And as bandwidth is getting cheaper, that's putting a lot of pressure on service providers. "We've lowered prices 30% to 50%," Scott says, but so have his competitors. "Postini was $5 a mailbox. Now it's $2.50, and it could be as low as a buck" in some cases.
"As products move to a service structure, the price that people will pay for infrastructure is going to plummet," Scott says. And that means "a lot of $1 billion markets turning into $100 million markets."
From his perspective, though, this new frugality opens a market opportunity for GFI. If SMBs can no longer afford $400 for security software, "I have a shot at becoming the infrastructure company for SMBs," he says. Traditional software companies will no longer be able to spend 150% of new license revenue on sales and marketing.
"We're still growing and profitable as hell."
That doesn't mean SMBs don't have security needs, of course. Scott says the results of a new GFI security survey "scare the crap out of me." The survey shows that almost half of SMBs "really don't care about internal threats," and that even among companies who do have Web monitoring capabilities, "two-thirds don't even use it!"
The study revealed that 51% are concerned about Web-borne malware, but only 9% worry about internal threats -- although that percentage rises as company size increases.
This lack of concern is dangerous, Scott says. "My customer database is the most important asset I have," he explains, and warns that when things turn ugly in small companies, the strong personal relationships mean "there's a whole lot of emotion involved. And one employee lawsuit where you're not prepared can be a big deal for a small company."
Yet the study says 63% of SMBs don't have policies concerning storage and retention of e-mails -- indicating that e-mail compliance and e-discovery are not seen as big issues. Some 18% of SMBs are planning to institute these kinds of policies. On the other hand, 66 per cent of respondents do not have email retention rules (20% say they are planning to do so).
More than half of SMBs (58%) have formal policies restricting access to sensitive data (11% are considering developing such policies), but only 47%have formal policies categorizing company data by its sensitivity (14% are considering adding such policies).
Of course, the external threats are also real. Many SMBs believe that "I'm too small for someone to come after," Scott says,, but the bad guys are increasingly fishing for soft targets. In places like China and Belarus, he adds, hacking is becoming a matter of national pride. "They don't know what they're attacking," Scott says, "they're just looking for servers."
Fortunately, the survey indicates that SMBs do take security seriously. Some 21% of SMBs don't plan to target security spending even if they have to slash their IT budgets, compared to 9% who are more likely to cut security spending than other IT projects.
Download The Survey: The GFI Software SMB And IT Security Report
Not surprisingly, GFI used the release of the survey as hook for its own news: the purchase of Katharion's outsourced anti-spam and anti-virus e-mail filtering solutions. Scott said that in addition to adding Katharion's 8,000 customers to GFI's 50,000 roster, the acquisition adds new Software as a Service (SaaS) technology to the company's existing on-premise security offerings for SMBs.
GFI is counting on this hybrid approach to help it prosper amidst these shrinking markets while still taking care of companies that "like to hug their Exchange servers," Scott explains. For now, he claims it's working. "We're still growing, and still profitable as hell."