Spyware on corporate computers causes serious network downtime at more than one-quarter of small and midsize businesses (SMBs), with each incident costing an average of 2.5 days to resolve. A computer-technology association counsels CIOs to look at spyware as a serious business issue rather than a technology issue, and make safe-computing education a C-level initiative.
The Computing Technology Industry Association (CompTIA), which offers IT training and certifications, researched the impact that spyware has on SMBs, which it defines as firms with 10-200 PC users.
More than 25 percent of end users reported their productivity was affected by a spyware infection (everything from pop-up windows to major data-breach threats) in the last six months, and more than a third of those users had been infected multiple times. Some of them were infected 10 times or more in that period.
20 Lost Hours Per Incident
"What was surprising and troubling is how much trouble a single incident of spyware can cause a company," said Stephen Ostrowski, director of communications for CompTIA. "We found it takes 2.5 days, or 20 hours, from the time of the spyware infection to the time the computer is scrubbed and clean and running efficiently again." The report estimates the cost of spyware infections for SMBs at more than $8,000 a year, not counting lost revenue.
Perhaps even more troubling was that the IT professionals said they received reports of only 4.5 incidents of spyware problems per 100 users -- far less than the end users reported to researchers. "Sometimes there's a lag in reporting spyware problems," Ostrowski said. "People don't report problems because they're not aware of one, or they're afraid they're going to get in trouble."
The report noted that users wait an average of 18 work hours before seeking help (13 percent waited a week or more), after which it can take hours to correct. "That's a lot of lost productivity," Ostrowski said. "Now multiply that by 20 percent or so of your workforce, and that's a lot of lost time."
CIO Initiatives Needed
Ostrowski said the study highlights the lack of proper safe-computing education for users within SMBs as well as large enterprises. "Fewer than 30 percent of companies offer safe-computing education for employees," he noted. However, that is not going to be easily changed by the IT department, he added. Rather, it's an issue that needs to be addressed higher up in the corporate hierarchy.
Safe-computing education and training needs to come "not from the IT staff but from the C-level executives down to the administrators, employees, anyone who's on the network communicating via a PC or wireless or PDA," Ostrowski said.
The CompTIA report, "Making the Case for Managed Services: The Business Impact of IT Problems at SMBs," comprised two studies. The first was with 200 IT professionals, the second with 537 SMB end users with no IT responsibilities. Interviewees came from a range of industries, including health care, financial services, and professional services in the U.S. and Canada.