A survey released by Symantec on security and storage trends among small and medium in the Asia Pacific and Japan (APJ) region show that Hong Kong firms are the most casual when it comes to attitudes about security, but 64% have plans of increasing information security and storage within the year.

According to the findings of Symantec’s 2009 Global and Mid-seized Business (SMB) Security and Storage survey, 84% of SMBs will increase (57%) or at least maintain (27%) their IT spending despite economic downturn. On the other hand, the top three investment priorities of these SMBs included system upgrades, data replication and automatic patch management.

In Hong Kong, the biggest concerns were the use of handheld devices containing company data and handling multiply security technologies and data breahes (62% each), as well as leaking of confidential proprietary information through emails (60%). However, only 38% of respondents placed great importance on protecting information, and a measly 5% prioritized network security – the lowest scores in the APJ region.

Across the region, SMBs declared viruses, data breach, and leakage through USB storage and handheld devices as their biggest concerns. 52% had already reported suffering a previous security breach – coinciding with the findings that those SMBs in the APJ region suffer a higher risk of recurring security attacks. Despite the increased risks, 56% of SMBs do not have endpoint protection and 53% do not even have desktop backup and recovery. However, responses on storage concerns showed that 70% of the SMBs worry the most about backup and recovery of data, as well as planning for disaster recovery (64%), and archiving data and communication (56%). This heightened awareness of external threats does not seem to translate to increased security measures, with most gaps existing due to system and hardware failure, human error as well as improper use of or use of outdated security solutions. Respondents cited lack of security skills (40%) and budget (41%) as main hindrances to their security efforts.

According to Bernard Kwok, Symantec's senior vice president for Asia Pacific and Japan, the main reason for this is that SMBs have limited resources such as time, money and knowledge to handle security management properly. Often other more urgent business processes and requirements will take priority of security and leaves their business vulnerable to security disasters