1. 2010 Corporate End User Study
Small Business Findings
Classification 03/28/13 Copyright 2009 Trend Micro Inc. 1

2. Methodology
• 1,600 surveys in total, 400 corporate computer end-users were
surveyed online per country in four countries: U.S., Japan,
Germany and U.K, during March 2010.
• Qualification Criteria:
– Full-time employed, with e-mail and Internet access at work
– Use computers over 5 hours per week at work
• Quotas were set by size and type of computer as follows:
– 25% (n=100) large company, use desktop or workstation most often
– 25% (n=100) large company, use a laptop or notebook most often
– 25% (n=100) smaller company, use desktop or workstation most often
– 25% (n=100) smaller company, use a laptop or notebook most often
• In the US, UK and Germany, the split between large and smaller
company was made at 500 employees. In Japan, the split was
made at 250 employees.
Copyright 2009 Trend Micro Inc.

3. Seriousness of Computer Security Threats
• Viruses, Trojans and data stealing malware are considered the most serious
security threats among corporate workers in small businesses.
Country Total
Sample size, n= Varies by Threat
Viruses 63%
Trojans 60%
Data Stealing Malware 59%
Data Leakage 56%
Spyware 55%
Fake Antivirus or Rogue Antivirus 52%
Phishing 48%
Spam 40%
Q: How serious of a threat do you think each of the following are to you at work? A: Top 2 Box on 5 point scale (5= “very serious”) Base: Users aware of each type of threat.
Copyright 2009 Trend Micro Inc.

4. Company Policies to Prevent Data Leakage
• In all countries, large organizations are significantly more likely to have preventative
policies in place than small companies.
Company Policy f or Dat a Leak age
by Size of Company
Small Large 
90%
  81%
80%
69%
 71% 
70%
61% 60%
60%  
   48% 47%
50% 46% 44% 44%
40%
30%
20%
10%
0%
Total US UK Germany Japan
Q: Does your company currently have a policy for preventing data leakage?
 indicate significantly significant differences between countries or between small and large companies within countries. (z-test/t-test at 95% confidence interval).
Copyright 2009 Trend Micro Inc.

5. Training to Prevent Data Leakage
• For those small businesses that have preventive data leak policies in place,
employees in large companies are also significantly more likely to have received
training on data leak prevention than those in small companies.
Have you been t r ained on t he dat a
leak age policy?
Small Large
80% 
70%
70%
61% 
60%
50%

39%
40%
30% 
30%
20%
10%
0%
Yes No
Q: Have you been trained on the policy for data leakage prevention? Base: End users in companies with a data leakage policy.
 indicate significantly significant differences between countries or between small and large companies within countries. (z-test/t-test at 95% confidence interval).
Copyright 2009 Trend Micro Inc.

6. Knowledge of Company Data
• In the UK, end users in large companies are significantly more likely to indicate
knowledge of confidential information than those in smaller companies.
Know ledge of Company Dat a
by Size of Com pany
Small Large

80%
73%
70% 
70%
63% 65%
61% 62%
60%
50%
40%
40%
33%
30%
20%
10%
0%
US UK Germany Japan
Q: Do you know what type of company data is confidential and proprietary?
 indicate significantly significant differences between size brackets or between desktop and laptop users within countries. (z-test/t-test at 95% confidence interval).
Copyright 2009 Trend Micro Inc.

7. Seriousness of Computer Security Threats:
US
• End users in the large US companies are significantly more likely to indicate data
leakage as a serious threat than those in smaller companies.
By Size of Com pany
69%
Viruses
69%
69%
Trojans
64%
Data Stealing 62%
Malware 68%
Fake Antivirus or 61%
Rogue Antivirus 64%
58%
Spyware
59%
49% 
Data Leakage
74% 
48%
Phishing
53%
Small
39%
Spam
42% Large
0% 20% 40% 60% 80%
Q: How serious of a threat do you think each of the following are to you at work? A: Top 2 Box on 5 point scale (5= “very serious”) Base: Users aware of each type of threat.
 indicate significantly significant differences between size brackets or between desktop and laptop users within countries. (z-test/t-test at 95% confidence interval).
Copyright 2009 Trend Micro Inc.

8. Leakage of Company Confidential Data – Other
Employees
• Data leakage by other employees is more widely believed in large organizations in
all countries.
Have ot her employees leak ed dat a?
by Size of Company
Small Large

30%
27%
25%

22%
20%  
 16% 16%
15%
15%

10% 
10% 
7% 7%
5%
0%
US UK Germany Japan
Q: Do you believe other employee have leaked company confidential or proprietary information outside of company?
 indicate significantly significant differences between countries on left chart or between small and large companies within countries. (z-test/t-test at 95% confidence interval).
Copyright 2009 Trend Micro Inc.

9. Small Business IT Departments: Data
Stealing Malware
• The most prevalent form of IT protection from data stealing malware is installing
security software, followed by restricting Internet access and issuing security policies.
• Japanese small company end users are more likely to indicate their IT department can
do a better job protecting them from Data Stealing malware than those in the U.K.
• Overall more than one third of the small company employees indicated their IT
department can do a better job educating them about Data Stealing Malware. In the
U.K. and Japan, this percentage rises to almost 40%.
Country US UK Germany Japan Total
Sample size, n= 101 141 148 58 448
What does your IT dept do to ensure
protection?
Install security software 47% 62% 61% 59% 58%
Restrict Internet access 29% 36% 29% 34% 32%
Issue security policies/Internet usage guidelines 30% 32% 34% 28% 32%
Provide troubleshooting help 26% 28% 37% 14% 29%
Offer education and guidance 28% 26% 15% 17% 21%
IT Department can do a better job protecting
21% 14% 21% 38% 21%
me
IT Department can do a better job educating me 30% 39% 34% 41% 35%
Q: What does your IT department do to ensure that you are protected from the threats or dangers of each? Data Stealing Malware
Q: For which of the following threats do you believe your IT department can do a better job of protecting you/educating you?
 indicate statistically significant differences between countries. (z-test/t-test at 95% confidence interval).
Copyright 2009 Trend Micro Inc.

10. Small Business IT Departments: Data
Stealing Malware
• The most prevalent form of IT protection from data stealing malware is installing
security software, followed by restricting Internet access and issuing security policies.
• Japanese small company end users are more likely to indicate their IT department can
do a better job protecting them from Data Stealing malware than those in the U.K.
• Overall more than one third of the small company employees indicated their IT
department can do a better job educating them about Data Stealing Malware. In the
U.K. and Japan, this percentage rises to almost 40%.
Country US UK Germany Japan Total
Sample size, n= 101 141 148 58 448
What does your IT dept do to ensure
protection?
Install security software 47% 62% 61% 59% 58%
Restrict Internet access 29% 36% 29% 34% 32%
Issue security policies/Internet usage guidelines 30% 32% 34% 28% 32%
Provide troubleshooting help 26% 28% 37% 14% 29%
Offer education and guidance 28% 26% 15% 17% 21%
IT Department can do a better job protecting
21% 14% 21% 38% 21%
me
IT Department can do a better job educating me 30% 39% 34% 41% 35%
Q: What does your IT department do to ensure that you are protected from the threats or dangers of each? Data Stealing Malware
Q: For which of the following threats do you believe your IT department can do a better job of protecting you/educating you?
 indicate statistically significant differences between countries. (z-test/t-test at 95% confidence interval).
Copyright 2009 Trend Micro Inc.