Many UK SMBs probably spend as much re-filling the communal water cooler as they do buying security software, a global survey of the sector has found.

If that sounds outlandish, consider the extraordinary figures uncovered by security software company PandaLabs, which surveyed 7,500 companies in the sector across 16 countries, including the UK, the US and Germany.

Twenty-two percent of US SMBs (defined as businesses with between 1 and 400 seats) spend more than $1,500 (approx 1,000 euros) per annum on security software. Looking at the 389 SMBs questioned from the UK, the number spending over the same sum was an unfathomably low 2 percent.

In fact, UK SMBs are the lowest spenders on security software in the world, half coughing up less than £300 (approx 290 euros) per annum, and 38 percent barely reaching the £100 mark. Some of this can be explained by the fact 67 percent of the UK companies reported having fewer than 10 employees, but even so the numbers take some explaining.

Water coolers, meanwhile, sell for £10 (approx $16) per week and up, which even in a small company would easily lead to a spending figure approaching or at the 1,000 euro mark.

The UK's cheapskate SMB spending habits leads many of them to ‘free' software. Of the seventy-eight percent using some type of security system, 57 percent reported using free products. This doesn't necessarily mean that such products are inferior to subscription-based equivalents, but it is hard to see how a company could protect PCs from malware and spam using such products exclusively.

"What worries me more are the numbers not using any type of security," says PandaLabs director, Luis Corrons.

So what are UK SMBs playing at? Beyond the software numbers, it turns out that 86 percent of UK SMBs have a firewall, which Corrons reckons many see as their primary line of defence. In companies under 10 persons, it is likely that some will also have basic packet-filtering firewall in their broadband router without realising it. An increasing number of these will come with URL filtering and blocking.

Strangely, despite the lower levels of investment in protection, the UK has one of the lowest rates of malware infection in the survey, with only 38 percent of SMBs reporting problems. Corrons' speculation is that companies without software defences might be suffering infection without knowing about it.

The International Barometer of Security in SMBs can be downloaded from the PandaLabs' website.