When it comes to planning for the worst, a new study shows small businesses are woefully underprepared.
Research from the automated security and compliance auditing solutions firm nCircle reveals that nearly 90 percent of small and mid-size businesses have inadequate or outdated disaster recovery plans.
Specifically, the survey shows that 51 percent of small and mid-size business have a disaster recovery plan, but aren't even sure if it is current, while 13 percent of those surveyed don't have a plan at all.
Nearly 40 percent of businesses that did report having a plan said it went no further than backing up data.
"The number of small businesses that have no written security or disaster recovery plan is a significant concern," said Elizabeth Ireland, vice president of marketing for nCircle. "It seems counterintuitive, but even though smaller businesses have fewer resources, they need to pay more attention to security rather than less."
The study also shows that a lack of proper security policies is leaving many companies vulnerable to a potential disaster.
Nearly 20 percent of the surveyed businesses lack a security policy and simply expect employees to use good computer judgment; 26 percent have a security policy that isn't enforced.
"Security needs to be more than a written document that you file and forget," Ireland said. "It should be a crucial safeguard that’s integrated into every aspect of your business."
The research was based on surveys of 145 professionals responsible for IT security in small to mid-size businesses.