Many U.S. businesses fail to take cybersecurity protection seriously and are unwilling to spend money on additional protection, according to a recent survey of value added resellers (VARs) by the Computing Technology Industry Association.
Cybersecurity was the top policy concern for VARs in the August survey by CompTIA, but right behind security was the rising cost of health care for VAR employees, CompTIA said. Ninety-seven percent of the 109 respondents said they believe U.S. businesses are not secure enough, while 96 percent of respondents said they were concerned about rising health-care costs.
Health care is "our largest expense after payroll," said M.J. Shoer, president and virtual chief technology officer, for the Jenaly Technology Group, a VAR in Portsmouth, New Hampshire. "No other business can survive with double-digit increases year after year like the health-care business does. If we had those type of annual increases from our business to our clients, we'd be out of business."
Shoer called health-care costs one of the largest issues facing the U.S.
Rising health-care costs have become a worker-recruiting issue, added Shiv Kumar, executive vice president at ZSL, a VAR in Edison, New Jersey. "Considering our business size, we can't attract or retain good workforce without offering a good benefits package which could be offered easily by large organizations because of their size," he said.
In focus groups in late 2007 and early this year, health-care costs came up several times as a top concerns of VAR members of CompTIA, said Michael Wendy, a CompTIA spokesman. Small tech businesses seem to see offering health-care benefits as a moral issue as well as a recruiting and retention issue, he said.
While Shoer and Kumar focused on health-care costs as their top policy concern, they both acknowledged that cybersecurity is a major concern as well. It can be difficult to talk some customers into buying more cybersecurity products or services, they said.
An executive at one client recently refused to give up his four-letter password for a more complex one, Shoer said. "We finally had the client sign off on a document that acknowledged our disapproval of this practice and basically absolved us of any responsibility for any problems resulting from this partner's unwillingness to conform to the firm's password policy," he said.
For most small businesses, cybersecurity comes down to a convenience issue, Shoer added.
"Most small businesses don't want to have to deal with the burden of proper security," he said in an e-mail. "You'd be amazed how resistant small businesses can be to even the most basic security measures. I've seen owners write their passwords on the edges of their monitors, literally!"
Many small businesses don't pay a lot of attention to cybersecurity until their "systems or data get compromised or disrupted," added Kumar.
Cybersecurity products can be a tough sell because it's difficult to prove a negative, Wendy said. If a business owner hasn't had a major attack or lost data, he or she may think the business may not need more protection, he added.
Other major VAR policy concerns, according to the survey, released this week:
-- Ninety-five percent said they would use federal tax credits for IT training if they were available. IT workers need training in technologies such as Web 2.0, unified communication and virtualization, Kumar said. "Utilizing these modern tools and platforms would help us not only offer better solutions, but address the skilled worker shortage as well," he said.
-- Seventy-nine percent said Congress should act to stop patent "trolls." VARs seem to be hearing about problems with patent lawsuits from their larger suppliers, Wendy said. "If [VARs] don't have the goods, they can't sell the goods," he said.
-- Seventy-eight percent agreed that software piracy is a problem.
-- Sixty-seven percent said the U.S. economy is the most important issue facing the next president.