Canadian Businesses Are Buying IT Security

Canadian SMBs are responding to the increasingly threat-laden online environment by expanding IT security spending, according to a study by AMI-Partners. Security-related expenditures in the Canada SMB segment grew 36 percent in 2004, to US$273 million. The constant barrage of intrusion attempts, both through email and IP attacks, has caused Canadian businesses to invest heavily in defensive measures, bringing these firms more in line with U.S. business security behaviors. The AMI security data, part of a larger annual study covering Canadian IT expenditures, shows that IT security has become a major focus over the past year, with more Canadian SMBs realizing the importance of a secure infrastructure to conducting business operations. "Like many of their peers from established and emerging economies who are grappling with security threats, there is a realization that a solid commitment must be made in order to adequately protect their businesses," says Jennifer Chu, senior analyst for AMI-Partners. Another reason for increased IT security adoption is Canadian industry's close relationship with businesses in the United States "Much of Canada's business is tied into U.S. companies. Those companies have a higher profile and see a greater proportion of attacks, making their Canadian partners more vulnerable in turn. This, coupled with Americans' own demands for better protection, is forcing Canadian businesses to meet increasingly higher standards of data security," Chu says. According to Chu, the bulk of small businesses, defined by AMI as having between one and 99 employees (medium businesses have up to 999), are 10-person operations where each member wears a number of different hats, and security is low on the to-do list. Further, smaller companies often feel they are safe enough as long as they are careful, because nothing has happened to them or they are too small to be a target. The growth rate of security adoption in Canada should not be taken to mean there was a disproportionate lack of attention in previous years, however. "Canada hasn't been particularly complacent. This is an issue with small businesses in general, no matter where they're located," Chu says. "Many businesses' attitudes don't compare to their actions." Attitudes and actions are matching up at an increasing rate, though. AMI's study reveals that more than three-fourths of Canadian small businesses and more than 90 percent of medium businesses have installed antivirus software; one third and two thirds have antispam measures in place, respectively. Network-level firewalls are in use with about half of small businesses, and three fourths of medium businesses. Virtual private networks are deployed in more than 60 percent of Canadian medium-size companies; smaller organizations, which typically have less need for VPN remote access, have an adoption rate slightly higher than 10 percent. The survey further notes that Canadian SMBs will focus on data backup, disaster recovery, and more data security measures over the next 12 months. "Data is the lifeblood of business," Chu says. "Companies are realizing this, and taking the next steps in order to secure their space." Related articles: Top IT Threats CitiFinancial 'Deeply Regrets' Customer Info Breach Fear and Loathing in the Database