The survey of 505 small business owners and managers by the U.K. government's small business agency, Business Link, and the National Computing Centre found that 47 percent of businesses were contemplating the prospect of an attack on their infrastructure in the next twelve months. Worryingly, one-fifth had already experienced a breach.
The research found that over 20 percent of companies are not very confident in their understanding of IT security, and as many as 17 percent currently do not have an IT security policy in place. A further 20 percent do not actually know whether they have a security policy.
Respondents identified loss of information (43 percent) and inconvenience of downtime (23 percent) as the key effects of online security breaches. The potential impact this could have on a business's reputation was highlighted by more than 14 percent.
The research also revealed that small businesses perceived viruses (59 percent) as the main risk to their practices, followed by system failure (41 percent) and inappropriate usage (22 percent). Unauthorised access to business systems was also identified by 20 percent of respondents.
However, the research did indicate that IT security is very much on the small business agenda, with almost a third (30 percent) saying they review their IT security policy every six months. Furthermore, 54 percent of companies surveyed have plans in place to respond to a security breach.
In response to the results from the survey, Business Link has set up a web site to help small businesses assess their security policies. Developed with the National Computing Centre (NCC), the website takes the user through a series of questions that relate to the people they employ, the technology they use and the processes they have in place. This analysis generates a detailed breakdown of the risks to their business with practical and detailed advice on how they can be minimized.
"It is essential that all types of businesses are aware of online security threats which have become increasingly common," said Stefan Foster, Managing Director of the NCC. He said the website was developed to help small businesses improve the way they review and apply their IT security "in as cost and time effective way as possible."
The website has been broadly welcomed by small businesses.
"I found this a useful exercise, the report gave me many things to think about," said Leigh Ashton, managing director of sales recruitment firm the Sales Consultancy, one of the small businesses which the website is aimed at. "The links were very good and gave me usable documents, like sample internet policies."
She said that her only criticism would be that though you could save the report, the links on it only come up as a printable document "and did not have an option to allow me to save them as links for ease of use in the future".