Symantec 2010 SMB Information Protection Survey Global Data

2 downloads 215 Views 5MB Size Report
Symantec 2010 SMB Information Protection Survey - Global: June 2010. 2. CONTENTS. Executive ... EXECUTIVE SUMMARY. Small
SYMANTEC 2010 SMB INFORMATION PROTECTION SURVEY

Symantec 2010 SMB Information Protection Survey Global Data June 2010

Symantec 2010 SMB Information Protection Survey - Global: June 2010 CONTENTS Executive Summary ......................................................................3 Methodology .................................................................................4 Finding 1: SMBs serious about information protection ..................5 Finding 2: Loss of crucial business information a real threat .........6 Finding 3: Cyber attacks a real threat ...........................................7 Key Recommendations .................................................................8

2

Symantec 2010 SMB Information Protection Survey - Global: June 2010 EXECUTIVE SUMMARY Small and midsized businesses (SMBs) have a reputation of being somewhat lax when it comes to information protection. Symantec’s last SMB survey, for example, showed a high percentage of SMBs had failed to enact even the most basic protections. They were more focused on winning and servicing accounts than on dealing with intangible risks, such as loss of confidential information and cyber attacks, or so the thinking went. That’s why the Symantec 2010 SMB Information Protection Survey is so surprising. It turns out that in the last 15 months, SMBs have become extremely aware of and focused on information protection. Most of IT’s time and a lot of money are now spent on this area, and with good reason, as they are facing increased risks to their confidential information—including bank account numbers, credit card information and customer and employee records. This year’s survey sheds light on precisely the risks SMBs are facing, what they are doing about it and how much it is costing them. It also provides some simple steps SMBs can take to improve their information protection footing.

3

Symantec 2010 SMB Information Protection Survey - Global: June 2010 METHODOLOGY Applied Research fielded the survey by telephone in May of 2010. They targeted small and midsized businesses (SMBs) in 28 countries. The respondents came from two groups:  

Small Businesses (10 – 99 employees) Midsized Businesses (100 – 499 employees)

The survey respondents came from a wide variety of industries and included a mix of company owners, managers, computer staff and computer consultants.

4

Symantec 2010 SMB Information Protection Survey - Global: June 2010 FINDING 1: SMBs are serious about information protection The survey’s first finding is that SMBs are deeply serious about protecting their business information. This is in stark contrast to the previous Symantec SMB survey 15 months ago when a high percentage of SMBs had failed to enact even the most basic safeguards. When asked to rank various business threats, SMBs placed data loss and cyber attacks as their top two risks, eclipsing traditional criminal activity, natural disasters and terrorism. Furthermore, they rated computer security, backup-recovery and archiving and disaster preparedness as the top areas they planned to improve over the next 12 months. These were rated higher than traditional IT improvement areas such as improving computing performance, increasing data storage capacity or even reducing computing costs. Finally SMBs spend two thirds of IT’s time and US $51,000 annually on information protection. This is double the time and 27.5 percent more money than they spend on other computing tasks.

5

Symantec 2010 SMB Information Protection Survey - Global: June 2010 FINDING 2: Crucial business information loss a real threat Secondly, we found that the threat of losing critical business information is a real risk for SMBs. In fact, three quarters are somewhat/extremely concerned about this risk and 42 percent have actually lost confidential or proprietary information in the past. In all cases, companies who lost business information experienced some sort of loss, such as lost revenue or direct financial losses. Finally, lost devices are a big problem for SMBs. Most (62 percent) lost at least one mobile device in the past 12 months (a laptop, PDA, smart phone, etc.). All companies surveyed had at least some devices that, if lost, have no password protection and cannot be remotely wiped of data.

6

Symantec 2010 SMB Information Protection Survey - Global: June 2010 FINDING 3: Cyber attacks a real threat The survey’s final finding is that SMBs are finding cyber attacks to be a potent threat. Fully three quarters were hit by cyber attacks in the past year. Further, these attacks are taking their toll with 30 percent rating the attacks as somewhat/extremely effective. As a result, all SMBs saw tangible losses last year, chiefly downtime, theft of corporate data or theft of customer or employee personally identifiable information. The leading direct costs experienced as a result were the loss of productivity, revenue and direct financial costs. In fact, the average annual cost of these cyber attacks was US $188,242.

7

Symantec 2010 SMB Information Protection Survey - Global: June 2010 SYMANTEC RECOMMENDATIONS Clearly, SMBs recognize how important information protection is. Thankfully, there are simple steps they can take that will help protect their information. 1. Educate employees: Develop Internet security guidelines and educate employees about Internet safety, security and the latest threats. Part of the training should focus on the importance of regularly changing passwords and protecting mobile devices. 2. Safeguard important business information: Safeguarding information is critical to businesses of all sizes and SMBs are facing increased risks to their confidential information. One data breach could mean financial ruin for an SMB. Implement a complete protection solution to ensure proprietary information— whether its credit card information, customer data or employee records— is safe. 3. Implement an effective backup and recovery plan: Protecting information is more than implementing an antivirus solution. Backup and recovery is a critical component of complete information protection to keep SMBs’ desktops, servers and applications running smoothly in case of disruption—whether it’s a flood, an earthquake, a virus or a system failure. One outage could mean customer dissatisfaction and costly downtime, which could be catastrophic to the business. 4. Secure email and web assets: Select a mail and Web security solution that can help mitigate spam and email threats so SMBs can protect sensitive information and spend more time on dayto-day activities. Spammers and phishers will use current events and social engineering tactics to get users to give up personal information such as credit card and bank information.

8

Symantec 2010 SMB Information Protection Survey - Global: June 2010 APPENDIX All questions included.

9

Symantec 2010 SMB Information Protection Survey - Global: June 2010

10

Symantec 2010 SMB Information Protection Survey - Global: June 2010

11

Symantec 2010 SMB Information Protection Survey - Global: June 2010

12

Symantec 2010 SMB Information Protection Survey - Global: June 2010

13

Symantec 2010 SMB Information Protection Survey - Global: June 2010

14

Symantec 2010 SMB Information Protection Survey - Global: June 2010

15

Symantec 2010 SMB Information Protection Survey - Global: June 2010

16

Symantec 2010 SMB Information Protection Survey - Global: June 2010

17

Symantec 2010 SMB Information Protection Survey - Global: June 2010

18

Symantec 2010 SMB Information Protection Survey - Global: June 2010

19

Symantec 2010 SMB Information Protection Survey - Global: June 2010

20

Symantec 2010 SMB Information Protection Survey - Global: June 2010

21

Symantec 2010 SMB Information Protection Survey - Global: June 2010

22

Symantec 2010 SMB Information Protection Survey - Global: June 2010

23

Symantec 2010 SMB Information Protection Survey - Global: June 2010

24

Symantec 2010 SMB Information Protection Survey - Global: June 2010

25

Symantec 2010 SMB Information Protection Survey - Global: June 2010

26

Symantec 2010 SMB Information Protection Survey - Global: June 2010

27

Symantec 2010 SMB Information Protection Survey - Global: June 2010

28

Symantec 2010 SMB Information Protection Survey - Global: June 2010

29

Symantec 2010 SMB Information Protection Survey - Global: June 2010

30

Symantec 2010 SMB Information Protection Survey - Global: June 2010

31

Symantec 2010 SMB Information Protection Survey - Global: June 2010

32

Symantec 2010 SMB Information Protection Survey - Global: June 2010

33

Symantec 2010 SMB Information Protection Survey - Global: June 2010

34

Symantec 2010 SMB Information Protection Survey - Global: June 2010

35

Symantec 2010 SMB Information Protection Survey - Global: June 2010

36

Symantec 2010 SMB Information Protection Survey - Global: June 2010

37

Symantec 2010 SMB Information Protection Survey - Global: June 2010

38

Symantec 2010 SMB Information Protection Survey - Global: June 2010

39

Symantec 2010 SMB Information Protection Survey - Global: June 2010

40

Symantec 2010 SMB Information Protection Survey - Global: June 2010

41

Symantec 2010 SMB Information Protection Survey - Global: June 2010

42

Symantec 2010 SMB Information Protection Survey - Global: June 2010

43

Symantec 2010 SMB Information Protection Survey - Global: June 2010

44

Symantec 2010 SMB Information Protection Survey - Global: June 2010

45

Symantec 2010 SMB Information Protection Survey - Global: June 2010

46

Symantec 2010 SMB Information Protection Survey - Global: June 2010

47

Symantec 2010 SMB Information Protection Survey - Global: June 2010

48

Symantec 2010 SMB Information Protection Survey - Global: June 2010

49

Symantec 2010 SMB Information Protection Survey - Global: June 2010

50