Symantec’s 2010 Global SMB Information Protection Survey found that small and midsized businesses (SMBs with 10 to 499 employees) are now making protecting their information their highest IT priority, as opposed to 15 months ago when a high percentage had failed to enact even the most basic safeguards. This shift makes sense as SMBs are facing increased threats from cyber attacks, lost devices and loss of confidential or proprietary data.

1. 2010 SMB Information Protection Survey
Key Findings (Global Results)

2. Methodology
• Applied Research telephone survey in May/June 2010
• 2,152 SMBs worldwide
– 50% 10-99 employees
– 50% 100-499 employees
• 28 countries
• Cross-industry
• Owners, managers, IT staff, consultants
2

3. Key Findings
• SMBs are getting serious about information protection
• Loss of crucial information is a real threat
• Cyber attacks a real threat

4. SMBs are serious about information protection
• SMBs rank data loss and cyber attacks their top business risk
• Top IT improvement areas: backup & recovery, DR, security
• Two thirds of IT time spent on information protection
• Median spend: $51K on information protection

5. Loss of crucial business information a real threat
• 74 percent somewhat/extremely
concerned
• 42 percent lost
confidential/proprietary
information in the past
• 100 percent saw losses (lost
revenue, direct financial costs)
• Lost devices a big problem:
– 62 percent lost devices within past 12
months
– 100 percent have some devices that are
not password protected
– 100 percent have devices that couldn’t
be remotely wiped of data

6. Cyber attacks a real threat
• 73 percent saw cyber attacks in
past year
– 30 percent of attacks
somewhat/extremely effective
• 100 percent saw losses:
– Downtime, theft of corporate data,
personally identifiable information
• 100 percent saw direct costs:
– Loss of productivity, revenue and
direct financial cost
• Annual cost of cyber attacks:
$188,242

7. Symantec’s Recommendations
• Educate employees
• Safeguard important business information
• Implement an effective backup and recovery plan
• Secure email and web assets

8. Appendix: Full Results

9. Information Protection Objectives

10. Risks
Q6: Please rank the following risks in order of significance to your
organization.
100%
9% 9% 8%
90% 20%
8%
17% 18%
80% 10%
54%
70%
20%
60% 38% 24%
35% 1
2
50%
3
40% 4
20% 5
30%
30% 21%
54%
28%
20% 10%
14%
7%
10% 19%
9% 11%
7%
0%
Data loss Cyber attacks Traditional criminal activity Natural disasters Terrorism

11. IT improvement areas
Q7: Please rate the following IT improvement areas for 2010.
1 - Absolutely unimportant 2 - Somewhat unimportant 3 - Average 4 - Somewhat important 5 - Absolutely important
100%
90% 20%
28% 24%
32% 31%
37% 38% 35%
80%
70%
26%
60% 31%
30%
31%
50% 31% 34%
32% 29%
40% 30%
30% 27% 27%
23%
18% 19% 20%
18%
20%
19%
10% 10% 11% 11% 11% 13% 13% 14%
4% 4% 4% 3% 3% 3% 3% 5%
0%
Enhance our Enhance our ability Enhance our Improve our Increase our data Reduce computing Increase our Be more "green
backup, recovery to resume computer security computing storage capacity costs internet
and archiving computing as systems performance bandwidth
systems quickly as possible
after a disaster

12. Expected change
Q8: How would you characterize the level of change to your data
protection infrastructure you expect over the next 12 months?
0% 10% 20% 30% 40% 50%
Significant changes 47%
Minor changes 47%
Virtually no changes 7%

13. Staffing & Budget

14. Computer support team
Q9: What percentage of your computer support team comes from each
of the following?
(Means shown)
0% 20% 40% 60% 80% 100%
Internal staff 56%
Consultants 19%
Computer dealers/VARs/etc. 15%
Friends 9%
Other (Please indicate) 1%

15. Computing staff
Q10: How many different people (either inside or outside your
company) work on your computing systems in your organization in all
offices combined?
300
250 241.1
200
150
100
50
0
Mean

16. Computing staff growth
Q11: How does the number of people working on your computing
systems compare to 12 months ago?
0% 10% 20% 30% 40% 50%
More 12 months ago 31%
About the same 24%
Less 12 months ago 45%

17. Expecting computing staff growth
Q12: How will the number of people working on your computing
systems change over the next 12 months?
0% 10% 20% 30% 40% 50%
More 12 months from now 42%
About the same 15%
Less 12 months from now 43%

18. Computer support staff
Q13: What percent of your computer support staff's time is spent in
each of the following areas?
(Means shown)
0% 10% 20% 30% 40% 50%
Computer security 27%
Backup, recovery and archival tasks 24%
Disaster preparedness tasks 18%
Other computing tasks 31%

19. Skill sets
Q14a: How would you characterize your company's proficiency and
capacity for each of the following computing skill sets?
1 - Extremely unskilled 2 - Somewhat unskilled 3 - Neutral 4 - Somewhat skilled 5 - Extremely skilled
100%
90% 23%
32%
35%
80% 41%
70%
60%
47%
50%
48%
40% 48%
42%
30%
20% 22%
16%
10% 13% 13%
3% 4% 7%
3%
0% 2% 1% 1% 1%
Other computer areas Backup, recovery and archival Computer security Disaster preparedness

20. Skill sets
Q14b: How would you characterize your company's proficiency and
capacity for each of the following computing skill sets?
1 - Extremely overstaffed 2 - Somewhat overstaffed 3 - Neutral 4 - Somewhat understaffed 5 - Extremely understaffed
100%
12% 13% 13% 12%
90%
80%
26% 27%
35% 29%
70%
60%
50%
40%
50% 50%
47%
30% 46%
20%
10%
9% 9% 9%
6%
0% 1% 2% 2% 2%
Disaster preparedness Computer security Backup, recovery and archival Other computer areas

21. Preventing factors
Q15a: How important are each of these factors in terms of keeping your
company from being more proficient in computer security?
1 - Not a factor at all 2 - Only slightly a factor 3 - A factor 4 - Somewhat a factor 5 - Major factor
100%
6%
15% 14%
90% 20% 19%
28%
80% 15%
33%
13%
26% 18%
70%
60%
28%
27% 33%
50% 21%
20% 27%
40%
20%
30%
24% 30%
31% 21% 26%
20%
13%
10%
15% 13%
11% 10% 11% 11%
0%
We get buried in the Our staff lacks the We don't have enough We get buried in Not a priority for our We don't have enough
basic day-to-day tasks requisite skill set budget emergencies company management staff

22. Preventing factors
Q15b: How important are each of these factors in terms of keeping your
company from being more proficient in backup, restore and archival?
1 - Not a factor at all 2 - Only slightly a factor 3 - A factor 4 - Somewhat a factor 5 - Major factor
100%
4%
7%
13% 12% 13%
90% 17%
80%
30%
41% 17%
27% 25%
70% 35%
60%
50% 31%
24%
21% 33%
36%
40% 24%
30%
20% 21%
20% 32% 18%
20% 14%
10%
14% 12% 12% 14%
8%
5%
0%
We get buried in the We get buried in We don't have enough Our staff lacks the We don't have enough Not a priority for our
basic day-to-day tasks emergencies budget requisite skill set staff company management

23. Preventing factors
Q15c: How important are each of these factors in terms of keeping your
company from being more proficient in disaster preparedness?
1 - Not a factor at all 2 - Only slightly a factor 3 - A factor 4 - Somewhat a factor 5 - Major factor
100%
8%
13%
90% 18% 19% 20%
26% 11%
80%
23%
70% 20%
28% 26% 26%
60% 26%
50%
28% 32%
40% 27% 28%
26% 36%
30%
20% 23%
19% 18% 25%
13%
10% 18%
10% 8% 10% 9% 6%
0%
We get buried in the Our staff lacks the Not a priority for our We don't have enough We don't have enough We get buried in
basic day-to-day tasks requisite skill set company management budget staff emergencies

24. Preventing factors
Q15d: How important are each of these factors in terms of keeping your
company from being more proficient in other computer areas?
1 - Not a factor at all 2 - Only slightly a factor 3 - A factor 4 - Somewhat a factor 5 - Major factor
100% 2%
3%
9% 11% 9%
16%
90%
19%
12%
20% 13%
80% 33%
70% 28%
26%
60% 34%
34%
32%
50% 28%
21%
40%
32%
30% 23% 28%
21% 24%
23%
20%
10% 18% 21%
14% 14% 17%
12%
0%
Not a priority for our We don't have enough Our staff lacks the We get buried in the We don't have enough We get buried in
company management staff requisite skill set basic day-to-day tasks budget emergencies

25. Annual expenses
Q16: Please estimate how much you spend annually for each area.
(Medians shown)
$45,000
$40,000
$40,000
$35,000
$30,000
$25,000
$25,000
$20,000
$16,000
$15,000
$10,000
$10,000
$5,000
$0
General computing Computer security Backup, recovery and archival Disaster preparedness

26. Expense growth
Q17: What is the percentage change for each area over 2009?
(Means shown)
100%
90%
80%
70%
60%
50%
40%
30%
19%
20% 17% 17%
14%
10%
0%
Computer security Backup, recovery and archival General computing Disaster preparedness

27. Expected expense change
Q18: Looking ahead, what do you anticipate the percentage change for
each area will be in 2011 when compared to 2010?
(Means shown)
100%
90%
80%
70%
60%
50%
40%
30%
19%
20% 17% 16%
14%
10%
0%
Computer security General computing Backup, recovery and archival Disaster preparedness

28. Augmenting capacity
Q19: What methods -- if any -- do you use (or plan to use) to augment
your internal staff's capacity in order to accomplish more than you could
on your own?
1 - Not familiar with this area 2 - Do not employ and no plans to do so 3 - Do not use this tactic, but are exploring
4 - Do not use, but plan to in the future 5 - Currently use in a minor way 6 - Currently use in a moderate way
7 - Currently use in a major way
100%
8% 9% 9%
90%
17% 14%
80% 23%
70% 16%
16%
60%
28% 15%
11%
50%
40% 16%
10% 19%
30%
15%
20%
30% 23%
10% 16%
0% 1% 2% 4%
Using outside consultants Outsource our computer operations to an ISP Moving certain applications to "the cloud"

29. Cyber Attacks

30. Cyber attacks
Q20: Characterize the quantity of cyber attacks against your
organization over the past 12 months.
0% 20% 40% 60% 80% 100%
No cyber attacks 27%
A few cyber attacks 51%
Cyber attacks on a regular basis 16%
Large number of cyber attacks 5%
Extremely large number of cyber attacks 2%

31. Cyber attack effectiveness
Q21: Rate the effectiveness of cyber attacks against your organization
over the past 12 months.
0% 10% 20% 30% 40% 50%
Highly ineffective 20%
Somewhat ineffective 24%
Neutral 26%
Somewhat effective 19%
Highly ieffective 11%

32. Cyber attack growth
Q22: Characterize the growth of cyber attacks against your organization
over the past 12 months.
0% 10% 20% 30% 40% 50%
Significantly decreased 7%
Somewhat decreased 20%
Stayed the same 48%
Somewhat increased 20%
Significantly increased 5%

33. Cyber losses
Q23: Indicate which kinds of cyber losses you have experienced in the
past.
(Mark all that apply.)
0% 10% 20% 30% 40% 50%
Downtime of our environment 49%
Theft of other corporate data 25%
Theft of customer or employee PII 23%
Theft of customer credit card information or other financial information 23%
Theft of intellectual property 20%
Theft of customer or employee PHI 16%
Identity theft 14%

34. Cyber attack costs
Q24: Please indicate which costs your organization experienced as a
result of cyber attacks in the past.
(Mark all that apply.)
0% 20% 40% 60% 80% 100%
Lost productivity 53%
Lost revenue 27%
Direct financial cost 22%
Damaged reputation 21%
Costs to comply with regulations after an attack 18%
Loss of customer trust/damaged customer relationships 18%
Litigation costs 12%
Regulatory fines 12%
Reduced stock price 11%

35. Monetary costs
Q25: Please assign a total value, in monetary terms, of each of these
losses in 2009.
(Means shown)
$0 $50,000 $100,000 $150,000 $200,000 $250,000
Direct financial cost $194,625
Reduced stock price $145,045
Damaged reputation $133,286
Loss of customer trust/damaged customer relationships $116,121
Lost revenue $115,054
Lost productivity $63,920
Costs to comply with regulations after an attack $47,691
Litigation costs $32,429
Regulatory fines $21,279

36. Cyber attack response
Q26: When you have sustained a cyber attack, where do you go to find
information about that type of attack and on how to respond?
(Mark all that apply)
0% 20% 40% 60% 80% 100%
Security software vendor site 67%
Consultant, outsource vendor or reseller/VAR 44%
Media 37%
Blogs 32%
Peers 23%

37. Changing protection
Q27: How has protecting your computing systems changed over the past
12 months?
0% 10% 20% 30% 40% 50%
Significantly easier 15%
Somewhat easier 33%
Neither easier nor harder 39%
Somewhat harder 11%
Significantly harder 2%

38. Endpoint Security

39. Endpoint vulnerabilities
Q29: How vulnerable to security breaches are each of these endpoints?
1 - Extremely safe and protected 2 - Somewhat safe and protected 3 - Neutral 4 - Somewhat vulnerable 5 - Extremely vulnerable
100%
4% 5% 4% 5% 4%
11% 10%
90%
26% 22% 23%
27% 27%
80%
31% 31%
70%
60%
23% 26%
35% 36%
31%
50% 17% 21%
40%
30% 28% 28%
23%
25% 26%
26% 26%
20%
10% 18% 18% 18%
14% 11% 12% 12%
0%
Windows-based Windows-based Tablets like the Apple Apple Mac desktops Apple Mac laptops Smart phones PDA with no phone
desktop PCs laptops iPad

40. Endpoint selection and approval
Q30: What is your company policy for each of the following endpoints in
terms of who selects/approves devices that can be used on your
network?
1 - Completely employee selected 2 - Mostly employee selected
3 - Joint effort, input from employee and company 4 - Mostly company selected
5 - Complete company selected
100%
90%
31% 28%
36% 36% 35% 37%
80% 41%
70%
60% 17% 19%
17% 18% 18%
21%
50% 19%
40% 26% 27%
21% 23% 24%
16% 20%
30%
20% 16% 18% 17% 19% 16% 15% 16%
10%
10% 9% 9% 7% 8% 9% 6%
0%
PDA with no phone Apple Mac desktops Smart phones Windows-based Apple Mac laptops Tablets like the Apple Windows-based
desktop PCs iPad laptops

41. Endpoint selection and approval
Q31: Regardless of your actual policy, in practice what percentage of
your endpoints was selected by your employees vs. by the company?
1 - Completely employee selected 2 - Mostly employee selected
3 - Joint effort, input from employee and company 4 - Mostly company selected
5 - Completely company selected
100%
90%
80% 39% 39%
45% 49% 50% 46%
49%
70%
60%
50% 21% 16%
40% 19% 20% 20% 15%
15%
30% 17% 17%
15% 15% 17% 17% 17%
20%
11% 8%
10% 6% 5% 7% 6% 4%
12% 11% 8% 8% 7%
6% 7%
0%
Smart phones PDA with no phone Apple Mac laptops Apple Mac desktops Windows-based Windows-based Tablets like the Apple
laptops desktop PCs iPad

42. Employee-selected endpoints
Q31b: What is the impact of employee-selected endpoints to your
organization?
1 - Extremely negative 2 - Somewhat negative 3 - Neutral 4 - Somewhat positive 5 - Extremely positive
100%
13% 12%
17% 16% 17% 19%
90%
80%
26% 25%
70% 24% 26%
28%
30%
60%
50%
37% 40%
40% 38% 37% 35%
35%
30%
20%
18% 17% 15% 15% 16%
10% 12%
5% 6% 7% 5% 5% 4%
0%
Installation Purchasing Security Endpoint management Training Productivity

43. Employee-selected endpoints
Q32: Which types of employees are most likely to want to select their
own endpoints?
1 - Extremely unlikely 2 - Somewhat unlikely 3 - Neutral 4 - Somewhat likely 5 - Extremely likely
100%
9%
15% 15% 14% 14%
90%
25%
14%
80% 36%
27% 26%
70% 31% 30%
60% 27%
46%
50% 27%
34% 32%
40% 29% 32%
29%
30%
18% 10%
20% 17%
16%
17% 16%
14% 13%
10% 22%
7% 10% 11%
5% 7% 7%
0%
Owner/upper Engineering Sales Marketing Staff Accounting Other (please specify)
management

44. Employee-selected endpoints
Q33: Which employee age group is most likely to want to select their
own endpoints?
1 - Extremely unlikely 2 - Somewhat unlikely 3 - Neutral 4 - Somewhat likely 5 - Extremely likely
100%
13%
90% 18%
28%
80%
19%
70%
38%
60%
31%
50% 36%
40%
30% 23% 28%
20% 22%
10% 13% 13%
10%
5% 4%
0%
Younger than 30 30 to 49 50 and older

45. Password protection
Q34: Which of the following endpoint devices does your company
insure are password protected?
0% 20% 40% 60% 80% 100%
Windows-based desktop PCs 81%
Windows-based laptops 74%
Apple Mac desktops 42%
Apple Mac laptops 35%
Smart phones 32%
Tablets like the Apple iPad 23%
PDA with no phone 16%

46. Remote wipes
Q35: In case of theft or accidental loss, which of the following endpoint
devices can be remotely wiped clean of all information?
0% 20% 40% 60% 80% 100%
Windows-based desktop PCs 62%
Windows-based laptops 52%
Smart phones 32%
Apple Mac desktops 28%
Apple Mac laptops 25%
Tablets like the Apple iPad 18%
PDA with no phone 12%

47. Endpoint security safeguards
Q36: Which of the following endpoint security safeguards do you use?
100%
92%
90%
80%
72%
70%
60%
50%
40%
40%
30%
20%
10%
0%
Antimalware Client firewalls Client intrusion-detection

48. Incidents sustained
Q37: Worldwide, how many incidents/attacks have you sustained
against each of these endpoints in the past 12 months?
(Asked only of those who use each endpoint)
0 50 100 150 200 250 300 350 400 450 500
Windows-based desktop PCs 462
Windows-based laptops 259
Apple Mac desktops 243
Apple Mac laptops 101
PDA with no phone 31
Tablets like the Apple iPad 26
Smart phones 22

49. Remediating attacks
Q38: What is the average time spent by your company (or consultants
on behalf of your company) remediating attacks on each of these
endpoints for a single attack?
(Means shown)
0 1 2 3 4 5 6 7 8 9
Windows-based desktop PCs 7.9
Windows-based laptops 7.27
PDA with no phone 7
Apple Mac laptops 6.96
Tablets like the Apple iPad 6.88
Smart phones 6.09
Apple Mac desktops 6.07

50. Improper configurations
Q39: What percentage of the aforementioned attacks was the result of
improper configurations such as missed OS patches, incorrect security
settings, out of date virus profiles, etc.?
100%
90%
80%
70%
60%
50%
40%
30% 26%
20%
10%
0%
Mean

51. Lost and stolen devices
Q40: How many of each of these mobile devices are lost or stolen
worldwide within your organization annually?
(Means shown)
0 5 10 15 20 25 30
PDA with no phone 26.88
Windows-based laptops 23.57
Apple Mac desktops 22.23
Tablets like the Apple iPad 21.55
Windows-based desktop PCs 20.55
Smart phones 19.96
Apple Mac laptops 18.63

52. Windows 7
Q41: What are your plans for Windows 7?
0% 10% 20% 30% 40% 50%
No plans to upgrade to Windows 7 at this time 18%
We are currently discussing if and when we will upgrade to Windows 7 28%
We plan to upgrade after Windows 7 SP2 is released 15%
We plan to upgrade after Windows 7 SP1 is released 9%
We plan to upgrade to the current version of Windows 7 8%
We are currently in the process of upgrading to Windows 7 13%
We have already upgraded to Windows 7 9%

53. Windows 7
Q42: How do you think Windows 7 will affect endpoint security?
0% 10% 20% 30% 40% 50%
Significantly improve security 21%
Somewhat improve security 46%
Neither improve nor worsen security 29%
Somewhat worsen security 3%
Significantly worsen security 1%

54. Confidential/proprietary data
Q43: How concerned are you regarding the loss of
confidential/proprietary data?
0% 10% 20% 30% 40% 50%
Extremely concerned 36%
Somewhat concerned 38%
Neutral 22%
Somewhat unconcerned 4%
Extremely unconcerned 1%

55. Confidential/proprietary data
Q44: Have you lost confidential/proprietary data in the past?
Yes
42%
No
58%

56. Confidential/proprietary data
Q45: What percentage of your past losses of confidential/proprietary
data have come from each of the following areas?
(Means shown)
0% 10% 20% 30% 40% 50%
Outsider illegally took data 24%
Insider accidentally lost data 21%
Insider illegally took data 19%
Partner company accidentally lost data 13%
Partner company illegally took data 12%
Broken business process exposed confidential information 12%

57. Consequences of data loss
Q46: What have been the consequences of data loss to your
organization?
(Mark all that apply.)
0% 10% 20% 30% 40% 50%
Lost revenue 46%
Damaged brand reputation 40%
Direct financial cost 40%
Loss of customer trust/damaged customer relationships 38%
Litigation costs 28%
Lost productivity 27%
Loss of organization, customer or employee data 25%
Costs to comply with regulations after a data loss incident 21%
Regulatory fines 20%
Reduced stock price 5%

58. Messaging/Collaboration Security

59. Email systems
Q47: What kind of email systems are used within your organization?
(Mark all that apply.)
0% 20% 40% 60% 80% 100%
Client-Server corporate email system 76%
Web-based consumer mail system 38%
SaaS corporate email system 30%

60. Email systems
Q48: Which client-server corporate email system(s) do you use?
0% 20% 40% 60% 80% 100%
Microsoft Exchange 82%
IBM Lotus Domino 20%
Other (Please specify) 10%

61. Email systems
Q49: Which SaaS corporate email system(s) do you use?
0% 10% 20% 30% 40% 50%
Google Business Email 45%
Cisco WebEx 35%
Other (Please specify) 20%
SaaS option offered by your ISP 17%
LotusLive iNotes 16%

62. Email systems
Q50: Which web email system(s) do you use?
0% 20% 40% 60% 80% 100%
Gmail 52%
Yahoo! Mail 45%
Windows Live Hotmail 41%
Other (Please specify) 16%
AOL Mail 11%

63. Collaboration systems
Q51: What kind of collaboration systems are used within your
organization?
(Mark all that apply.)
0% 20% 40% 60% 80% 100%
Microsoft SharePoint 71%
IBM Lotus Domino/Notes 25%
Other (Please specify) 17%

64. Instant messaging
Q52: What Instant Messaging (IM) systems are used officially within
your organization?
0% 10% 20% 30% 40% 50%
Windows Live Messenger 41%
Yahoo! 35%
Google Talk 34%
Other (Please specify) 17%
AIM (AOL Instant Messenger) 17%
Microsoft Office Communications Server (OCS) 17%
ICQ 9%
IBM Lotus Sametime 8%
QQ 5%
OCS 3%

65. Social media tools
Q53: Which of the following social media tools are used within your
organization?
0% 20% 40% 60% 80% 100%
45%
Microblogging
46%
51%
Blogs
38%
Unofficially (for personal use)
39%
Podcasts Officially (for business use)
35%
59%
Social networking sites
39%
50%
Multimedia sharing sites
34%

66. Social networking
Q54: Which social networking sites are used within your organization?
0% 20% 40% 60% 80% 100%
37%
LinkedIn
46%
61%
Facebook
41%
Unofficially (for personal use)
Officially (for business use)
47%
MySpace
25%
10%
Other (Please specify)
3%

67. Security threats
Q55: How would you rate the security threat for each
messaging/collaboration tool?
1 - Extremely low 2 - Somewhat low 3 - Neutral 4 - Somewhat high 5 - Extremely high
100%
11% 10% 10% 8%
15% 15% 13% 12%
90% 17%
80% 24%
26% 25%
32% 28%
70% 31%
36% 34% 30%
60%
50%
45% 47%
40% 44%
37% 42%
38%
31% 38%
34%
30%
20%
15% 14% 13% 15% 13%
10% 11% 10% 13% 13%
5% 5% 6% 5% 7% 6% 6% 5% 7%
0%
Web-based Client-server Social Instant SaaS corporate Microblogging Blogs Corporate Podcasts
consumer email corporate email networking sites messaging email systems collaboration
systems suite

68. Messaging/collaboration tools
Q56: How many individual security incidents have you experienced
worldwide within your organization for each of these
messaging/collaboration tools in the past 12 months?
(Means shown)
0 20 40 60 80 100 120 140 160
SaaS corporate email systems 137
Client-server corporate email systems 121
Instant messaging 105
Web-based consumer email 82
Social networking sites 44
Microblogging 43
Blogs 40
Podcasts 33
Corporate collaboration suite 25

69. Messaging/collaboration tools
Q57: How well-protected are you for each of these
messaging/collaboration tools?
1 - Extemely protected 2 - Somewhat protected 3 - Neutral 4 - Somewhat unprotected 5 - Extremely unprotected
100% 2% 3% 2% 2% 1% 1% 1% 1%
4% 6% 3% 3%
9% 8% 7%
10% 9%
90% 10%
22%
80% 34%
33% 37%
70% 39%
40% 44% 46%
46%
60%
41%
50%
38%
40% 39% 35%
33%
30% 29% 28%
28% 26%
20%
33%
10% 21% 24%
17% 16% 17% 16% 19%
15%
0%
Social Microblogging Blogs Instant Podcasts Web-based Corporate Client-server SaaS corporate
networking sites messaging consumer email collaboration corporate email email systems
suite systems

70. Backup, Recovery, and Archiving

71. Backup/archiving solutions
Q58: What is your status regarding the following solutions in your
organization?
1 - Not sure what this solution does 2 - Not installed and no plans to do so 3 - Discussing 4 - Implementing 5 - Already installed
100%
90%
80%
53%
70% 62%
69%
60%
50%
40%
23%
30%
20%
20% 21%
17%
12%
10%
8%
5% 7%
0% 2%
0% 1% 1%
Backup and recovery of data Backup and recovery of systems Archiving

72. Data backup
Q59: How often does your company back up its data?
0% 10% 20% 30% 40% 50%
Never 47%
Daily 31%
Weekly 16%
Monthly 6%
Quarterly 0%
Annually 1%
Once in a long while 0%

73. Data backup
Q60: Where do you store your information once you back up your files?
(Mark all that apply.)
0% 20% 40% 60% 80% 100%
Network storage (hard disk) 63%
Portable hard disk 42%
Tape 35%
DVDs or BluRay 27%
We store data online with a service provider 17%
Other (Please specify) 1%

74. Data backup
Q61: What percentage of company/customer information on your
computer is regularly backed up?
100%
90%
80%
72%
70%
60%
50%
40%
30%
20%
10%
0%
Mean

75. Deduplication
Q62: What is the status of your company's use of "deduplication"
technology?
0% 10% 20% 30% 40% 50%
Not installed and no plans to do so 13%
Discussing 22%
Implementing 28%
Already installed 32%
Not sure what this solution does 4%

76. Backup recovery
Q62b: In the past 12 months, how many times have you needed to
recover one or more files from your backup media?
18
16.87
16
14
12
10
8
6
4
2
0
Mean

77. Backup recovery
Q63: In the past 12 months, how many times has the recovery process
failed?
6
5.37
5
4
3
2
1
0
Mean

78. Backup recovery
Q64: What were the consequences of these recovery failures?
(Mark all that apply.)
0% 20% 40% 60% 80% 100%
Lost productivity 74%
Financial loss 45%
Embarrassment 32%

79. Backup applications
Q65: What application do you use for backup?
0% 10% 20% 30% 40% 50%
Microsoft Data Protection Manager 22%
Symantec Backup Exec 15%
Symantec Backup Exec System Recovery 12%
HP Data Protector 10%
Other (Please specify) 10%
IBM Tivoli Storage Manager 9%
Symantec NetBackup 8%
EMC Networker 5%
CA ARCserve 4%
EMC Avamar 3%
CommVault Simpana 3%

80. Data backup
Q66: Why don't you back up your data?
0% 10% 20% 30% 40% 50%
Never occurred to us to do so 39%
Our data is not that critical to our business 15%
Not a priority 15%
Lack of skills/unqualified personnel 15%
Lack of resources 8%
Lack of time 6%
Other (Please specify) 0%

81. Archiving
Q67: Which of the following features are needed for an archiving system
to be complete?
1 - Not required, not necessary 2 - Optional, but nice to have 3 - Required
100%
90%
80%
45% 43%
50%
70%
65%
60%
50%
40%
48%
30% 43% 48%
20% 31%
10%
8% 7% 9%
0% 4%
Moving files off primary storage to Providing tools to facilitate the Deduplication/compression Active management of the archived
another hard disk for long-term recovery of archived information for information
storage eDiscovery requests

82. Archiving
Q68: What do you use to archive information in your organization?
0% 20% 40% 60% 80% 100%
We use our backup software 50%
We use software designed specifically for archiving 48%
Other (Please specify) 3%

83. Archiving
Q69: Which archiving solution do you use?
0% 10% 20% 30% 40% 50%
Microsoft Exchange 33%
Symantec Enterprise Vault 15%
Other (Please specify) 15%
IBM CommonStore 10%
CommVault Simpana 7%
Autonomy Zantaz EAS 6%
EMC EmailXtender 6%
EMC Source One 5%
Autonomy/Zantaz Digital Safe 4%
Mimosa NearPoint 1%

84. Backup vs. Archiving solutions
Q70: Why do you use backup software for your archiving needs instead
of a specific archiving solution?
0% 20% 40% 60% 80% 100%
I can use existing staff/resources 52%
It is good enough 47%
Using my backup solution doesn't require new training 42%
Cost issues 34%
Takes less time 17%
Other (Please specify) 3%

85. Disaster Preparedness

86. Natural disasters
Q71: Is your region susceptible to natural disasters?
No
48%
Yes
52%

87. Disaster preparedness
Q72: What is the state of your data center's disaster preparedness plan
(actions taken during an event)?
0% 10% 20% 30% 40% 50%
We don't have one. 13%
We have a general plan, but it is informal or undocumented. 30%
We have a written plan, but it needs work. 18%
We have a written plan that is "average." 15%
We have a written plan that is "pretty good." 15%
We have a written plan that is "excellent." 8%

88. Disaster preparedness
Q73: What has kept you from developing a plan or formal process to
deal with outages or disruptions to your computer resources?
(Mark all that apply.)
0% 10% 20% 30% 40% 50%
Not a priority 36%
Never occurred to us to have one 25%
Our computer systems are not that critical to our business 25%
Lack of resources 24%
Lack of skills/unqualified personnel 19%
Other (Please specify) 8%

89. Disaster recovery
Q74: How confident are you in your organization's disaster recovery
plan?
100%
90%
80%
70%
64%
60%
50%
40%
30%
20%
10%
0%
Mean

90. Disaster recovery testing
Q75: How often do you test your DR plan?
0% 10% 20% 30% 40% 50%
Never 18%
Every few years 12%
Once a year 18%
Twice a year 15%
3 times a year 7%
Quarterly 15%
Every other month 3%
Monthly 5%
Twice a month 3%
Weekly 3%
More than weekly 1%

91. Disaster declarations
Q76: How many times have you had to declare a disaster and perform
recovery operations at a recovery site in the past five years?
8
7 6.69
6
5
4
3
2
1
0
Mean

92. Disaster causes
Q77: What were the causes of these disasters?
(Mark all that apply.)
0% 20% 40% 60% 80% 100%
Power failure 53%
Computer hardware failure 37%
Network failure 29%
Computer software failure 25%
User/operator error 22%
Malicious employee behavior 13%
Flood 12%
Winter storm 10%
Fire 10%
Hurricane 9%
Data leakage or loss 9%
Earthquake 5%
Terrorism or war 3%
Tornado 3%
Chemical spill 2%

93. Disaster recovery
Q78: In general, how well did your disaster recovery plan work?
0% 10% 20% 30% 40% 50%
Significantly poorly 3%
Somewhat poorly 11%
Neutral 33%
Somewhat well 32%
Significantly well 21%