-half of those surveyed do not believe experiencing a data breach would impact their business and over 50 percent of those surveyed do not have a data breach response plan.

*Nearly 20 percent say if their network was compromised, they would not be aware of it.

We previously reported on a survey regarding the purchase of internet/network security insurance. In it, the majority of businesses did not feel the need to purchase cyber insurance.  This would seem to track with the responses of this survey.  But it doesn’t necessarily track with reports showing targeted attacks do affect small businesses.  In fact, Symantec has released more current numbers underscoring the small business exposure.   Read more about the survey in CNet’s article,  Small biz survey: No cybersecurity plans — no worries. What?