The survey, conducted for CA by analyst firm Quocirca, polled 240 senior managers from U.S. companies with less than 1,000 employees and 200 senior managers at European businesses with less than 300 employees.
The study found that many SMBs do not have enough resources to properly implement security best practices such as proactive patch management and testing of data backup and recovery systems.
Less than 30 percent of the SMBs polled use automated patch management software. Only 25 percent use automated software to manage data backup while 20 percent had no backup capabilities at all.
SMBs' IT environments often are complex with mix of software and hardware, making security management difficult, according to the survey. Plus, small companies tend to have few dedicated IT staff.
"These studies reveal that while SMBs continue to embrace technology, a disturbing number lack the resources necessary to protect their IT assets in a sufficiently organized manner," said Bob Tarzey, Quocirca service director.