UK small and medium businesses (SMBs) are the lowest spenders on IT security in the world, according to a survey by software-as-a-service provider Panda Security.
Some 98% of UK SMBs spend less than £1,000 a year on security software, the survey of more than 7,500 SMBs in 16 countries revealed.
Just over half (51%) of those companies admit to spending spend less than £300 a year and 22% said they did not have or were not aware of having any IT security.
Most (98%) of German SMBs and 84% in Benelux countries said they used some security software.
Only France SMBs reported a lower level of IT security than the UK with 36% not having any known software protection in place.
Unlike most other countries, UK SMBs without security did not cite cost as the main reason for not installing security software, but 80% claimed they did not need it.
Of those UK SMBs that did have some security in place, more than half (57%) said they rely on free anti-virus and firewall software, the highest in the world.
On average, only 38% of European SMBs said they relied on free security software.
Despite this risky IT security strategy, only 38% of UK SMBs admitted they had been affected by malware against a European average of 68%.
The survey show that the protection offered by free software seems to be keeping infections at reasonable levels, said Luis Corrons, technical director at PandaLabs.
"However, if they are hit by an infection, free software will not offer the technical support most SMBs will need to recover," he said.
According to Corrons, the relatively low level of infections probably means that UK SMBs are following sound security policies and processes.
UK SMBs are among the best users of firewall software at 95%, which also helps explains the lower infection rate, he said.
"Just by ensuring security patches for applications are up to date, SMBs can reduce the risk of malware infection," said Corrons.
Some 13% of UK SMBs admitted that malware infections have halted business operations at least once, he said.
Nigel Stanley, practice leader for security at Bloor Research said saving money by using free security shows smart thinking by UK SMBs.
"My biggest concern is the 22% that do not have or do not know if they have security software," he said.
According to Stanley, any business of any size that operates without security software is behaving recklessly.
"They need to sort themselves out or they will not have a business left if they get hit by a malware attack," he said.
At the IDC's IT 2009 security conference in London earlier this month, a security researcher warned that no business is immune from automated cyber attacks.
Businesses tend to assume that if their risk profile is low, they are unlikely to be targeted said James Lyne, senior technologist at security firm Sophos.
"This is not true because an increasing number of automated attacks target any business they can, irrespective of the company profile," he said.