Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

How’s this for a cyber-crime target: In most industrialized countries, SMBs make up 97 to 99 percent of all companies. Yet most of those small to midsize businesses have tiny IT groups, and most of those IT groups don’t have security expertise—heck, they don’t even have security policies to manage employees’ personal use of work computers.

Those grim facts come from an Oct. 16 survey out of Webroot Software. For its latest quarterly State of Internet Security report, Webroot surveyed companies with five to 999 computers in six countries: Canada, France, Germany, Japan, the United Kingdom and the United States.

“SMB” is a fuzzy term. Each country has a slightly different definition of what constitutes a small or medium-size business. In some countries, an SMB has fewer than 1,000 employees, in some it’s sub-500, and in others it’s fewer than 100, according to Webroot. However, in general, companies with fewer than 1,000 employees form a large chunk of many countries’ economy. In the United States, companies with fewer than 500 employees account for half of all private-sector workers, and SMBs produce half of the private, non-farm GDP (gross domestic product), the Boulder, Colo., company said. In the United Kingdom, SMBs account for almost 60 percent of all employment.

Webroot CEO Peter Watkins told eWEEK that SMBs are getting hit hard by cyber-crime—unsurprising, given the scant IT coverage they have in-house. “When you look at some individual statistics about the number of people they have devoted to areas like IT, it’s amazingly small,” he said. “[Thirty-one percent] of small businesses have two to three people or less devoted to IT.”

Read the full story on SMBs Are Sitting Ducks for Cyber-Crime