According to the Symantec 2009 SME Security and Storage survey, inadequate budget along with ineffective information security management at the operational level were found to be problems for most Indian SMEs. The study revealed that Indian SMEs were aware for protection of information (84 percent), network (76 percent), desktop (53 percent), servers (81 percent), e-mail (67 percent), and backup and recovery of data (83 percent). However, the deployment of solutions for protecting corporate data was not actually observed among the SMEs.
It was found that the present day IT security threats were not known by about 61 percent of SMEs in India. 73 percent of SMEs were found to tackle concerns of virus attacks. 60 percent of them were reported to be concerned about phishing scams and 64 percent of them for spam. However, consideration of data loss was not observed by 68 percent of the firms. According to the survey, employee ignorance was observed in 70 percent, unencrypted laptops in 61 percent, and unauthorised network access in 50 percent of the SMEs. These factors were actually the major threats for security.
Deployment of effective storage solutions including backup and archiving in the IT infrastructure was found to be very slow among Indian SMEs. It was found that a backup and recovery solution was critical by 83 percent of the respondents, and 69 percent of them were aware of the need to archive data. However, the solution was implemented by only 44 percent of the respondents. Only 28 percent of the respondents were found to implement encryption software on removable storage devices.
60 percent of the respondents were interested in spending Rs. 1,00,000 annually for protection of information and systems. It was reported that the security function should be done coupling with the IT function and it was supported by 69 percent of the respondents.