2010 smb information protection survey
DESCRIPTION
Symantec’s 2010 Global SMB Information Protection Survey found that small and midsized businesses (SMBs with 10 to 499 employees) are now making protecting their information their highest IT priority, as opposed to 15 months ago when a high percentage had failed to enact even the most basic safeguards. This shift makes sense as SMBs are facing increased threats from cyber attacks, lost devices and loss of confidential or proprietary data.TRANSCRIPT
2010 SMB Information Protection Survey
Key Findings (Global Results)
Methodology
• Applied Research telephone survey in May/June 2010
• 2,152 SMBs worldwide
– 50% 10-99 employees
– 50% 100-499 employees
• 28 countries
• Cross-industry
• Owners, managers, IT staff, consultants
2
Key Findings
• SMBs are getting serious about information protection
• Loss of crucial information is a real threat
• Cyber attacks a real threat
SMBs are serious about information protection
• SMBs rank data loss and cyber attacks their top business risk
• Top IT improvement areas: backup & recovery, DR, security
• Two thirds of IT time spent on information protection
• Median spend: $51K on information protection
Loss of crucial business information a real threat
• 74 percent somewhat/extremely concerned
• 42 percent lost confidential/proprietary information in the past
• 100 percent saw losses (lost revenue, direct financial costs)
• Lost devices a big problem:
– 62 percent lost devices within past 12 months
– 100 percent have some devices that are not password protected
– 100 percent have devices that couldn’t be remotely wiped of data
Cyber attacks a real threat
• 73 percent saw cyber attacks in past year
– 30 percent of attacks somewhat/extremely effective
• 100 percent saw losses:
– Downtime, theft of corporate data, personally identifiable information
• 100 percent saw direct costs:
– Loss of productivity, revenue and direct financial cost
• Annual cost of cyber attacks: $188,242
Symantec’s Recommendations
• Educate employees
• Safeguard important business information
• Implement an effective backup and recovery plan
• Secure email and web assets
Appendix: Full Results
Information Protection Objectives
Risks
9% 7%11%
19%
54%
7%14%
28%
30%
20%
10%
21%
35%24%
10%
20%
38%
17% 18%
8%
54%
20%
9% 9% 8%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Data loss Cyber attacks Traditional criminal activity Natural disasters Terrorism
Q6: Please rank the following risks in order of significance to your organization.
1
2
3
4
5
IT improvement areas
4% 4% 4% 3% 3% 3% 3% 5%
10% 11% 11% 11% 13% 13% 14%19%
18% 18% 19% 20%23%
27% 27%
30%
32% 29% 31% 34%31%
30%31%
26%
37% 38% 35% 32% 31% 28% 24%20%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Enhance our backup, recovery
and archiving systems
Enhance our ability to resume
computing as quickly as possible
after a disaster
Enhance our computer security
systems
Improve our computing
performance
Increase our data storage capacity
Reduce computing costs
Increase our internet
bandwidth
Be more "green
Q7: Please rate the following IT improvement areas for 2010.
1 - Absolutely unimportant 2 - Somewhat unimportant 3 - Average 4 - Somewhat important 5 - Absolutely important
Expected change
47%
47%
7%
0% 10% 20% 30% 40% 50%
Significant changes
Minor changes
Virtually no changes
Q8: How would you characterize the level of change to your data protection infrastructure you expect over the next 12 months?
Staffing & Budget
Computer support team
56%
19%
15%
9%
1%
0% 20% 40% 60% 80% 100%
Internal staff
Consultants
Computer dealers/VARs/etc.
Friends
Other (Please indicate)
Q9: What percentage of your computer support team comes from each of the following?
(Means shown)
Computing staff
241.1
0
50
100
150
200
250
300
Mean
Q10: How many different people (either inside or outside your company) work on your computing systems in your organization in all
offices combined?
Computing staff growth
31%
24%
45%
0% 10% 20% 30% 40% 50%
More 12 months ago
About the same
Less 12 months ago
Q11: How does the number of people working on your computing systems compare to 12 months ago?
Expecting computing staff growth
42%
15%
43%
0% 10% 20% 30% 40% 50%
More 12 months from now
About the same
Less 12 months from now
Q12: How will the number of people working on your computing systems change over the next 12 months?
Computer support staff
27%
24%
18%
31%
0% 10% 20% 30% 40% 50%
Computer security
Backup, recovery and archival tasks
Disaster preparedness tasks
Other computing tasks
Q13: What percent of your computer support staff's time is spent in each of the following areas?
(Means shown)
Skill sets
2% 1% 1% 1%3% 3% 4% 7%
13% 13%16%
22%
42%48%
48%
47%
41%35%
32%
23%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Other computer areas Backup, recovery and archival Computer security Disaster preparedness
Q14a: How would you characterize your company's proficiency and capacity for each of the following computing skill sets?
1 - Extremely unskilled 2 - Somewhat unskilled 3 - Neutral 4 - Somewhat skilled 5 - Extremely skilled
Skill sets
1% 2% 2% 2%6%
9% 9% 9%
46%47% 50% 50%
35% 29% 26% 27%
12% 13% 13% 12%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Disaster preparedness Computer security Backup, recovery and archival Other computer areas
Q14b: How would you characterize your company's proficiency and capacity for each of the following computing skill sets?
1 - Extremely overstaffed 2 - Somewhat overstaffed 3 - Neutral 4 - Somewhat understaffed 5 - Extremely understaffed
Preventing factors
11%15%
10%13% 11% 11%
13%
24%31% 21% 30% 26%
20%
20%21%
27%
27% 33%28%
26% 18%
33%13%
15%
28%
15%20%
6%
19%14%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
We get buried in the basic day-to-day tasks
Our staff lacks the requisite skill set
We don't have enough budget
We get buried in emergencies
Not a priority for our company management
We don't have enough staff
Q15a: How important are each of these factors in terms of keeping your company from being more proficient in computer security?
1 - Not a factor at all 2 - Only slightly a factor 3 - A factor 4 - Somewhat a factor 5 - Major factor
Preventing factors
8%14%
5%12% 12% 14%
20%
20%32%
14%18%
21%
24%
21%24%
36%33%
31%
35%
41%27% 25%
30%17%
13%
4%12% 13%
7%
17%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
We get buried in the basic day-to-day tasks
We get buried in emergencies
We don't have enough budget
Our staff lacks the requisite skill set
We don't have enough staff
Not a priority for our company management
Q15b: How important are each of these factors in terms of keeping your company from being more proficient in backup, restore and archival?
1 - Not a factor at all 2 - Only slightly a factor 3 - A factor 4 - Somewhat a factor 5 - Major factor
Preventing factors
10% 8% 10% 9% 6%
18%
13%19% 18%
23%25%
36%26%
27% 28%
28% 32%
26%
26%
28% 26%20%
23%
11%26%18% 19% 20%
13%8%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
We get buried in the basic day-to-day tasks
Our staff lacks the requisite skill set
Not a priority for our company management
We don't have enough budget
We don't have enough staff
We get buried in emergencies
Q15c: How important are each of these factors in terms of keeping your company from being more proficient in disaster preparedness?
1 - Not a factor at all 2 - Only slightly a factor 3 - A factor 4 - Somewhat a factor 5 - Major factor
Preventing factors
12% 14% 14% 18% 21%17%
23% 21% 24%23%
32%
28%
21%28%
32%34%
26%
34%
28%
33% 20% 13%12%
19%16%
3%9% 11% 9%
2%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Not a priority for our company management
We don't have enough staff
Our staff lacks the requisite skill set
We get buried in the basic day-to-day tasks
We don't have enough budget
We get buried in emergencies
Q15d: How important are each of these factors in terms of keeping your company from being more proficient in other computer areas?
1 - Not a factor at all 2 - Only slightly a factor 3 - A factor 4 - Somewhat a factor 5 - Major factor
Annual expenses
$40,000
$25,000
$16,000
$10,000
$0
$5,000
$10,000
$15,000
$20,000
$25,000
$30,000
$35,000
$40,000
$45,000
General computing Computer security Backup, recovery and archival Disaster preparedness
Q16: Please estimate how much you spend annually for each area.(Medians shown)
Expense growth
19%17% 17%
14%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Computer security Backup, recovery and archival General computing Disaster preparedness
Q17: What is the percentage change for each area over 2009?(Means shown)
Expected expense change
19%17% 16%
14%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Computer security General computing Backup, recovery and archival Disaster preparedness
Q18: Looking ahead, what do you anticipate the percentage change for each area will be in 2011 when compared to 2010?
(Means shown)
Augmenting capacity
1% 2% 4%
16%
30% 23%
15%
16%19%10%
11% 15%28%
16%16%
23% 17% 14%
8% 9% 9%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Using outside consultants Outsource our computer operations to an ISP Moving certain applications to "the cloud"
Q19: What methods -- if any -- do you use (or plan to use) to augment your internal staff's capacity in order to accomplish more than you could
on your own?
1 - Not familiar with this area 2 - Do not employ and no plans to do so 3 - Do not use this tactic, but are exploring
4 - Do not use, but plan to in the future 5 - Currently use in a minor way 6 - Currently use in a moderate way
7 - Currently use in a major way
Cyber Attacks
Cyber attacks
27%
51%
16%
5%
2%
0% 20% 40% 60% 80% 100%
No cyber attacks
A few cyber attacks
Cyber attacks on a regular basis
Large number of cyber attacks
Extremely large number of cyber attacks
Q20: Characterize the quantity of cyber attacks against your organization over the past 12 months.
Cyber attack effectiveness
20%
24%
26%
19%
11%
0% 10% 20% 30% 40% 50%
Highly ineffective
Somewhat ineffective
Neutral
Somewhat effective
Highly ieffective
Q21: Rate the effectiveness of cyber attacks against your organization over the past 12 months.
Cyber attack growth
7%
20%
48%
20%
5%
0% 10% 20% 30% 40% 50%
Significantly decreased
Somewhat decreased
Stayed the same
Somewhat increased
Significantly increased
Q22: Characterize the growth of cyber attacks against your organization over the past 12 months.
Cyber losses
49%
25%
23%
23%
20%
16%
14%
0% 10% 20% 30% 40% 50%
Downtime of our environment
Theft of other corporate data
Theft of customer or employee PII
Theft of customer credit card information or other financial information
Theft of intellectual property
Theft of customer or employee PHI
Identity theft
Q23: Indicate which kinds of cyber losses you have experienced in the past.
(Mark all that apply.)
Cyber attack costs
53%
27%
22%
21%
18%
18%
12%
12%
11%
0% 20% 40% 60% 80% 100%
Lost productivity
Lost revenue
Direct financial cost
Damaged reputation
Costs to comply with regulations after an attack
Loss of customer trust/damaged customer relationships
Litigation costs
Regulatory fines
Reduced stock price
Q24: Please indicate which costs your organization experienced as a result of cyber attacks in the past.
(Mark all that apply.)
Monetary costs
$194,625
$145,045
$133,286
$116,121
$115,054
$63,920
$47,691
$32,429
$21,279
$0 $50,000 $100,000 $150,000 $200,000 $250,000
Direct financial cost
Reduced stock price
Damaged reputation
Loss of customer trust/damaged customer relationships
Lost revenue
Lost productivity
Costs to comply with regulations after an attack
Litigation costs
Regulatory fines
Q25: Please assign a total value, in monetary terms, of each of these losses in 2009.(Means shown)
Cyber attack response
67%
44%
37%
32%
23%
0% 20% 40% 60% 80% 100%
Security software vendor site
Consultant, outsource vendor or reseller/VAR
Media
Blogs
Peers
Q26: When you have sustained a cyber attack, where do you go to find information about that type of attack and on how to respond?
(Mark all that apply)
Changing protection
15%
33%
39%
11%
2%
0% 10% 20% 30% 40% 50%
Significantly easier
Somewhat easier
Neither easier nor harder
Somewhat harder
Significantly harder
Q27: How has protecting your computing systems changed over the past 12 months?
Endpoint Security
Endpoint vulnerabilities
18%14% 11%
18% 18%12% 12%
23%25%
26%
28% 28%
26% 26%
17% 21%
31%
23% 26%35% 36%
31% 31%
27% 27% 26% 22% 23%
11% 10%4% 5% 4% 5% 4%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Windows-based desktop PCs
Windows-based laptops
Tablets like the Apple iPad
Apple Mac desktops Apple Mac laptops Smart phones PDA with no phone
Q29: How vulnerable to security breaches are each of these endpoints?
1 - Extremely safe and protected 2 - Somewhat safe and protected 3 - Neutral 4 - Somewhat vulnerable 5 - Extremely vulnerable
Endpoint selection and approval
10% 9% 9% 7% 8% 9% 6%
16% 18% 17% 19% 16% 15% 16%
26%21%
27%
16%23% 24%
20%
17%
17%
19%
19%
18% 18%21%
31%36%
28%
41%36% 35% 37%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
PDA with no phone Apple Mac desktops Smart phones Windows-based desktop PCs
Apple Mac laptops Tablets like the Apple iPad
Windows-based laptops
Q30: What is your company policy for each of the following endpoints in terms of who selects/approves devices that can be used on your
network?
1 - Completely employee selected 2 - Mostly employee selected
3 - Joint effort, input from employee and company 4 - Mostly company selected
5 - Complete company selected
Endpoint selection and approval
12% 11% 8% 8% 6% 7% 7%
11% 8%6% 5% 7% 6% 4%
17% 17%
15% 15% 17% 17% 17%
21% 16%
19%15% 20% 20% 15%
39% 39%45%
49% 49% 50% 46%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Smart phones PDA with no phone Apple Mac laptops Apple Mac desktops Windows-based laptops
Windows-based desktop PCs
Tablets like the Apple iPad
Q31: Regardless of your actual policy, in practice what percentage of your endpoints was selected by your employees vs. by the company?
1 - Completely employee selected 2 - Mostly employee selected
3 - Joint effort, input from employee and company 4 - Mostly company selected
5 - Completely company selected
Employee-selected endpoints
5% 6% 7% 5% 5% 4%
18% 17% 15% 15% 16%12%
37% 40%38% 37% 35%
35%
26% 25%
24% 26%28%
30%
13% 12%17% 16% 17% 19%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Installation Purchasing Security Endpoint management Training Productivity
Q31b: What is the impact of employee-selected endpoints to your organization?
1 - Extremely negative 2 - Somewhat negative 3 - Neutral 4 - Somewhat positive 5 - Extremely positive
Employee-selected endpoints
5% 7% 7% 7% 10% 11%
22%14% 13%17% 16%
16% 17%
10%18%
29%
29% 32%34% 32%
46%
27%
27%
31% 30%27% 26%
14%36%
25%
15% 15% 14% 14%9%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Owner/upper management
Engineering Sales Marketing Staff Accounting Other (please specify)
Q32: Which types of employees are most likely to want to select their own endpoints?
1 - Extremely unlikely 2 - Somewhat unlikely 3 - Neutral 4 - Somewhat likely 5 - Extremely likely
Employee-selected endpoints
5% 4%10%
13% 13%
22%
23% 28%
36%
31%
38%
19%
28%
18%13%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Younger than 30 30 to 49 50 and older
Q33: Which employee age group is most likely to want to select their own endpoints?
1 - Extremely unlikely 2 - Somewhat unlikely 3 - Neutral 4 - Somewhat likely 5 - Extremely likely
Password protection
81%
74%
42%
35%
32%
23%
16%
0% 20% 40% 60% 80% 100%
Windows-based desktop PCs
Windows-based laptops
Apple Mac desktops
Apple Mac laptops
Smart phones
Tablets like the Apple iPad
PDA with no phone
Q34: Which of the following endpoint devices does your company insure are password protected?
Remote wipes
62%
52%
32%
28%
25%
18%
12%
0% 20% 40% 60% 80% 100%
Windows-based desktop PCs
Windows-based laptops
Smart phones
Apple Mac desktops
Apple Mac laptops
Tablets like the Apple iPad
PDA with no phone
Q35: In case of theft or accidental loss, which of the following endpoint devices can be remotely wiped clean of all information?
Endpoint security safeguards
92%
72%
40%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Antimalware Client firewalls Client intrusion-detection
Q36: Which of the following endpoint security safeguards do you use?
Incidents sustained
462
259
243
101
31
26
22
0 50 100 150 200 250 300 350 400 450 500
Windows-based desktop PCs
Windows-based laptops
Apple Mac desktops
Apple Mac laptops
PDA with no phone
Tablets like the Apple iPad
Smart phones
Q37: Worldwide, how many incidents/attacks have you sustained against each of these endpoints in the past 12 months?
(Asked only of those who use each endpoint)
Remediating attacks
7.9
7.27
7
6.96
6.88
6.09
6.07
0 1 2 3 4 5 6 7 8 9
Windows-based desktop PCs
Windows-based laptops
PDA with no phone
Apple Mac laptops
Tablets like the Apple iPad
Smart phones
Apple Mac desktops
Q38: What is the average time spent by your company (or consultants on behalf of your company) remediating attacks on each of these
endpoints for a single attack?(Means shown)
Improper configurations
26%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Mean
Q39: What percentage of the aforementioned attacks was the result of improper configurations such as missed OS patches, incorrect security
settings, out of date virus profiles, etc.?
Lost and stolen devices
26.88
23.57
22.23
21.55
20.55
19.96
18.63
0 5 10 15 20 25 30
PDA with no phone
Windows-based laptops
Apple Mac desktops
Tablets like the Apple iPad
Windows-based desktop PCs
Smart phones
Apple Mac laptops
Q40: How many of each of these mobile devices are lost or stolen worldwide within your organization annually?
(Means shown)
Windows 7
18%
28%
15%
9%
8%
13%
9%
0% 10% 20% 30% 40% 50%
No plans to upgrade to Windows 7 at this time
We are currently discussing if and when we will upgrade to Windows 7
We plan to upgrade after Windows 7 SP2 is released
We plan to upgrade after Windows 7 SP1 is released
We plan to upgrade to the current version of Windows 7
We are currently in the process of upgrading to Windows 7
We have already upgraded to Windows 7
Q41: What are your plans for Windows 7?
Windows 7
21%
46%
29%
3%
1%
0% 10% 20% 30% 40% 50%
Significantly improve security
Somewhat improve security
Neither improve nor worsen security
Somewhat worsen security
Significantly worsen security
Q42: How do you think Windows 7 will affect endpoint security?
Confidential/proprietary data
36%
38%
22%
4%
1%
0% 10% 20% 30% 40% 50%
Extremely concerned
Somewhat concerned
Neutral
Somewhat unconcerned
Extremely unconcerned
Q43: How concerned are you regarding the loss of confidential/proprietary data?
Confidential/proprietary data
Yes42%
No58%
Q44: Have you lost confidential/proprietary data in the past?
Confidential/proprietary data
24%
21%
19%
13%
12%
12%
0% 10% 20% 30% 40% 50%
Outsider illegally took data
Insider accidentally lost data
Insider illegally took data
Partner company accidentally lost data
Partner company illegally took data
Broken business process exposed confidential information
Q45: What percentage of your past losses of confidential/proprietary data have come from each of the following areas?
(Means shown)
Consequences of data loss
46%
40%
40%
38%
28%
27%
25%
21%
20%
5%
0% 10% 20% 30% 40% 50%
Lost revenue
Damaged brand reputation
Direct financial cost
Loss of customer trust/damaged customer relationships
Litigation costs
Lost productivity
Loss of organization, customer or employee data
Costs to comply with regulations after a data loss incident
Regulatory fines
Reduced stock price
Q46: What have been the consequences of data loss to your organization?
(Mark all that apply.)
Messaging/Collaboration Security
Email systems
76%
38%
30%
0% 20% 40% 60% 80% 100%
Client-Server corporate email system
Web-based consumer mail system
SaaS corporate email system
Q47: What kind of email systems are used within your organization?(Mark all that apply.)
Email systems
82%
20%
10%
0% 20% 40% 60% 80% 100%
Microsoft Exchange
IBM Lotus Domino
Other (Please specify)
Q48: Which client-server corporate email system(s) do you use?
Email systems
45%
35%
20%
17%
16%
0% 10% 20% 30% 40% 50%
Google Business Email
Cisco WebEx
Other (Please specify)
SaaS option offered by your ISP
LotusLive iNotes
Q49: Which SaaS corporate email system(s) do you use?
Email systems
52%
45%
41%
16%
11%
0% 20% 40% 60% 80% 100%
Gmail
Yahoo! Mail
Windows Live Hotmail
Other (Please specify)
AOL Mail
Q50: Which web email system(s) do you use?
Collaboration systems
71%
25%
17%
0% 20% 40% 60% 80% 100%
Microsoft SharePoint
IBM Lotus Domino/Notes
Other (Please specify)
Q51: What kind of collaboration systems are used within your organization?
(Mark all that apply.)
Instant messaging
41%
35%
34%
17%
17%
17%
9%
8%
5%
3%
0% 10% 20% 30% 40% 50%
Windows Live Messenger
Yahoo!
Google Talk
Other (Please specify)
AIM (AOL Instant Messenger)
Microsoft Office Communications Server (OCS)
ICQ
IBM Lotus Sametime
OCS
Q52: What Instant Messaging (IM) systems are used officially within your organization?
Social media tools
45%
51%
39%
59%
50%
46%
38%
35%
39%
34%
0% 20% 40% 60% 80% 100%
Microblogging
Blogs
Podcasts
Social networking sites
Multimedia sharing sites
Q53: Which of the following social media tools are used within your organization?
Unofficially (for personal use)
Officially (for business use)
Social networking
37%
61%
47%
10%
46%
41%
25%
3%
0% 20% 40% 60% 80% 100%
MySpace
Other (Please specify)
Q54: Which social networking sites are used within your organization?
Unofficially (for personal use)
Officially (for business use)
Security threats
5% 5% 6% 5% 7% 6% 6% 5% 7%
11%15% 10% 13%
14% 13% 13% 15% 13%
34%31% 38%
38%37% 42%
44% 45% 47%
36% 34% 30%31% 32% 28%
26% 25%24%
15% 15% 17%13% 11% 12% 10% 10% 8%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Web-based consumer email
Client-server corporate email
systems
Social networking sites
Instant messaging
SaaS corporate email systems
Microblogging Blogs Corporate collaboration
suite
Podcasts
Q55: How would you rate the security threat for each messaging/collaboration tool?
1 - Extremely low 2 - Somewhat low 3 - Neutral 4 - Somewhat high 5 - Extremely high
Messaging/collaboration tools
137
121
105
82
44
43
40
33
25
0 20 40 60 80 100 120 140 160
SaaS corporate email systems
Client-server corporate email systems
Instant messaging
Web-based consumer email
Social networking sites
Microblogging
Blogs
Podcasts
Corporate collaboration suite
Q56: How many individual security incidents have you experienced worldwide within your organization for each of these messaging/collaboration tools in the past 12 months?
(Means shown)
Messaging/collaboration tools
17% 15% 16% 17% 16% 19% 21%
33%24%
29%28% 26%
33%28%
39% 35%
41%
38%
40% 44% 46%
39%46%
33% 37%
22%
34%
10% 10% 9% 9% 8% 7% 6% 3% 3%4% 2% 3% 2% 2% 1% 1% 1% 1%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Social networking sites
Microblogging Blogs Instant messaging
Podcasts Web-based consumer email
Corporate collaboration
suite
Client-server corporate email
systems
SaaS corporate email systems
Q57: How well-protected are you for each of these messaging/collaboration tools?
1 - Extemely protected 2 - Somewhat protected 3 - Neutral 4 - Somewhat unprotected 5 - Extremely unprotected
Backup, Recovery, and Archiving
Backup/archiving solutions
0% 1% 1%2%5% 7%
8%
12%17%
21%
20%
23%
69%62%
53%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Backup and recovery of data Backup and recovery of systems Archiving
Q58: What is your status regarding the following solutions in your organization?
1 - Not sure what this solution does 2 - Not installed and no plans to do so 3 - Discussing 4 - Implementing 5 - Already installed
Data backup
47%
31%
16%
6%
0%
1%
0%
0% 10% 20% 30% 40% 50%
Never
Daily
Weekly
Monthly
Quarterly
Annually
Once in a long while
Q59: How often does your company back up its data?
Data backup
63%
42%
35%
27%
17%
1%
0% 20% 40% 60% 80% 100%
Network storage (hard disk)
Portable hard disk
Tape
DVDs or BluRay
We store data online with a service provider
Other (Please specify)
Q60: Where do you store your information once you back up your files?(Mark all that apply.)
Data backup
72%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Mean
Q61: What percentage of company/customer information on your computer is regularly backed up?
Deduplication
13%
22%
28%
32%
4%
0% 10% 20% 30% 40% 50%
Not installed and no plans to do so
Discussing
Implementing
Already installed
Not sure what this solution does
Q62: What is the status of your company's use of "deduplication" technology?
Backup recovery
16.87
0
2
4
6
8
10
12
14
16
18
Mean
Q62b: In the past 12 months, how many times have you needed to recover one or more files from your backup media?
Backup recovery
5.37
0
1
2
3
4
5
6
Mean
Q63: In the past 12 months, how many times has the recovery process failed?
Backup recovery
74%
45%
32%
0% 20% 40% 60% 80% 100%
Lost productivity
Financial loss
Embarrassment
Q64: What were the consequences of these recovery failures?(Mark all that apply.)
Backup applications
22%
15%
12%
10%
10%
9%
8%
5%
4%
3%
3%
0% 10% 20% 30% 40% 50%
Microsoft Data Protection Manager
Symantec Backup Exec
Symantec Backup Exec System Recovery
HP Data Protector
Other (Please specify)
IBM Tivoli Storage Manager
Symantec NetBackup
EMC Networker
CA ARCserve
EMC Avamar
CommVault Simpana
Q65: What application do you use for backup?
Data backup
39%
15%
15%
15%
8%
6%
0%
0% 10% 20% 30% 40% 50%
Never occurred to us to do so
Our data is not that critical to our business
Not a priority
Lack of skills/unqualified personnel
Lack of resources
Lack of time
Other (Please specify)
Q66: Why don't you back up your data?
Archiving
4%8% 7% 9%
31%
43% 48%48%
65%
50%45% 43%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Moving files off primary storage to another hard disk for long-term
storage
Providing tools to facilitate the recovery of archived information for
eDiscovery requests
Deduplication/compression Active management of the archived information
Q67: Which of the following features are needed for an archiving system to be complete?
1 - Not required, not necessary 2 - Optional, but nice to have 3 - Required
Archiving
50%
48%
3%
0% 20% 40% 60% 80% 100%
We use our backup software
We use software designed specifically for archiving
Other (Please specify)
Q68: What do you use to archive information in your organization?
Archiving
33%
15%
15%
10%
7%
6%
6%
5%
4%
1%
0% 10% 20% 30% 40% 50%
Microsoft Exchange
Symantec Enterprise Vault
Other (Please specify)
IBM CommonStore
CommVault Simpana
Autonomy Zantaz EAS
EMC EmailXtender
EMC Source One
Autonomy/Zantaz Digital Safe
Mimosa NearPoint
Q69: Which archiving solution do you use?
Backup vs. Archiving solutions
52%
47%
42%
34%
17%
3%
0% 20% 40% 60% 80% 100%
I can use existing staff/resources
It is good enough
Using my backup solution doesn't require new training
Cost issues
Takes less time
Other (Please specify)
Q70: Why do you use backup software for your archiving needs instead of a specific archiving solution?
Disaster Preparedness
Natural disasters
Yes52%
No48%
Q71: Is your region susceptible to natural disasters?
Disaster preparedness
13%
30%
18%
15%
15%
8%
0% 10% 20% 30% 40% 50%
We don't have one.
We have a general plan, but it is informal or undocumented.
We have a written plan, but it needs work.
We have a written plan that is "average."
We have a written plan that is "pretty good."
We have a written plan that is "excellent."
Q72: What is the state of your data center's disaster preparedness plan (actions taken during an event)?
Disaster preparedness
36%
25%
25%
24%
19%
8%
0% 10% 20% 30% 40% 50%
Not a priority
Never occurred to us to have one
Our computer systems are not that critical to our business
Lack of resources
Lack of skills/unqualified personnel
Other (Please specify)
Q73: What has kept you from developing a plan or formal process to deal with outages or disruptions to your computer resources?
(Mark all that apply.)
Disaster recovery
64%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Mean
Q74: How confident are you in your organization's disaster recovery plan?
Disaster recovery testing
18%
12%
18%
15%
7%
15%
3%
5%
3%
3%
1%
0% 10% 20% 30% 40% 50%
Never
Every few years
Once a year
Twice a year
3 times a year
Quarterly
Every other month
Monthly
Twice a month
Weekly
More than weekly
Q75: How often do you test your DR plan?
Disaster declarations
6.69
0
1
2
3
4
5
6
7
8
Mean
Q76: How many times have you had to declare a disaster and perform recovery operations at a recovery site in the past five years?
Disaster causes
53%
37%
29%
25%
22%
13%
12%
10%
10%
9%
9%
5%
3%
3%
2%
0% 20% 40% 60% 80% 100%
Power failure
Computer hardware failure
Network failure
Computer software failure
User/operator error
Malicious employee behavior
Flood
Winter storm
Fire
Hurricane
Data leakage or loss
Earthquake
Terrorism or war
Tornado
Chemical spill
Q77: What were the causes of these disasters?(Mark all that apply.)
Disaster recovery
3%
11%
33%
32%
21%
0% 10% 20% 30% 40% 50%
Significantly poorly
Somewhat poorly
Neutral
Somewhat well
Significantly well
Q78: In general, how well did your disaster recovery plan work?