Up to a few years ago, vendors were united in a single battle cry: your business is at risk… unless…! Scaremongering worked to an extent but it soon became obvious to many organizations that vendors were crying ‘wolf’ far too often. The result has been a growing level of suspicion among SMBs and a tougher challenge for vendors and the channel to convince them otherwise.

Cybercriminals have honed their skills using technology to defraud people. Their modus operandi evolves daily and while financial gain and access to corporate data is a primary reason for their activity, we are witnessing a new breed of hackers whose sole interest is now to cause damage to businesses and governments. The outcome is one that hits businesses’ pockets hard.

That is why I believe that our messaging and strategy for positioning security to SMBs needs to change. We need to continue creating awareness on the myriad threats that exist out there, but we also need to focus on issues that are of greater interest to businesses: how security (or lack of) hits their profits.

Business owners don’t want to be told how a security threat could possibly affect them but they do want to be told how an email management system – set up with minimal cost – will save thousands of dollars by cutting down the number of unproductive hours managing the unmanageable.

They want to be told how a small investment can prevent corporate data from being lost through portable storage devices, social engineering attacks and unmonitored endpoints.

The point here is that we need to correlate security to productivity cost throughout the sales cycle. Obviously there are security risks but what about the costs associated with the above?

Are businesses aware that they are losing hundreds of dollars in non-productive, non-work-related online activity when productivity can be drastically improved if that activity is control and monitored?

Do they realize that employees downloading or watching videos on YouTube is hogging up bandwidth; bandwidth they are paying handsomely for every month? If eight employees spend an hour a day on social networking sites, the business has lost a full day of productive work. Taking the average hourly rate to be $18, this translates into a non-productive cost of $144 a day or $37,440 a year (260 working days). What if all your employees spent an hour a day browsing the internet?

Do businesses factor in the costs involved if they had to be caught napping and were unable to produce emails requested in a legal suit, let alone the burden on IT administrators to manage growing demands for additional storage space and the nightmare to keep track of employees’ .PST files?

I have no doubt that many small-and medium-sized businesses are ignoring these facts and this is probably one reason, among many, why security issues are not given proper consideration. Combined with their lack of awareness on how security threats are evolving (and targeting SMBs) it is not surprising that businesses continue to equate security to spam and viruses.

And this is why we need to change our approach to positioning security. Securing business will depend on how effective we are in explaining to customers that failing to address security in today’s ever-changing environment is costing them money – far more than if they were to spend a few hundred dollars in the first place!

We need to change our battle cry once and for all. Security is a cost of doing business but a worthwhile cost if it will safeguard a business’s profits and existence.

Walter Scott is CEO of GFI Software