SOUTHFIELD ? Computer Associates International said Wednesday that small and medium businesses (SMBs) remain highly vulnerable to a variety of cyber-threats ? resulting in unacceptable exposure to significant business risk.

According to surveys of senior managers conducted for CA by Quocirca, Ltd. a leading independent business analyst organization, many SMBs do not have sufficient resources to implement proven security best practices ? such as periodic security reviews, proactive patch management and/or appropriate testing of data backup and recovery systems.

Quocirca surveyed 240 senior managers from companies in the U.S. with less than 1000 employees and 200 senior managers from companies in four European countries with less than 300 employees.<>

Key findings of the studies include:

SMBs have relatively limited resources with which to manage their increasingly dense and heterogeneous IT environments. About 25 percent of larger SMBs still rely on non-experts to manage IT. For small businesses and SOHO users, that number rises to about 50 percent. SMBs in the European countries surveyed had even fewer dedicated IT staff than their U.S. counterparts.

The SMB IT environment is surprisingly complex. Despite their size, SMBs often wind up with a wide range of hardware and software resources. Older versions of Windows typically co-exist with newer ones ? and many larger SMBs use a combination of Windows, UNIX and Linux. This makes security management more difficult and time-consuming.

Security and data protection processes are often managed manually ? and therefore frequently neglected. Only 25 percent of SMBs surveyed are using automated software to manage their backups. Approximately 20 percent have no backup capabilities at all. Of those backing up their servers, more than 30 percent have not checked their ability to recover files in more than a year.

SMBs are slow to react to emerging threats. More than 75 percent of SMBs utilize a high-speed internet connection, yet more than 25 percent said they had not checked the security of their internet connection in at least a year. And while 80 percent deployed antivirus software, less than 50 percent have installed anti-spyware solutions ? leaving them open to a rapidly growing range of potentially destructive threats.

Poor patch management leave many SMBs open to known security vulnerabilities. While many SMBs take advantage of Microsoft?s automated updates, less than 30 percent use automated patch management software to ensure the safety of their non-Microsoft applications. In larger SMB environments, where the testing and central management of patches is even more crucial, only 40 percent are using automated patch management software.

?These studies reveal that while SMBs continue to embrace technology, a disturbing number lack the resources necessary to protect their IT assets in a sufficiently organized manner,? said Bob Tarzey, service director at Quocirca Ltd. ?SMBs need to make sure they have a comprehensive security and backup strategy in place for their increasingly business-critical computing infrastructure.?

CA Protection Suites Now Available

CA released the Quocirca studies in conjunction with the general availability of five attractively priced Protection Suites that fulfill the security, storage and data migration needs of SMBs. Offered in 17 languages, the Protection Suites also provide the simplified technology acquisition, deployment and ownership that are so important for under-resourced businesses.

For more information, click on CA.Com/ProtectionSuites