2010 smb information protection survey

2010 SMB Information Protection Survey

Key Findings (Global Results)

Methodology

• Applied Research telephone survey in May/June 2010

• 2,152 SMBs worldwide

– 50% 10-99 employees

– 50% 100-499 employees

• 28 countries

• Cross-industry

• Owners, managers, IT staff, consultants

2

Key Findings

• SMBs are getting serious about information protection

• Loss of crucial information is a real threat

• Cyber attacks a real threat

SMBs are serious about information protection

• SMBs rank data loss and cyber attacks their top business risk

• Top IT improvement areas: backup & recovery, DR, security

• Two thirds of IT time spent on information protection

• Median spend: $51K on information protection

Loss of crucial business information a real threat

• 74 percent somewhat/extremely concerned

• 42 percent lost confidential/proprietary information in the past

• 100 percent saw losses (lost revenue, direct financial costs)

• Lost devices a big problem:

– 62 percent lost devices within past 12 months

– 100 percent have some devices that are not password protected

– 100 percent have devices that couldn’t be remotely wiped of data

Cyber attacks a real threat

• 73 percent saw cyber attacks in past year

– 30 percent of attacks somewhat/extremely effective

• 100 percent saw losses:

– Downtime, theft of corporate data, personally identifiable information

• 100 percent saw direct costs:

– Loss of productivity, revenue and direct financial cost

• Annual cost of cyber attacks: $188,242

Symantec’s Recommendations

• Educate employees

• Safeguard important business information

• Implement an effective backup and recovery plan

• Secure email and web assets

Appendix: Full Results

Information Protection Objectives

Risks

9% 7%11%

19%

54%

7%14%

28%

30%

20%

10%

21%

35%24%

10%

20%

38%

17% 18%

8%

54%

20%

9% 9% 8%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Data loss Cyber attacks Traditional criminal activity Natural disasters Terrorism

Q6: Please rank the following risks in order of significance to your organization.

1

2

3

4

5

IT improvement areas

4% 4% 4% 3% 3% 3% 3% 5%

10% 11% 11% 11% 13% 13% 14%19%

18% 18% 19% 20%23%

27% 27%

30%

32% 29% 31% 34%31%

30%31%

26%

37% 38% 35% 32% 31% 28% 24%20%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Enhance our backup, recovery

and archiving systems

Enhance our ability to resume

computing as quickly as possible

after a disaster

Enhance our computer security

systems

Improve our computing

performance

Increase our data storage capacity

Reduce computing costs

Increase our internet

bandwidth

Be more "green

Q7: Please rate the following IT improvement areas for 2010.

1 - Absolutely unimportant 2 - Somewhat unimportant 3 - Average 4 - Somewhat important 5 - Absolutely important

Expected change

47%

47%

7%

0% 10% 20% 30% 40% 50%

Significant changes

Minor changes

Virtually no changes

Q8: How would you characterize the level of change to your data protection infrastructure you expect over the next 12 months?

Staffing & Budget

Computer support team

56%

19%

15%

9%

1%

0% 20% 40% 60% 80% 100%

Internal staff

Consultants

Computer dealers/VARs/etc.

Friends

Other (Please indicate)

Q9: What percentage of your computer support team comes from each of the following?

(Means shown)

Computing staff

241.1

0

50

100

150

200

250

300

Mean

Q10: How many different people (either inside or outside your company) work on your computing systems in your organization in all

offices combined?

Computing staff growth

31%

24%

45%

0% 10% 20% 30% 40% 50%

More 12 months ago

About the same

Less 12 months ago

Q11: How does the number of people working on your computing systems compare to 12 months ago?

Expecting computing staff growth

42%

15%

43%

0% 10% 20% 30% 40% 50%

More 12 months from now

About the same

Less 12 months from now

Q12: How will the number of people working on your computing systems change over the next 12 months?

Computer support staff

27%

24%

18%

31%

0% 10% 20% 30% 40% 50%

Computer security

Backup, recovery and archival tasks

Disaster preparedness tasks

Other computing tasks

Q13: What percent of your computer support staff's time is spent in each of the following areas?

(Means shown)

Skill sets

2% 1% 1% 1%3% 3% 4% 7%

13% 13%16%

22%

42%48%

48%

47%

41%35%

32%

23%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Other computer areas Backup, recovery and archival Computer security Disaster preparedness

Q14a: How would you characterize your company's proficiency and capacity for each of the following computing skill sets?

1 - Extremely unskilled 2 - Somewhat unskilled 3 - Neutral 4 - Somewhat skilled 5 - Extremely skilled

Skill sets

1% 2% 2% 2%6%

9% 9% 9%

46%47% 50% 50%

35% 29% 26% 27%

12% 13% 13% 12%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Disaster preparedness Computer security Backup, recovery and archival Other computer areas

Q14b: How would you characterize your company's proficiency and capacity for each of the following computing skill sets?

1 - Extremely overstaffed 2 - Somewhat overstaffed 3 - Neutral 4 - Somewhat understaffed 5 - Extremely understaffed

Preventing factors

11%15%

10%13% 11% 11%

13%

24%31% 21% 30% 26%

20%

20%21%

27%

27% 33%28%

26% 18%

33%13%

15%

28%

15%20%

6%

19%14%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

We get buried in the basic day-to-day tasks

Our staff lacks the requisite skill set

We don't have enough budget

We get buried in emergencies

Not a priority for our company management

We don't have enough staff

Q15a: How important are each of these factors in terms of keeping your company from being more proficient in computer security?

1 - Not a factor at all 2 - Only slightly a factor 3 - A factor 4 - Somewhat a factor 5 - Major factor

Preventing factors

8%14%

5%12% 12% 14%

20%

20%32%

14%18%

21%

24%

21%24%

36%33%

31%

35%

41%27% 25%

30%17%

13%

4%12% 13%

7%

17%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

We get buried in the basic day-to-day tasks

We get buried in emergencies

We don't have enough budget

Our staff lacks the requisite skill set

We don't have enough staff

Not a priority for our company management

Q15b: How important are each of these factors in terms of keeping your company from being more proficient in backup, restore and archival?

1 - Not a factor at all 2 - Only slightly a factor 3 - A factor 4 - Somewhat a factor 5 - Major factor

Preventing factors

10% 8% 10% 9% 6%

18%

13%19% 18%

23%25%

36%26%

27% 28%

28% 32%

26%

26%

28% 26%20%

23%

11%26%18% 19% 20%

13%8%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

We get buried in the basic day-to-day tasks

Our staff lacks the requisite skill set

Not a priority for our company management

We don't have enough budget

We don't have enough staff

We get buried in emergencies

Q15c: How important are each of these factors in terms of keeping your company from being more proficient in disaster preparedness?

1 - Not a factor at all 2 - Only slightly a factor 3 - A factor 4 - Somewhat a factor 5 - Major factor

Preventing factors

12% 14% 14% 18% 21%17%

23% 21% 24%23%

32%

28%

21%28%

32%34%

26%

34%

28%

33% 20% 13%12%

19%16%

3%9% 11% 9%

2%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Not a priority for our company management

We don't have enough staff

Our staff lacks the requisite skill set

We get buried in the basic day-to-day tasks

We don't have enough budget

We get buried in emergencies

Q15d: How important are each of these factors in terms of keeping your company from being more proficient in other computer areas?

1 - Not a factor at all 2 - Only slightly a factor 3 - A factor 4 - Somewhat a factor 5 - Major factor

Annual expenses

$40,000

$25,000

$16,000

$10,000

$0

$5,000

$10,000

$15,000

$20,000

$25,000

$30,000

$35,000

$40,000

$45,000

General computing Computer security Backup, recovery and archival Disaster preparedness

Q16: Please estimate how much you spend annually for each area.(Medians shown)

Expense growth

19%17% 17%

14%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Computer security Backup, recovery and archival General computing Disaster preparedness

Q17: What is the percentage change for each area over 2009?(Means shown)

Expected expense change

19%17% 16%

14%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Computer security General computing Backup, recovery and archival Disaster preparedness

Q18: Looking ahead, what do you anticipate the percentage change for each area will be in 2011 when compared to 2010?

(Means shown)

Augmenting capacity

1% 2% 4%

16%

30% 23%

15%

16%19%10%

11% 15%28%

16%16%

23% 17% 14%

8% 9% 9%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Using outside consultants Outsource our computer operations to an ISP Moving certain applications to "the cloud"

Q19: What methods -- if any -- do you use (or plan to use) to augment your internal staff's capacity in order to accomplish more than you could

on your own?

1 - Not familiar with this area 2 - Do not employ and no plans to do so 3 - Do not use this tactic, but are exploring

4 - Do not use, but plan to in the future 5 - Currently use in a minor way 6 - Currently use in a moderate way

7 - Currently use in a major way

Cyber Attacks

Cyber attacks

27%

51%

16%

5%

2%

0% 20% 40% 60% 80% 100%

No cyber attacks

A few cyber attacks

Cyber attacks on a regular basis

Large number of cyber attacks

Extremely large number of cyber attacks

Q20: Characterize the quantity of cyber attacks against your organization over the past 12 months.

Cyber attack effectiveness

20%

24%

26%

19%

11%

0% 10% 20% 30% 40% 50%

Highly ineffective

Somewhat ineffective

Neutral

Somewhat effective

Highly ieffective

Q21: Rate the effectiveness of cyber attacks against your organization over the past 12 months.

Cyber attack growth

7%

20%

48%

20%

5%

0% 10% 20% 30% 40% 50%

Significantly decreased

Somewhat decreased

Stayed the same

Somewhat increased

Significantly increased

Q22: Characterize the growth of cyber attacks against your organization over the past 12 months.

Cyber losses

49%

25%

23%

23%

20%

16%

14%

0% 10% 20% 30% 40% 50%

Downtime of our environment

Theft of other corporate data

Theft of customer or employee PII

Theft of customer credit card information or other financial information

Theft of intellectual property

Theft of customer or employee PHI

Identity theft

Q23: Indicate which kinds of cyber losses you have experienced in the past.

(Mark all that apply.)

Cyber attack costs

53%

27%

22%

21%

18%

18%

12%

12%

11%

0% 20% 40% 60% 80% 100%

Lost productivity

Lost revenue

Direct financial cost

Damaged reputation

Costs to comply with regulations after an attack

Loss of customer trust/damaged customer relationships

Litigation costs

Regulatory fines

Reduced stock price

Q24: Please indicate which costs your organization experienced as a result of cyber attacks in the past.

(Mark all that apply.)

Monetary costs

$194,625

$145,045

$133,286

$116,121

$115,054

$63,920

$47,691

$32,429

$21,279

$0 $50,000 $100,000 $150,000 $200,000 $250,000

Direct financial cost

Reduced stock price

Damaged reputation

Loss of customer trust/damaged customer relationships

Lost revenue

Lost productivity

Costs to comply with regulations after an attack

Litigation costs

Regulatory fines

Q25: Please assign a total value, in monetary terms, of each of these losses in 2009.(Means shown)

Cyber attack response

67%

44%

37%

32%

23%

0% 20% 40% 60% 80% 100%

Security software vendor site

Consultant, outsource vendor or reseller/VAR

Media

Blogs

Peers

Q26: When you have sustained a cyber attack, where do you go to find information about that type of attack and on how to respond?

(Mark all that apply)

Changing protection

15%

33%

39%

11%

2%

0% 10% 20% 30% 40% 50%

Significantly easier

Somewhat easier

Neither easier nor harder

Somewhat harder

Significantly harder

Q27: How has protecting your computing systems changed over the past 12 months?

Endpoint Security

Endpoint vulnerabilities

18%14% 11%

18% 18%12% 12%

23%25%

26%

28% 28%

26% 26%

17% 21%

31%

23% 26%35% 36%

31% 31%

27% 27% 26% 22% 23%

11% 10%4% 5% 4% 5% 4%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Windows-based desktop PCs

Windows-based laptops

Tablets like the Apple iPad

Apple Mac desktops Apple Mac laptops Smart phones PDA with no phone

Q29: How vulnerable to security breaches are each of these endpoints?

1 - Extremely safe and protected 2 - Somewhat safe and protected 3 - Neutral 4 - Somewhat vulnerable 5 - Extremely vulnerable

Endpoint selection and approval

10% 9% 9% 7% 8% 9% 6%

16% 18% 17% 19% 16% 15% 16%

26%21%

27%

16%23% 24%

20%

17%

17%

19%

19%

18% 18%21%

31%36%

28%

41%36% 35% 37%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

PDA with no phone Apple Mac desktops Smart phones Windows-based desktop PCs

Apple Mac laptops Tablets like the Apple iPad

Windows-based laptops

Q30: What is your company policy for each of the following endpoints in terms of who selects/approves devices that can be used on your

network?

1 - Completely employee selected 2 - Mostly employee selected

3 - Joint effort, input from employee and company 4 - Mostly company selected

5 - Complete company selected

Endpoint selection and approval

12% 11% 8% 8% 6% 7% 7%

11% 8%6% 5% 7% 6% 4%

17% 17%

15% 15% 17% 17% 17%

21% 16%

19%15% 20% 20% 15%

39% 39%45%

49% 49% 50% 46%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Smart phones PDA with no phone Apple Mac laptops Apple Mac desktops Windows-based laptops

Windows-based desktop PCs

Tablets like the Apple iPad

Q31: Regardless of your actual policy, in practice what percentage of your endpoints was selected by your employees vs. by the company?

1 - Completely employee selected 2 - Mostly employee selected

3 - Joint effort, input from employee and company 4 - Mostly company selected

5 - Completely company selected

Employee-selected endpoints

5% 6% 7% 5% 5% 4%

18% 17% 15% 15% 16%12%

37% 40%38% 37% 35%

35%

26% 25%

24% 26%28%

30%

13% 12%17% 16% 17% 19%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Installation Purchasing Security Endpoint management Training Productivity

Q31b: What is the impact of employee-selected endpoints to your organization?

1 - Extremely negative 2 - Somewhat negative 3 - Neutral 4 - Somewhat positive 5 - Extremely positive

Employee-selected endpoints

5% 7% 7% 7% 10% 11%

22%14% 13%17% 16%

16% 17%

10%18%

29%

29% 32%34% 32%

46%

27%

27%

31% 30%27% 26%

14%36%

25%

15% 15% 14% 14%9%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Owner/upper management

Engineering Sales Marketing Staff Accounting Other (please specify)

Q32: Which types of employees are most likely to want to select their own endpoints?

1 - Extremely unlikely 2 - Somewhat unlikely 3 - Neutral 4 - Somewhat likely 5 - Extremely likely

Employee-selected endpoints

5% 4%10%

13% 13%

22%

23% 28%

36%

31%

38%

19%

28%

18%13%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Younger than 30 30 to 49 50 and older

Q33: Which employee age group is most likely to want to select their own endpoints?

1 - Extremely unlikely 2 - Somewhat unlikely 3 - Neutral 4 - Somewhat likely 5 - Extremely likely

Password protection

81%

74%

42%

35%

32%

23%

16%

0% 20% 40% 60% 80% 100%

Windows-based desktop PCs

Windows-based laptops

Apple Mac desktops

Apple Mac laptops

Smart phones

Tablets like the Apple iPad

PDA with no phone

Q34: Which of the following endpoint devices does your company insure are password protected?

Remote wipes

62%

52%

32%

28%

25%

18%

12%

0% 20% 40% 60% 80% 100%

Windows-based desktop PCs

Windows-based laptops

Smart phones

Apple Mac desktops

Apple Mac laptops

Tablets like the Apple iPad

PDA with no phone

Q35: In case of theft or accidental loss, which of the following endpoint devices can be remotely wiped clean of all information?

Endpoint security safeguards

92%

72%

40%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Antimalware Client firewalls Client intrusion-detection

Q36: Which of the following endpoint security safeguards do you use?

Incidents sustained

462

259

243

101

31

26

22

0 50 100 150 200 250 300 350 400 450 500

Windows-based desktop PCs

Windows-based laptops

Apple Mac desktops

Apple Mac laptops

PDA with no phone

Tablets like the Apple iPad

Smart phones

Q37: Worldwide, how many incidents/attacks have you sustained against each of these endpoints in the past 12 months?

(Asked only of those who use each endpoint)

Remediating attacks

7.9

7.27

7

6.96

6.88

6.09

6.07

0 1 2 3 4 5 6 7 8 9

Windows-based desktop PCs

Windows-based laptops

PDA with no phone

Apple Mac laptops

Tablets like the Apple iPad

Smart phones

Apple Mac desktops

Q38: What is the average time spent by your company (or consultants on behalf of your company) remediating attacks on each of these

endpoints for a single attack?(Means shown)

Improper configurations

26%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Mean

Q39: What percentage of the aforementioned attacks was the result of improper configurations such as missed OS patches, incorrect security

settings, out of date virus profiles, etc.?

Lost and stolen devices

26.88

23.57

22.23

21.55

20.55

19.96

18.63

0 5 10 15 20 25 30

PDA with no phone

Windows-based laptops

Apple Mac desktops

Tablets like the Apple iPad

Windows-based desktop PCs

Smart phones

Apple Mac laptops

Q40: How many of each of these mobile devices are lost or stolen worldwide within your organization annually?

(Means shown)

Windows 7

18%

28%

15%

9%

8%

13%

9%

0% 10% 20% 30% 40% 50%

No plans to upgrade to Windows 7 at this time

We are currently discussing if and when we will upgrade to Windows 7

We plan to upgrade after Windows 7 SP2 is released

We plan to upgrade after Windows 7 SP1 is released

We plan to upgrade to the current version of Windows 7

We are currently in the process of upgrading to Windows 7

We have already upgraded to Windows 7

Q41: What are your plans for Windows 7?

Windows 7

21%

46%

29%

3%

1%

0% 10% 20% 30% 40% 50%

Significantly improve security

Somewhat improve security

Neither improve nor worsen security

Somewhat worsen security

Significantly worsen security

Q42: How do you think Windows 7 will affect endpoint security?

Confidential/proprietary data

36%

38%

22%

4%

1%

0% 10% 20% 30% 40% 50%

Extremely concerned

Somewhat concerned

Neutral

Somewhat unconcerned

Extremely unconcerned

Q43: How concerned are you regarding the loss of confidential/proprietary data?

Confidential/proprietary data

Yes42%

No58%

Q44: Have you lost confidential/proprietary data in the past?

Confidential/proprietary data

24%

21%

19%

13%

12%

12%

0% 10% 20% 30% 40% 50%

Outsider illegally took data

Insider accidentally lost data

Insider illegally took data

Partner company accidentally lost data

Partner company illegally took data

Broken business process exposed confidential information

Q45: What percentage of your past losses of confidential/proprietary data have come from each of the following areas?

(Means shown)

Consequences of data loss

46%

40%

40%

38%

28%

27%

25%

21%

20%

5%

0% 10% 20% 30% 40% 50%

Lost revenue

Damaged brand reputation

Direct financial cost

Loss of customer trust/damaged customer relationships

Litigation costs

Lost productivity

Loss of organization, customer or employee data

Costs to comply with regulations after a data loss incident

Regulatory fines

Reduced stock price

Q46: What have been the consequences of data loss to your organization?

(Mark all that apply.)

Messaging/Collaboration Security

Email systems

76%

38%

30%

0% 20% 40% 60% 80% 100%

Client-Server corporate email system

Web-based consumer mail system

SaaS corporate email system

Q47: What kind of email systems are used within your organization?(Mark all that apply.)

Email systems

82%

20%

10%

0% 20% 40% 60% 80% 100%

Microsoft Exchange

IBM Lotus Domino

Other (Please specify)

Q48: Which client-server corporate email system(s) do you use?

Email systems

45%

35%

20%

17%

16%

0% 10% 20% 30% 40% 50%

Google Business Email

Cisco WebEx

Other (Please specify)

SaaS option offered by your ISP

LotusLive iNotes

Q49: Which SaaS corporate email system(s) do you use?

Email systems

52%

45%

41%

16%

11%

0% 20% 40% 60% 80% 100%

Gmail

Yahoo! Mail

Windows Live Hotmail

Other (Please specify)

AOL Mail

Q50: Which web email system(s) do you use?

Collaboration systems

71%

25%

17%

0% 20% 40% 60% 80% 100%

Microsoft SharePoint

IBM Lotus Domino/Notes

Other (Please specify)

Q51: What kind of collaboration systems are used within your organization?

(Mark all that apply.)

Instant messaging

41%

35%

34%

17%

17%

17%

9%

8%

5%

3%

0% 10% 20% 30% 40% 50%

Windows Live Messenger

Yahoo!

Google Talk

Other (Please specify)

AIM (AOL Instant Messenger)

Microsoft Office Communications Server (OCS)

ICQ

IBM Lotus Sametime

QQ

OCS

Q52: What Instant Messaging (IM) systems are used officially within your organization?

Social media tools

45%

51%

39%

59%

50%

46%

38%

35%

39%

34%

0% 20% 40% 60% 80% 100%

Microblogging

Blogs

Podcasts

Social networking sites

Multimedia sharing sites

Q53: Which of the following social media tools are used within your organization?

Unofficially (for personal use)

Officially (for business use)

Social networking

37%

61%

47%

10%

46%

41%

25%

3%

0% 20% 40% 60% 80% 100%

LinkedIn

Facebook

MySpace

Other (Please specify)

Q54: Which social networking sites are used within your organization?

Unofficially (for personal use)

Officially (for business use)

Security threats

5% 5% 6% 5% 7% 6% 6% 5% 7%

11%15% 10% 13%

14% 13% 13% 15% 13%

34%31% 38%

38%37% 42%

44% 45% 47%

36% 34% 30%31% 32% 28%

26% 25%24%

15% 15% 17%13% 11% 12% 10% 10% 8%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Web-based consumer email

Client-server corporate email

systems

Social networking sites

Instant messaging

SaaS corporate email systems

Microblogging Blogs Corporate collaboration

suite

Podcasts

Q55: How would you rate the security threat for each messaging/collaboration tool?

1 - Extremely low 2 - Somewhat low 3 - Neutral 4 - Somewhat high 5 - Extremely high

Messaging/collaboration tools

137

121

105

82

44

43

40

33

25

0 20 40 60 80 100 120 140 160

SaaS corporate email systems

Client-server corporate email systems

Instant messaging

Web-based consumer email

Social networking sites

Microblogging

Blogs

Podcasts

Corporate collaboration suite

Q56: How many individual security incidents have you experienced worldwide within your organization for each of these messaging/collaboration tools in the past 12 months?

(Means shown)

Messaging/collaboration tools

17% 15% 16% 17% 16% 19% 21%

33%24%

29%28% 26%

33%28%

39% 35%

41%

38%

40% 44% 46%

39%46%

33% 37%

22%

34%

10% 10% 9% 9% 8% 7% 6% 3% 3%4% 2% 3% 2% 2% 1% 1% 1% 1%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Social networking sites

Microblogging Blogs Instant messaging

Podcasts Web-based consumer email

Corporate collaboration

suite

Client-server corporate email

systems

SaaS corporate email systems

Q57: How well-protected are you for each of these messaging/collaboration tools?

1 - Extemely protected 2 - Somewhat protected 3 - Neutral 4 - Somewhat unprotected 5 - Extremely unprotected

Backup, Recovery, and Archiving

Backup/archiving solutions

0% 1% 1%2%5% 7%

8%

12%17%

21%

20%

23%

69%62%

53%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Backup and recovery of data Backup and recovery of systems Archiving

Q58: What is your status regarding the following solutions in your organization?

1 - Not sure what this solution does 2 - Not installed and no plans to do so 3 - Discussing 4 - Implementing 5 - Already installed

Data backup

47%

31%

16%

6%

0%

1%

0%

0% 10% 20% 30% 40% 50%

Never

Daily

Weekly

Monthly

Quarterly

Annually

Once in a long while

Q59: How often does your company back up its data?

Data backup

63%

42%

35%

27%

17%

1%

0% 20% 40% 60% 80% 100%

Network storage (hard disk)

Portable hard disk

Tape

DVDs or BluRay

We store data online with a service provider

Other (Please specify)

Q60: Where do you store your information once you back up your files?(Mark all that apply.)

Data backup

72%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Mean

Q61: What percentage of company/customer information on your computer is regularly backed up?

Deduplication

13%

22%

28%

32%

4%

0% 10% 20% 30% 40% 50%

Not installed and no plans to do so

Discussing

Implementing

Already installed

Not sure what this solution does

Q62: What is the status of your company's use of "deduplication" technology?

Backup recovery

16.87

0

2

4

6

8

10

12

14

16

18

Mean

Q62b: In the past 12 months, how many times have you needed to recover one or more files from your backup media?

Backup recovery

5.37

0

1

2

3

4

5

6

Mean

Q63: In the past 12 months, how many times has the recovery process failed?

Backup recovery

74%

45%

32%

0% 20% 40% 60% 80% 100%

Lost productivity

Financial loss

Embarrassment

Q64: What were the consequences of these recovery failures?(Mark all that apply.)

Backup applications

22%

15%

12%

10%

10%

9%

8%

5%

4%

3%

3%

0% 10% 20% 30% 40% 50%

Microsoft Data Protection Manager

Symantec Backup Exec

Symantec Backup Exec System Recovery

HP Data Protector

Other (Please specify)

IBM Tivoli Storage Manager

Symantec NetBackup

EMC Networker

CA ARCserve

EMC Avamar

CommVault Simpana

Q65: What application do you use for backup?

Data backup

39%

15%

15%

15%

8%

6%

0%

0% 10% 20% 30% 40% 50%

Never occurred to us to do so

Our data is not that critical to our business

Not a priority

Lack of skills/unqualified personnel

Lack of resources

Lack of time

Other (Please specify)

Q66: Why don't you back up your data?

Archiving

4%8% 7% 9%

31%

43% 48%48%

65%

50%45% 43%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Moving files off primary storage to another hard disk for long-term

storage

Providing tools to facilitate the recovery of archived information for

eDiscovery requests

Deduplication/compression Active management of the archived information

Q67: Which of the following features are needed for an archiving system to be complete?

1 - Not required, not necessary 2 - Optional, but nice to have 3 - Required

Archiving

50%

48%

3%

0% 20% 40% 60% 80% 100%

We use our backup software

We use software designed specifically for archiving

Other (Please specify)

Q68: What do you use to archive information in your organization?

Archiving

33%

15%

15%

10%

7%

6%

6%

5%

4%

1%

0% 10% 20% 30% 40% 50%

Microsoft Exchange

Symantec Enterprise Vault

Other (Please specify)

IBM CommonStore

CommVault Simpana

Autonomy Zantaz EAS

EMC EmailXtender

EMC Source One

Autonomy/Zantaz Digital Safe

Mimosa NearPoint

Q69: Which archiving solution do you use?

Backup vs. Archiving solutions

52%

47%

42%

34%

17%

3%

0% 20% 40% 60% 80% 100%

I can use existing staff/resources

It is good enough

Using my backup solution doesn't require new training

Cost issues

Takes less time

Other (Please specify)

Q70: Why do you use backup software for your archiving needs instead of a specific archiving solution?

Disaster Preparedness

Natural disasters

Yes52%

No48%

Q71: Is your region susceptible to natural disasters?

Disaster preparedness

13%

30%

18%

15%

15%

8%

0% 10% 20% 30% 40% 50%

We don't have one.

We have a general plan, but it is informal or undocumented.

We have a written plan, but it needs work.

We have a written plan that is "average."

We have a written plan that is "pretty good."

We have a written plan that is "excellent."

Q72: What is the state of your data center's disaster preparedness plan (actions taken during an event)?

Disaster preparedness

36%

25%

25%

24%

19%

8%

0% 10% 20% 30% 40% 50%

Not a priority

Never occurred to us to have one

Our computer systems are not that critical to our business

Lack of resources

Lack of skills/unqualified personnel

Other (Please specify)

Q73: What has kept you from developing a plan or formal process to deal with outages or disruptions to your computer resources?

(Mark all that apply.)

Disaster recovery

64%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Mean

Q74: How confident are you in your organization's disaster recovery plan?

Disaster recovery testing

18%

12%

18%

15%

7%

15%

3%

5%

3%

3%

1%

0% 10% 20% 30% 40% 50%

Never

Every few years

Once a year

Twice a year

3 times a year

Quarterly

Every other month

Monthly

Twice a month

Weekly

More than weekly

Q75: How often do you test your DR plan?

Disaster declarations

6.69

0

1

2

3

4

5

6

7

8

Mean

Q76: How many times have you had to declare a disaster and perform recovery operations at a recovery site in the past five years?

Disaster causes

53%

37%

29%

25%

22%

13%

12%

10%

10%

9%

9%

5%

3%

3%

2%

0% 20% 40% 60% 80% 100%

Power failure

Computer hardware failure

Network failure

Computer software failure

User/operator error

Malicious employee behavior

Flood

Winter storm

Fire

Hurricane

Data leakage or loss

Earthquake

Terrorism or war

Tornado

Chemical spill

Q77: What were the causes of these disasters?(Mark all that apply.)

Disaster recovery

3%

11%

33%

32%

21%

0% 10% 20% 30% 40% 50%

Significantly poorly

Somewhat poorly

Neutral

Somewhat well

Significantly well

Q78: In general, how well did your disaster recovery plan work?