This document summarizes survey results about SMB security technology use and plans. It finds that while most SMBs prioritize basic security like antivirus, a group of "security intensive" SMBs in fields like engineering and healthcare devote more resources to security. These intensives are more likely to have IT staff, networks, and cloud services. They currently use and plan to adopt more advanced security technologies at higher rates than average SMBs, especially mid-sized businesses. The document concludes SMBs recognize the importance of security but need guidance on effective solutions as risks grow with mobility and online activities.

1. SMB Security Opportunity –
Use and Plans for Solutions and Profile
of "Security Intensives"

2. Agenda
• SMB definition
• The “Four Pillars” and security implications for SMBs
• Technology spend priorities – Security importance
• SMB “Security intensives” profile – Technology use,
share of different SMB verticals
• Current and planned security capabilities – SB vs. MB
• Security intensives vs. total SMBs -- Current and
planned security capabilities
• Essential Guidance
2

3. Midsize Business (100–999)
102 thousand
Small Business
(1-99 emp)
Consumer
Households
6.2 million
22.4 million
115 million
Large Business (1,000+) 9 thousand
U.S. Market Pyramid for Year-End 2012
– Company Counts
Home business/
Zero empl
IT spending increases
with size, number of
firms decreases
Source: US Dept of Commerce BLS, IDC, 2013
3

4. Four Pillars For SMB Success –
Security Key for Mobility and Cloud
Down from Enterprise:
Cloud and Big Data
Up from Consumer:
Social and Mobile
SMB Productivity
Remote/Mobile Worker Dynamics
+ Changing Employee/Employer Roles
Social Mobile Big DataCloud
4

5. US SMB Top Technology Spending
Priorities: “Keep Lights On,” Then Expand
Total SMB
Small Bus
(<100 emp)
Mid-Sized Bus
(100-999 emp)
Large Bus
1000-4999 emp
Upgrade PCs 45.4% 38.8% 37.0%
Enhance servers/network infrastructure 11.4% 33.1% 39.4%
Increase storage capacity/Improve
storage management
11.3% 24.3% 36.9%
Improve network security/Security mgt 17.3% 31.4% 38.0%
Support for employee-owned
devices/BYOD
4.3% 15.1% 22.7%
Expand use of GoogleApps/Free
resources
10.3% 4.2% 7.9%
Increase use of online/off-prem resources 9.0% 22.8% 39.3%
Off prem interest similar for infrastructure, pers productivity, collab
Source: IDC’s SMB Survey, 2012
5

6. Share of “Security Intensive” SMBs by
Vertical (Percent Citing Security as Top Priority)
Total: 17.4% for all SMBs Share of SMBs
Agriculture/Mining/Construction 17.3%
Manufacturing 16.2%
Communications 43.5%
Banking/Finance/Securities 20.1%
Architecture/Engineering 71.7%
Legal Services 24.8%
Healthcare 42.1%
Wholesale Trade 32.8%
Retail Trade 9.0%
Other Consumer Svcs/Entertainment/Accommodation 16.3%
Other Prof/Tech/Scientific services 28.1%
Other Business Services 6.1%
Real estate & Insur <10%
Source: IDC’s SMB Survey, 2012
6

7. Technology Use and IT Resources:
Total SB & MB vs. “Security Intensives”
Total
SBs
SB Security
Intensives
Total
MBs
MB Security
Intensives
Have Full time IT Staff 11.9% 24.9% 85.8% 92.1%
Local Area Network Use 51.3% 70.9% 75.1% 90.1%
Mean Number of Servers 2.2 3.0 16.7 13.1
Use Server Virtualization 32.0% 39.6% 71.1% 68.2%
Use Cloud-Based
Services
12.6% 15.8% 48.1% 55.3%
SB Security intensives show much higher tech use than SB Total, but
MBs don’t show as much difference (except in LAN penetration)
Source: IDC’s SMB Survey, 2012
77

8. Top Security Capabilities Used by SMBs
Small Bus Mid-Sized Bus
Network antimalware (anti-virus, anti-spoof etc 62.8% 57.6%
Endpoint/PC desktop/notebook antimalware 45.1% 43.5%
Network firewall 53.5% 57.3%
Anti-spam gateway (block unsolicited email) 44.4% 46.3%
Internet site blocking – URL Filtering 21.1% 33.6%
Network intrusion detection/prevention 19.6% 39.3%
Email based Data loss prevention – DLP 10.6% 25.9%
Network based DLP 3.5% 20.0%
Email scanning for viruses/other malware 53.3% 51.8%
SSL for secure ecommerce transactions 11.4% 25.1%
Email encryption 11.6% 23.0%
Multiple response, of courseSource: IDC’s SMB Survey, 2012
8

9. Top Security Capabilities Planned for
Purchase by SMBs in Next 12 Months
Small Bus Mid-Sized Bus
Network antimalware (anti-virus, anti-spoof etc 11.3% 16.6%
Endpoint/PC desktop/notebook antimalware 5.7% 15.6%
Network firewall 4.4% 16.5%
Anti-spam gateway (block unsolicited email) 6.0% 15.7%
Internet site blocking – URL Filtering 2.8% 16.5%
Network intrusion detection/prevention 6.9% 22.2%
Email based Data loss prevention – DLP 4.7% 15.9%
Network based DLP 3.5% 11.2%
Email scanning for viruses/other malware 5.0% 15.0%
SSL for secure ecommerce transactions 4.8% 11.9%
Email encryption 6.4% 13.7%
Source: IDC’s SMB Survey, 2012 Double digit for MBs for all!
9

10. Top Security Capabilities Used by
SMBs – Part 2
Small Bus
Mid-Sized
Bus
EV (Extended Validation) SSL certificate 5.0% 15.2%
Identity and access management (IAM) 6.1% 14.6%
Patch management 4.6% 16.7%
Device vulnerability assessment 5.9% 12.0%
Web application vulerability assessment 5.6% 15.0%
Laptop encryption (full disk encryption) 6.0% 17.7%
Mobile device management 7.1% 17.9%
Single sign on (easier access to multiple
resources)
5.0% 13.7%
Two factor authentication 3.1% 7.9%
Mid Size use 2-3X SB use
Source: IDC’s SMB Survey, 2012
10

11. Security Capabilities Planned for
Purchase by SMBs – Part 2
Small Bus Mid-Sized Bus
EV (Extended Validation) SSL certificate 2.3% 11.3%
Identity and access management (IAM) 3.6% 8.5%
Patch management 2.2% 13.1%
Device vulnerability assessment 1.8% 7.4%
Web application vulerability assessment 2.8% 6.0%
Laptop encryption (full disk encryption) 4.4% 11.9%
Mobile device management 7.7% 17.9%
Single sign on (easier access to multiple
resources)
2.1% 5.7%
Two factor authentication 1.8% 7.8%
Source: IDC’s SMB Survey, 2012
11

12. Share of SMB Security Spending by Type
SBs MBs
Hardware 24.8% 27.1%
Software 54.2% 38.9%
SaaS 5.1% 14.8%
Services 16.0% 19.1%
Software key for all, but note SaaS use by MBs,
Services too
Source: IDC’s SMB Survey, 2012
1212

13. Share of SMB Security Spending by
Type – Total vs. “Security Intensives”
Total
SBs
SB Security
Intensives
Total
MBs
MB Security
Intensives
Hardware 24.8% 24.2% 27.1% 26.7%
Software 54.2% 49.8% 38.9% 36.1%
SaaS 5.1% 9.2% 14.8% 16.8%
Services 16.0% 16.9% 19.1% 20.5%
Security intensives cite “Improve Network Security/Security
Management” as a top IT spending priority for next 12 months:
17.3% SBs
31.4% MBs
Source: IDC’s SMB Survey, 2012
1313

14. Security Products Planned for Purchase by
SMBs vs SMB “Security Intensives” Pt 1
Planned for Acquire in Next
12 Months
Total
SB
SB Security
Intensives
Total
MB
MB Security
Intensives
Network antimalware (anti-virus,
anti-spoof etc
11.3% 18.4% 16.6% 25.1%
Endpoint/PC desktop/notebook
antimalware
5.7% 7.6% 15.6% 11.7%
Network firewall 4.4% 6.4% 16.5% 20.0%
Anti-spam gateway (block
unsolicited email)
6.0% 4.9% 15.7% 17.1%
Internet site blocking – URL
Filtering
2.8% 6.1% 16.5% 19.0%
Network intrusion
detection/prevention
6.9% 17.8% 22.2% 30.5%
Email based Data loss prevention
– DLP
4.7% 6.5% 15.9% 21.4%
Double digit for MBs for all!Source: IDC’s SMB Survey, 2012
14

15. Security Products Planned for Purchase by
SMBs vs SMB “Security Intensives” Pt 2
Planned for Acquire in Next
12 Months
Total
SB
SB Security
Intensive
Total
MB
MB Security
Intensive
Network based DLP 3.5% 6.7% 11.2% 13.0%
Email scanning for viruses/other
malware
5.0% 9.7% 15.0% 17.2%
SSL for secure ecommerce
transactions
4.8% 6.9% 11.9% 23.7%
Email encryption 6.4% 11.3% 13.7% 19.2%
EV (Extended Validation) SSL
certificate
2.3% 6.0% 11.3% 17.2%
Identity and access management
(IAM)
3.6% 5.8% 8.5% 8.1%
Patch management 2.2% 6.5% 13.1% 16.8%
Double digit for MBs for all but IAM
Source: IDC’s SMB Survey, 2012
15

16. Security Products Planned for Purchase by
SMBs vs SMB “Security Intensives” Pt 3
Planned for Acquire in Next
12 Months
Total
SB
SB Security
Intensive
Total
MB
MB Security
Intensive
Device vulnerability assessment 1.8% 4.0% 7.4% 8.3%
Web application vulerability
assessment
2.8% 4.9% 6.0% 8.4%
Laptop encryption (full disk
encryption)
4.4% 10.3% 11.9% 17.9%
Mobile device management 7.7% 15.9% 17.9% 24.0%
Single sign on (easier access to
multiple resources)
2.1% 4.1% 5.7% 2.9%
Two factor authentication 1.8% 5.0% 7.8% 9.8%
Source: IDC’s SMB Survey, 2012
16

17. Essential Guidance: Key Takeaways
for SMB Security Providers
• Great SMB interest in harnessing
technology better – but question of
best ways how? Security shifting from
defense to enabler.
• Online security resource access will
be of increasing interest – Shifting
share of security spending with SaaS
share on the rise.
• Multidimensional aspect of security
risks makes comprehensive coverage
more of a challenge. Mobility
(endpoint) as well as network
coverage will be key as SMB refine
company security strategy.
17