Small and medium-sized businesses (SMBs) worldwide will spend $11.4 billion on IT security this year, according to a report this week from AMI-Partners Inc. (AMI), the New York market data firm.
The expenditure is a 23% increase from 2005, when SMBs shelled out an estimated $9.3 billion on security products. And the trend shows no sign of slowing: AMI-Partners projects double-digit annual increases in security spending by SMBs for the next several years.
"As more and more SMBs become increasingly reliant on IT, security becomes a necessity," said Anil Miglani, senior vice president at AMI-Partners.
The security products purchased by SMBs vary, with the smallest businesses typically the least protected and a large swath of the market still untapped. (AMI estimates that 13 million SMBs worldwide don't even have antivirus protection.)
"As you move up, you find that some of the businesses are adopting an increasing number of security products. They might have antivirus, firewalls, VPNs antispam and so on," Miglani said. "The next category are businesses that already have adopted these products and are looking to integrate them, usually coming in the form of product suites. At this next step you also see SMBs moving into other areas, such as access management solutions."
Unlike larger companies, SMBs have tended not to worry as much about internal security breaches, Miglani said. "They don't see the employees as being a major threat," he said, in part because they have fewer employees than large companies. "Partly, it's also a matter of not feeling the pressure from their customers," he said, but that, too, is ripe for change. "SMBs are storing more and more critical customer information, and they need to become more concerned about safeguarding that."
The obvious beneficiaries of the increased focus on security are product vendors such as Symantec Corp., McAfee Inc. and Microsoft, now that the Redmond, Wash.-based software giant has decided to co-opt security. Channel players will also benefit, because they continue to play a significant role in fulfilling security needs for SMBs, Miglani said. And security as a service will get a "major boost," he added, "largely because it removes the requirement of having a full-time IT staff managing security."
Let us know what you think about the story; e-mail: Linda Tucci, Senior News Writer