2010 SMB Information Protection Survey
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

2010 SMB Information Protection Survey

on

  • 5,379 views

Symantec’s 2010 Global SMB Information Protection Survey found that small and midsized businesses (SMBs with 10 to 499 employees) are now making protecting their information their highest IT ...

Symantec’s 2010 Global SMB Information Protection Survey found that small and midsized businesses (SMBs with 10 to 499 employees) are now making protecting their information their highest IT priority, as opposed to 15 months ago when a high percentage had failed to enact even the most basic safeguards. This shift makes sense as SMBs are facing increased threats from cyber attacks, lost devices and loss of confidential or proprietary data.

Statistics

Views

Total Views
5,379
Views on SlideShare
5,372
Embed Views
7

Actions

Likes
2
Downloads
163
Comments
0

2 Embeds 7

http://www.developpez.net 5
http://www.slideshare.net 2

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

2010 SMB Information Protection Survey Presentation Transcript

  • 1. 2010 SMB Information Protection Survey Key Findings (Global Results)
  • 2. Methodology • Applied Research telephone survey in May/June 2010 • 2,152 SMBs worldwide – 50% 10-99 employees – 50% 100-499 employees • 28 countries • Cross-industry • Owners, managers, IT staff, consultants 2
  • 3. Key Findings • SMBs are getting serious about information protection • Loss of crucial information is a real threat • Cyber attacks a real threat
  • 4. SMBs are serious about information protection • SMBs rank data loss and cyber attacks their top business risk • Top IT improvement areas: backup & recovery, DR, security • Two thirds of IT time spent on information protection • Median spend: $51K on information protection
  • 5. Loss of crucial business information a real threat • 74 percent somewhat/extremely concerned • 42 percent lost confidential/proprietary information in the past • 100 percent saw losses (lost revenue, direct financial costs) • Lost devices a big problem: – 62 percent lost devices within past 12 months – 100 percent have some devices that are not password protected – 100 percent have devices that couldn’t be remotely wiped of data
  • 6. Cyber attacks a real threat • 73 percent saw cyber attacks in past year – 30 percent of attacks somewhat/extremely effective • 100 percent saw losses: – Downtime, theft of corporate data, personally identifiable information • 100 percent saw direct costs: – Loss of productivity, revenue and direct financial cost • Annual cost of cyber attacks: $188,242
  • 7. Symantec’s Recommendations • Educate employees • Safeguard important business information • Implement an effective backup and recovery plan • Secure email and web assets
  • 8. Appendix: Full Results
  • 9. Information Protection Objectives
  • 10. Risks Q6: Please rank the following risks in order of significance to your organization. 100% 9% 9% 8% 90% 20% 8% 17% 18% 80% 10% 54% 70% 20% 60% 38% 24% 35% 1 2 50% 3 40% 4 20% 5 30% 30% 21% 54% 28% 20% 10% 14% 7% 10% 19% 9% 11% 7% 0% Data loss Cyber attacks Traditional criminal activity Natural disasters Terrorism
  • 11. IT improvement areas Q7: Please rate the following IT improvement areas for 2010. 1 - Absolutely unimportant 2 - Somewhat unimportant 3 - Average 4 - Somewhat important 5 - Absolutely important 100% 90% 20% 28% 24% 32% 31% 37% 38% 35% 80% 70% 26% 60% 31% 30% 31% 50% 31% 34% 32% 29% 40% 30% 30% 27% 27% 23% 18% 19% 20% 18% 20% 19% 10% 10% 11% 11% 11% 13% 13% 14% 4% 4% 4% 3% 3% 3% 3% 5% 0% Enhance our Enhance our ability Enhance our Improve our Increase our data Reduce computing Increase our Be more "green backup, recovery to resume computer security computing storage capacity costs internet and archiving computing as systems performance bandwidth systems quickly as possible after a disaster
  • 12. Expected change Q8: How would you characterize the level of change to your data protection infrastructure you expect over the next 12 months? 0% 10% 20% 30% 40% 50% Significant changes 47% Minor changes 47% Virtually no changes 7%
  • 13. Staffing & Budget
  • 14. Computer support team Q9: What percentage of your computer support team comes from each of the following? (Means shown) 0% 20% 40% 60% 80% 100% Internal staff 56% Consultants 19% Computer dealers/VARs/etc. 15% Friends 9% Other (Please indicate) 1%
  • 15. Computing staff Q10: How many different people (either inside or outside your company) work on your computing systems in your organization in all offices combined? 300 250 241.1 200 150 100 50 0 Mean
  • 16. Computing staff growth Q11: How does the number of people working on your computing systems compare to 12 months ago? 0% 10% 20% 30% 40% 50% More 12 months ago 31% About the same 24% Less 12 months ago 45%
  • 17. Expecting computing staff growth Q12: How will the number of people working on your computing systems change over the next 12 months? 0% 10% 20% 30% 40% 50% More 12 months from now 42% About the same 15% Less 12 months from now 43%
  • 18. Computer support staff Q13: What percent of your computer support staff's time is spent in each of the following areas? (Means shown) 0% 10% 20% 30% 40% 50% Computer security 27% Backup, recovery and archival tasks 24% Disaster preparedness tasks 18% Other computing tasks 31%
  • 19. Skill sets Q14a: How would you characterize your company's proficiency and capacity for each of the following computing skill sets? 1 - Extremely unskilled 2 - Somewhat unskilled 3 - Neutral 4 - Somewhat skilled 5 - Extremely skilled 100% 90% 23% 32% 35% 80% 41% 70% 60% 47% 50% 48% 40% 48% 42% 30% 20% 22% 16% 10% 13% 13% 3% 4% 7% 3% 0% 2% 1% 1% 1% Other computer areas Backup, recovery and archival Computer security Disaster preparedness
  • 20. Skill sets Q14b: How would you characterize your company's proficiency and capacity for each of the following computing skill sets? 1 - Extremely overstaffed 2 - Somewhat overstaffed 3 - Neutral 4 - Somewhat understaffed 5 - Extremely understaffed 100% 12% 13% 13% 12% 90% 80% 26% 27% 35% 29% 70% 60% 50% 40% 50% 50% 47% 30% 46% 20% 10% 9% 9% 9% 6% 0% 1% 2% 2% 2% Disaster preparedness Computer security Backup, recovery and archival Other computer areas
  • 21. Preventing factors Q15a: How important are each of these factors in terms of keeping your company from being more proficient in computer security? 1 - Not a factor at all 2 - Only slightly a factor 3 - A factor 4 - Somewhat a factor 5 - Major factor 100% 6% 15% 14% 90% 20% 19% 28% 80% 15% 33% 13% 26% 18% 70% 60% 28% 27% 33% 50% 21% 20% 27% 40% 20% 30% 24% 30% 31% 21% 26% 20% 13% 10% 15% 13% 11% 10% 11% 11% 0% We get buried in the Our staff lacks the We don't have enough We get buried in Not a priority for our We don't have enough basic day-to-day tasks requisite skill set budget emergencies company management staff
  • 22. Preventing factors Q15b: How important are each of these factors in terms of keeping your company from being more proficient in backup, restore and archival? 1 - Not a factor at all 2 - Only slightly a factor 3 - A factor 4 - Somewhat a factor 5 - Major factor 100% 4% 7% 13% 12% 13% 90% 17% 80% 30% 41% 17% 27% 25% 70% 35% 60% 50% 31% 24% 21% 33% 36% 40% 24% 30% 20% 21% 20% 32% 18% 20% 14% 10% 14% 12% 12% 14% 8% 5% 0% We get buried in the We get buried in We don't have enough Our staff lacks the We don't have enough Not a priority for our basic day-to-day tasks emergencies budget requisite skill set staff company management
  • 23. Preventing factors Q15c: How important are each of these factors in terms of keeping your company from being more proficient in disaster preparedness? 1 - Not a factor at all 2 - Only slightly a factor 3 - A factor 4 - Somewhat a factor 5 - Major factor 100% 8% 13% 90% 18% 19% 20% 26% 11% 80% 23% 70% 20% 28% 26% 26% 60% 26% 50% 28% 32% 40% 27% 28% 26% 36% 30% 20% 23% 19% 18% 25% 13% 10% 18% 10% 8% 10% 9% 6% 0% We get buried in the Our staff lacks the Not a priority for our We don't have enough We don't have enough We get buried in basic day-to-day tasks requisite skill set company management budget staff emergencies
  • 24. Preventing factors Q15d: How important are each of these factors in terms of keeping your company from being more proficient in other computer areas? 1 - Not a factor at all 2 - Only slightly a factor 3 - A factor 4 - Somewhat a factor 5 - Major factor 100% 2% 3% 9% 11% 9% 16% 90% 19% 12% 20% 13% 80% 33% 70% 28% 26% 60% 34% 34% 32% 50% 28% 21% 40% 32% 30% 23% 28% 21% 24% 23% 20% 10% 18% 21% 14% 14% 17% 12% 0% Not a priority for our We don't have enough Our staff lacks the We get buried in the We don't have enough We get buried in company management staff requisite skill set basic day-to-day tasks budget emergencies
  • 25. Annual expenses Q16: Please estimate how much you spend annually for each area. (Medians shown) $45,000 $40,000 $40,000 $35,000 $30,000 $25,000 $25,000 $20,000 $16,000 $15,000 $10,000 $10,000 $5,000 $0 General computing Computer security Backup, recovery and archival Disaster preparedness
  • 26. Expense growth Q17: What is the percentage change for each area over 2009? (Means shown) 100% 90% 80% 70% 60% 50% 40% 30% 19% 20% 17% 17% 14% 10% 0% Computer security Backup, recovery and archival General computing Disaster preparedness
  • 27. Expected expense change Q18: Looking ahead, what do you anticipate the percentage change for each area will be in 2011 when compared to 2010? (Means shown) 100% 90% 80% 70% 60% 50% 40% 30% 19% 20% 17% 16% 14% 10% 0% Computer security General computing Backup, recovery and archival Disaster preparedness
  • 28. Augmenting capacity Q19: What methods -- if any -- do you use (or plan to use) to augment your internal staff's capacity in order to accomplish more than you could on your own? 1 - Not familiar with this area 2 - Do not employ and no plans to do so 3 - Do not use this tactic, but are exploring 4 - Do not use, but plan to in the future 5 - Currently use in a minor way 6 - Currently use in a moderate way 7 - Currently use in a major way 100% 8% 9% 9% 90% 17% 14% 80% 23% 70% 16% 16% 60% 28% 15% 11% 50% 40% 16% 10% 19% 30% 15% 20% 30% 23% 10% 16% 0% 1% 2% 4% Using outside consultants Outsource our computer operations to an ISP Moving certain applications to "the cloud"
  • 29. Cyber Attacks
  • 30. Cyber attacks Q20: Characterize the quantity of cyber attacks against your organization over the past 12 months. 0% 20% 40% 60% 80% 100% No cyber attacks 27% A few cyber attacks 51% Cyber attacks on a regular basis 16% Large number of cyber attacks 5% Extremely large number of cyber attacks 2%
  • 31. Cyber attack effectiveness Q21: Rate the effectiveness of cyber attacks against your organization over the past 12 months. 0% 10% 20% 30% 40% 50% Highly ineffective 20% Somewhat ineffective 24% Neutral 26% Somewhat effective 19% Highly ieffective 11%
  • 32. Cyber attack growth Q22: Characterize the growth of cyber attacks against your organization over the past 12 months. 0% 10% 20% 30% 40% 50% Significantly decreased 7% Somewhat decreased 20% Stayed the same 48% Somewhat increased 20% Significantly increased 5%
  • 33. Cyber losses Q23: Indicate which kinds of cyber losses you have experienced in the past. (Mark all that apply.) 0% 10% 20% 30% 40% 50% Downtime of our environment 49% Theft of other corporate data 25% Theft of customer or employee PII 23% Theft of customer credit card information or other financial information 23% Theft of intellectual property 20% Theft of customer or employee PHI 16% Identity theft 14%
  • 34. Cyber attack costs Q24: Please indicate which costs your organization experienced as a result of cyber attacks in the past. (Mark all that apply.) 0% 20% 40% 60% 80% 100% Lost productivity 53% Lost revenue 27% Direct financial cost 22% Damaged reputation 21% Costs to comply with regulations after an attack 18% Loss of customer trust/damaged customer relationships 18% Litigation costs 12% Regulatory fines 12% Reduced stock price 11%
  • 35. Monetary costs Q25: Please assign a total value, in monetary terms, of each of these losses in 2009. (Means shown) $0 $50,000 $100,000 $150,000 $200,000 $250,000 Direct financial cost $194,625 Reduced stock price $145,045 Damaged reputation $133,286 Loss of customer trust/damaged customer relationships $116,121 Lost revenue $115,054 Lost productivity $63,920 Costs to comply with regulations after an attack $47,691 Litigation costs $32,429 Regulatory fines $21,279
  • 36. Cyber attack response Q26: When you have sustained a cyber attack, where do you go to find information about that type of attack and on how to respond? (Mark all that apply) 0% 20% 40% 60% 80% 100% Security software vendor site 67% Consultant, outsource vendor or reseller/VAR 44% Media 37% Blogs 32% Peers 23%
  • 37. Changing protection Q27: How has protecting your computing systems changed over the past 12 months? 0% 10% 20% 30% 40% 50% Significantly easier 15% Somewhat easier 33% Neither easier nor harder 39% Somewhat harder 11% Significantly harder 2%
  • 38. Endpoint Security
  • 39. Endpoint vulnerabilities Q29: How vulnerable to security breaches are each of these endpoints? 1 - Extremely safe and protected 2 - Somewhat safe and protected 3 - Neutral 4 - Somewhat vulnerable 5 - Extremely vulnerable 100% 4% 5% 4% 5% 4% 11% 10% 90% 26% 22% 23% 27% 27% 80% 31% 31% 70% 60% 23% 26% 35% 36% 31% 50% 17% 21% 40% 30% 28% 28% 23% 25% 26% 26% 26% 20% 10% 18% 18% 18% 14% 11% 12% 12% 0% Windows-based Windows-based Tablets like the Apple Apple Mac desktops Apple Mac laptops Smart phones PDA with no phone desktop PCs laptops iPad
  • 40. Endpoint selection and approval Q30: What is your company policy for each of the following endpoints in terms of who selects/approves devices that can be used on your network? 1 - Completely employee selected 2 - Mostly employee selected 3 - Joint effort, input from employee and company 4 - Mostly company selected 5 - Complete company selected 100% 90% 31% 28% 36% 36% 35% 37% 80% 41% 70% 60% 17% 19% 17% 18% 18% 21% 50% 19% 40% 26% 27% 21% 23% 24% 16% 20% 30% 20% 16% 18% 17% 19% 16% 15% 16% 10% 10% 9% 9% 7% 8% 9% 6% 0% PDA with no phone Apple Mac desktops Smart phones Windows-based Apple Mac laptops Tablets like the Apple Windows-based desktop PCs iPad laptops
  • 41. Endpoint selection and approval Q31: Regardless of your actual policy, in practice what percentage of your endpoints was selected by your employees vs. by the company? 1 - Completely employee selected 2 - Mostly employee selected 3 - Joint effort, input from employee and company 4 - Mostly company selected 5 - Completely company selected 100% 90% 80% 39% 39% 45% 49% 50% 46% 49% 70% 60% 50% 21% 16% 40% 19% 20% 20% 15% 15% 30% 17% 17% 15% 15% 17% 17% 17% 20% 11% 8% 10% 6% 5% 7% 6% 4% 12% 11% 8% 8% 7% 6% 7% 0% Smart phones PDA with no phone Apple Mac laptops Apple Mac desktops Windows-based Windows-based Tablets like the Apple laptops desktop PCs iPad
  • 42. Employee-selected endpoints Q31b: What is the impact of employee-selected endpoints to your organization? 1 - Extremely negative 2 - Somewhat negative 3 - Neutral 4 - Somewhat positive 5 - Extremely positive 100% 13% 12% 17% 16% 17% 19% 90% 80% 26% 25% 70% 24% 26% 28% 30% 60% 50% 37% 40% 40% 38% 37% 35% 35% 30% 20% 18% 17% 15% 15% 16% 10% 12% 5% 6% 7% 5% 5% 4% 0% Installation Purchasing Security Endpoint management Training Productivity
  • 43. Employee-selected endpoints Q32: Which types of employees are most likely to want to select their own endpoints? 1 - Extremely unlikely 2 - Somewhat unlikely 3 - Neutral 4 - Somewhat likely 5 - Extremely likely 100% 9% 15% 15% 14% 14% 90% 25% 14% 80% 36% 27% 26% 70% 31% 30% 60% 27% 46% 50% 27% 34% 32% 40% 29% 32% 29% 30% 18% 10% 20% 17% 16% 17% 16% 14% 13% 10% 22% 7% 10% 11% 5% 7% 7% 0% Owner/upper Engineering Sales Marketing Staff Accounting Other (please specify) management
  • 44. Employee-selected endpoints Q33: Which employee age group is most likely to want to select their own endpoints? 1 - Extremely unlikely 2 - Somewhat unlikely 3 - Neutral 4 - Somewhat likely 5 - Extremely likely 100% 13% 90% 18% 28% 80% 19% 70% 38% 60% 31% 50% 36% 40% 30% 23% 28% 20% 22% 10% 13% 13% 10% 5% 4% 0% Younger than 30 30 to 49 50 and older
  • 45. Password protection Q34: Which of the following endpoint devices does your company insure are password protected? 0% 20% 40% 60% 80% 100% Windows-based desktop PCs 81% Windows-based laptops 74% Apple Mac desktops 42% Apple Mac laptops 35% Smart phones 32% Tablets like the Apple iPad 23% PDA with no phone 16%
  • 46. Remote wipes Q35: In case of theft or accidental loss, which of the following endpoint devices can be remotely wiped clean of all information? 0% 20% 40% 60% 80% 100% Windows-based desktop PCs 62% Windows-based laptops 52% Smart phones 32% Apple Mac desktops 28% Apple Mac laptops 25% Tablets like the Apple iPad 18% PDA with no phone 12%
  • 47. Endpoint security safeguards Q36: Which of the following endpoint security safeguards do you use? 100% 92% 90% 80% 72% 70% 60% 50% 40% 40% 30% 20% 10% 0% Antimalware Client firewalls Client intrusion-detection
  • 48. Incidents sustained Q37: Worldwide, how many incidents/attacks have you sustained against each of these endpoints in the past 12 months? (Asked only of those who use each endpoint) 0 50 100 150 200 250 300 350 400 450 500 Windows-based desktop PCs 462 Windows-based laptops 259 Apple Mac desktops 243 Apple Mac laptops 101 PDA with no phone 31 Tablets like the Apple iPad 26 Smart phones 22
  • 49. Remediating attacks Q38: What is the average time spent by your company (or consultants on behalf of your company) remediating attacks on each of these endpoints for a single attack? (Means shown) 0 1 2 3 4 5 6 7 8 9 Windows-based desktop PCs 7.9 Windows-based laptops 7.27 PDA with no phone 7 Apple Mac laptops 6.96 Tablets like the Apple iPad 6.88 Smart phones 6.09 Apple Mac desktops 6.07
  • 50. Improper configurations Q39: What percentage of the aforementioned attacks was the result of improper configurations such as missed OS patches, incorrect security settings, out of date virus profiles, etc.? 100% 90% 80% 70% 60% 50% 40% 30% 26% 20% 10% 0% Mean
  • 51. Lost and stolen devices Q40: How many of each of these mobile devices are lost or stolen worldwide within your organization annually? (Means shown) 0 5 10 15 20 25 30 PDA with no phone 26.88 Windows-based laptops 23.57 Apple Mac desktops 22.23 Tablets like the Apple iPad 21.55 Windows-based desktop PCs 20.55 Smart phones 19.96 Apple Mac laptops 18.63
  • 52. Windows 7 Q41: What are your plans for Windows 7? 0% 10% 20% 30% 40% 50% No plans to upgrade to Windows 7 at this time 18% We are currently discussing if and when we will upgrade to Windows 7 28% We plan to upgrade after Windows 7 SP2 is released 15% We plan to upgrade after Windows 7 SP1 is released 9% We plan to upgrade to the current version of Windows 7 8% We are currently in the process of upgrading to Windows 7 13% We have already upgraded to Windows 7 9%
  • 53. Windows 7 Q42: How do you think Windows 7 will affect endpoint security? 0% 10% 20% 30% 40% 50% Significantly improve security 21% Somewhat improve security 46% Neither improve nor worsen security 29% Somewhat worsen security 3% Significantly worsen security 1%
  • 54. Confidential/proprietary data Q43: How concerned are you regarding the loss of confidential/proprietary data? 0% 10% 20% 30% 40% 50% Extremely concerned 36% Somewhat concerned 38% Neutral 22% Somewhat unconcerned 4% Extremely unconcerned 1%
  • 55. Confidential/proprietary data Q44: Have you lost confidential/proprietary data in the past? Yes 42% No 58%
  • 56. Confidential/proprietary data Q45: What percentage of your past losses of confidential/proprietary data have come from each of the following areas? (Means shown) 0% 10% 20% 30% 40% 50% Outsider illegally took data 24% Insider accidentally lost data 21% Insider illegally took data 19% Partner company accidentally lost data 13% Partner company illegally took data 12% Broken business process exposed confidential information 12%
  • 57. Consequences of data loss Q46: What have been the consequences of data loss to your organization? (Mark all that apply.) 0% 10% 20% 30% 40% 50% Lost revenue 46% Damaged brand reputation 40% Direct financial cost 40% Loss of customer trust/damaged customer relationships 38% Litigation costs 28% Lost productivity 27% Loss of organization, customer or employee data 25% Costs to comply with regulations after a data loss incident 21% Regulatory fines 20% Reduced stock price 5%
  • 58. Messaging/Collaboration Security
  • 59. Email systems Q47: What kind of email systems are used within your organization? (Mark all that apply.) 0% 20% 40% 60% 80% 100% Client-Server corporate email system 76% Web-based consumer mail system 38% SaaS corporate email system 30%
  • 60. Email systems Q48: Which client-server corporate email system(s) do you use? 0% 20% 40% 60% 80% 100% Microsoft Exchange 82% IBM Lotus Domino 20% Other (Please specify) 10%
  • 61. Email systems Q49: Which SaaS corporate email system(s) do you use? 0% 10% 20% 30% 40% 50% Google Business Email 45% Cisco WebEx 35% Other (Please specify) 20% SaaS option offered by your ISP 17% LotusLive iNotes 16%
  • 62. Email systems Q50: Which web email system(s) do you use? 0% 20% 40% 60% 80% 100% Gmail 52% Yahoo! Mail 45% Windows Live Hotmail 41% Other (Please specify) 16% AOL Mail 11%
  • 63. Collaboration systems Q51: What kind of collaboration systems are used within your organization? (Mark all that apply.) 0% 20% 40% 60% 80% 100% Microsoft SharePoint 71% IBM Lotus Domino/Notes 25% Other (Please specify) 17%
  • 64. Instant messaging Q52: What Instant Messaging (IM) systems are used officially within your organization? 0% 10% 20% 30% 40% 50% Windows Live Messenger 41% Yahoo! 35% Google Talk 34% Other (Please specify) 17% AIM (AOL Instant Messenger) 17% Microsoft Office Communications Server (OCS) 17% ICQ 9% IBM Lotus Sametime 8% QQ 5% OCS 3%
  • 65. Social media tools Q53: Which of the following social media tools are used within your organization? 0% 20% 40% 60% 80% 100% 45% Microblogging 46% 51% Blogs 38% Unofficially (for personal use) 39% Podcasts Officially (for business use) 35% 59% Social networking sites 39% 50% Multimedia sharing sites 34%
  • 66. Social networking Q54: Which social networking sites are used within your organization? 0% 20% 40% 60% 80% 100% 37% LinkedIn 46% 61% Facebook 41% Unofficially (for personal use) Officially (for business use) 47% MySpace 25% 10% Other (Please specify) 3%
  • 67. Security threats Q55: How would you rate the security threat for each messaging/collaboration tool? 1 - Extremely low 2 - Somewhat low 3 - Neutral 4 - Somewhat high 5 - Extremely high 100% 11% 10% 10% 8% 15% 15% 13% 12% 90% 17% 80% 24% 26% 25% 32% 28% 70% 31% 36% 34% 30% 60% 50% 45% 47% 40% 44% 37% 42% 38% 31% 38% 34% 30% 20% 15% 14% 13% 15% 13% 10% 11% 10% 13% 13% 5% 5% 6% 5% 7% 6% 6% 5% 7% 0% Web-based Client-server Social Instant SaaS corporate Microblogging Blogs Corporate Podcasts consumer email corporate email networking sites messaging email systems collaboration systems suite
  • 68. Messaging/collaboration tools Q56: How many individual security incidents have you experienced worldwide within your organization for each of these messaging/collaboration tools in the past 12 months? (Means shown) 0 20 40 60 80 100 120 140 160 SaaS corporate email systems 137 Client-server corporate email systems 121 Instant messaging 105 Web-based consumer email 82 Social networking sites 44 Microblogging 43 Blogs 40 Podcasts 33 Corporate collaboration suite 25
  • 69. Messaging/collaboration tools Q57: How well-protected are you for each of these messaging/collaboration tools? 1 - Extemely protected 2 - Somewhat protected 3 - Neutral 4 - Somewhat unprotected 5 - Extremely unprotected 100% 2% 3% 2% 2% 1% 1% 1% 1% 4% 6% 3% 3% 9% 8% 7% 10% 9% 90% 10% 22% 80% 34% 33% 37% 70% 39% 40% 44% 46% 46% 60% 41% 50% 38% 40% 39% 35% 33% 30% 29% 28% 28% 26% 20% 33% 10% 21% 24% 17% 16% 17% 16% 19% 15% 0% Social Microblogging Blogs Instant Podcasts Web-based Corporate Client-server SaaS corporate networking sites messaging consumer email collaboration corporate email email systems suite systems
  • 70. Backup, Recovery, and Archiving
  • 71. Backup/archiving solutions Q58: What is your status regarding the following solutions in your organization? 1 - Not sure what this solution does 2 - Not installed and no plans to do so 3 - Discussing 4 - Implementing 5 - Already installed 100% 90% 80% 53% 70% 62% 69% 60% 50% 40% 23% 30% 20% 20% 21% 17% 12% 10% 8% 5% 7% 0% 2% 0% 1% 1% Backup and recovery of data Backup and recovery of systems Archiving
  • 72. Data backup Q59: How often does your company back up its data? 0% 10% 20% 30% 40% 50% Never 47% Daily 31% Weekly 16% Monthly 6% Quarterly 0% Annually 1% Once in a long while 0%
  • 73. Data backup Q60: Where do you store your information once you back up your files? (Mark all that apply.) 0% 20% 40% 60% 80% 100% Network storage (hard disk) 63% Portable hard disk 42% Tape 35% DVDs or BluRay 27% We store data online with a service provider 17% Other (Please specify) 1%
  • 74. Data backup Q61: What percentage of company/customer information on your computer is regularly backed up? 100% 90% 80% 72% 70% 60% 50% 40% 30% 20% 10% 0% Mean
  • 75. Deduplication Q62: What is the status of your company's use of "deduplication" technology? 0% 10% 20% 30% 40% 50% Not installed and no plans to do so 13% Discussing 22% Implementing 28% Already installed 32% Not sure what this solution does 4%
  • 76. Backup recovery Q62b: In the past 12 months, how many times have you needed to recover one or more files from your backup media? 18 16.87 16 14 12 10 8 6 4 2 0 Mean
  • 77. Backup recovery Q63: In the past 12 months, how many times has the recovery process failed? 6 5.37 5 4 3 2 1 0 Mean
  • 78. Backup recovery Q64: What were the consequences of these recovery failures? (Mark all that apply.) 0% 20% 40% 60% 80% 100% Lost productivity 74% Financial loss 45% Embarrassment 32%
  • 79. Backup applications Q65: What application do you use for backup? 0% 10% 20% 30% 40% 50% Microsoft Data Protection Manager 22% Symantec Backup Exec 15% Symantec Backup Exec System Recovery 12% HP Data Protector 10% Other (Please specify) 10% IBM Tivoli Storage Manager 9% Symantec NetBackup 8% EMC Networker 5% CA ARCserve 4% EMC Avamar 3% CommVault Simpana 3%
  • 80. Data backup Q66: Why don't you back up your data? 0% 10% 20% 30% 40% 50% Never occurred to us to do so 39% Our data is not that critical to our business 15% Not a priority 15% Lack of skills/unqualified personnel 15% Lack of resources 8% Lack of time 6% Other (Please specify) 0%
  • 81. Archiving Q67: Which of the following features are needed for an archiving system to be complete? 1 - Not required, not necessary 2 - Optional, but nice to have 3 - Required 100% 90% 80% 45% 43% 50% 70% 65% 60% 50% 40% 48% 30% 43% 48% 20% 31% 10% 8% 7% 9% 0% 4% Moving files off primary storage to Providing tools to facilitate the Deduplication/compression Active management of the archived another hard disk for long-term recovery of archived information for information storage eDiscovery requests
  • 82. Archiving Q68: What do you use to archive information in your organization? 0% 20% 40% 60% 80% 100% We use our backup software 50% We use software designed specifically for archiving 48% Other (Please specify) 3%
  • 83. Archiving Q69: Which archiving solution do you use? 0% 10% 20% 30% 40% 50% Microsoft Exchange 33% Symantec Enterprise Vault 15% Other (Please specify) 15% IBM CommonStore 10% CommVault Simpana 7% Autonomy Zantaz EAS 6% EMC EmailXtender 6% EMC Source One 5% Autonomy/Zantaz Digital Safe 4% Mimosa NearPoint 1%
  • 84. Backup vs. Archiving solutions Q70: Why do you use backup software for your archiving needs instead of a specific archiving solution? 0% 20% 40% 60% 80% 100% I can use existing staff/resources 52% It is good enough 47% Using my backup solution doesn't require new training 42% Cost issues 34% Takes less time 17% Other (Please specify) 3%
  • 85. Disaster Preparedness
  • 86. Natural disasters Q71: Is your region susceptible to natural disasters? No 48% Yes 52%
  • 87. Disaster preparedness Q72: What is the state of your data center's disaster preparedness plan (actions taken during an event)? 0% 10% 20% 30% 40% 50% We don't have one. 13% We have a general plan, but it is informal or undocumented. 30% We have a written plan, but it needs work. 18% We have a written plan that is "average." 15% We have a written plan that is "pretty good." 15% We have a written plan that is "excellent." 8%
  • 88. Disaster preparedness Q73: What has kept you from developing a plan or formal process to deal with outages or disruptions to your computer resources? (Mark all that apply.) 0% 10% 20% 30% 40% 50% Not a priority 36% Never occurred to us to have one 25% Our computer systems are not that critical to our business 25% Lack of resources 24% Lack of skills/unqualified personnel 19% Other (Please specify) 8%
  • 89. Disaster recovery Q74: How confident are you in your organization's disaster recovery plan? 100% 90% 80% 70% 64% 60% 50% 40% 30% 20% 10% 0% Mean
  • 90. Disaster recovery testing Q75: How often do you test your DR plan? 0% 10% 20% 30% 40% 50% Never 18% Every few years 12% Once a year 18% Twice a year 15% 3 times a year 7% Quarterly 15% Every other month 3% Monthly 5% Twice a month 3% Weekly 3% More than weekly 1%
  • 91. Disaster declarations Q76: How many times have you had to declare a disaster and perform recovery operations at a recovery site in the past five years? 8 7 6.69 6 5 4 3 2 1 0 Mean
  • 92. Disaster causes Q77: What were the causes of these disasters? (Mark all that apply.) 0% 20% 40% 60% 80% 100% Power failure 53% Computer hardware failure 37% Network failure 29% Computer software failure 25% User/operator error 22% Malicious employee behavior 13% Flood 12% Winter storm 10% Fire 10% Hurricane 9% Data leakage or loss 9% Earthquake 5% Terrorism or war 3% Tornado 3% Chemical spill 2%
  • 93. Disaster recovery Q78: In general, how well did your disaster recovery plan work? 0% 10% 20% 30% 40% 50% Significantly poorly 3% Somewhat poorly 11% Neutral 33% Somewhat well 32% Significantly well 21%