[Excerpted from "Security Services Strategies For Small And Midsize Firms," a new report published today in Dark Reading's Security Services Tech Center.]

Hackers don't care how big your business is.

As a result, many small and midsize businesses today have enterprise-class security vulnerabilities -- and only a fraction of enterprise security budgets. To help close the gap, many SMBs are turning to third-party security services, according to a new report published today by Dark Reading and InformationWeek Analytics.

"Mixing in software-as-a-service options where possible and recovering some man-hours to actually define, manage, and enforce your security plan is becoming an increasingly attractive option" for SMBs, according to "Security Services Strategies For Small And Midsize Firms," a new report available today on Dark Reading.

The report outlines some of the differences between the needs of the small business and those of the large enterprise.

"The biggest thing SMB IT pros have going for them is an intimate knowledge of how the business operates, where its sensitive data resides, and what its weak points are," the report states. "By contrast, big business IT execs have must unwind complex business processes and navigate large organizational structures in order to clearly understand the security landscape. Enterprises' weak points are tough to evaluate, and even tougher to plug. And sensitive data? It's everywhere."

The report offers a detailed look at the total cost of ownership surrounding security technology and weighs the cost of "renting" tools against the cost of "owning" them.

"For most SMBs, the benefits of SaaS and third-party security fall into three areas: cutting down on the stress associated with managing complex security apps; getting up and running quickly; and letting you focus on your business without having to worry about installing updates," the report says.

The report estimates that a Web security solution would cost the typical SMB about $38,000 in the first year, while an SaaS solution that delivers many of the same capabilities would cost about $15,000. The report also offers a look at TCO for a five-year period.

Of course, SaaS solutions aren't completely automated, the report observes. Building a working solution means knowing what sensitive data you have, what regulatory rules your organization might be subject to, and where the critical data resides.

"In our experience, SMBs tend to have sensitive data on employees' home machines; on removable media; or if you use cloud computing, on 100 file servers scattered throughout the globe," the study says.

In addition to offering TCO data, the report walks the reader through the data analysis process to help identify the type and location of information that needs secure handling.

To download the full report, click here.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.