Global Survey Quantifies Exploding Cybersecurity Initiatives
Cybersecurity represents one of the fastest growing industries in the world, if not the fastest, as Internet commerce expands, and online data becomes more exposed to cyber attack. The cost of cybersecurity is estimated to be in the billions of dollars.
PriceWaterhouseCoopers (PwC) LLP quantified the business and government investment in cybersecurity in a recent survey, Global State of Information Security 2016. The survey examines cybersecurity initiatives by business and government organizations in the last few years.
The survey is a global initiative of PwC, CISO, and CSO. It was conducted online from May 7, 2015 to June 12, 2015. The report is based on responses from more than 10,000 CEOs, CFOs, CIOs, chief information security officers (CISOs), chief security officers (CSOs), vice presidents and directors of IT and security organizations from 127 nations.
The study includes charts on cybersecurity incidents, investments, safeguards, leadership and other results.
Investment Takes Many Forms
Business and government organizations are undertaking numerous initiatives to improve cybersecurity systems.
Online security risks are causing business and government to adopt new technologies such as cloud-enabled cybersecurity, “Big Data” analytics and advanced authentication measures.
Collaborative approaches include sharing intelligence on threats and response techniques. Organizations are reconsidering key executive and board of director roles to provide more resilient and proactive security measures.
The vast of survey respondents, 91%, use a risk-based cybersecurity framework. Most said they follow ISO 27001 guidelines, the U.S. National Institute of Standards and Technology (NIST) Cybersecurity Framework and SANS Critical Controls. Such guidelines enable organizations to identify and prioritize threats quickly and reduce risks.
By adopting a risk-based framework, organizations can better communicate and collaborate on security measures both internally and externally. Such a framework can help an organization design and measure goals.
An even larger majority, 96%, use cloud-based cybersecurity services. Providers have invested in advanced technologies for privacy, data protection, network security and identity management. Many have also provided capabilities to enable intelligence gathering. This allows them to better prevent attacks and improve response.
Sixty-nine percent of the respondents have cloud-based security to protect data and better ensure privacy. They further entrust a range of services to the cloud such as real-time monitoring/analytics, identity and access management, and advanced authentication.
How Big Data Plays a Role
Fifty-nine percent of respondents leverage Big Data to improve cybersecurity. Big Data analytics can model and track cybersecurity threats. The analytics also allow organizations to respond to incidents and yield audit data to better understand how data can be used.
A data-based approach can transfer cybersecurity from perimeter-based defenses. This can enable an organization to use real-time data to predict incidents. Data-based approaches enable organizations to better comprehend anomalous network actions and respond faster.
Some organizations combine Big Data with existing security and event management systems to create a better view of activity within their networks. Others use data analytics to identify and track employee use patterns and improper access.
Collaboration Becomes More Important
Sixty-five percent of survey respondents collaborated with other parties in 2015 to improve cybersecurity, marking a significant gain over 2013 when 50% noted doing this.
Organizations taking this action cite specific benefits. Most say such collaboration gives them more actionable data from peer organizations, in addition to information from law enforcement and government agencies. Many say such sharing improves awareness of threats.
Organizations that do not collaborate cite a lack of a data-sharing framework and data formats that are compatible. Another vulnerability cited by these organizations is not communicating updates at network speed.
Security Executives Assume A Bigger Role
A positive finding the survey cited is that top security executives and board members are playing more prominent roles in organizations.
Fifty-four percent have a CISO to oversee security while 49% have a CSO. Top security executive roles have expanded. The CISO of today should have expertise in risk management, corporate governance and business in addition to security.
This year marked a double-digit increase in board of director involvement in data security. Such involvement improves cybersecurity measures. Forty-six percent of respondents noted the board participates in security budgets. Outcomes attributed to this involvement include higher security spending, key risk identification, fostering a culture of security, and closer alignment of data security with business goals and risk management.
Financial Services Takes Center Stage
One of the more positive findings is that financial services respondents reported slightly fewer cybersecurity incidents in 2015. At the same time, these organizations increased data security budgets over the prior year. The study examined how financial services companies address challenges such as third-party partners’ security capabilities, growing use of apps and mobile devices, and an increase in foreign nation-state attacks, organized crime and hackers.
Such companies are upgrading security systems with cloud-based services, biometrics, advanced authentication and Big Data analytics. These firms ranked security capabilities of third-party service providers as a leading challenge in data security measures.
Some financial sector companies are upgrading cooperation with third party providers through risk-based frameworks. Such guidelines can enable organizations to exchange information more easily with third party partners and can relay concerns about services.
The use of apps and mobile devices for consumer banking has increased, and to better secure these interactions, respondents cited security of mobile devices as a top 2015 spending priority. One way they are addressing this risk is through advanced authentication.
Financial sector companies noted organized crime groups and foreign nation states are working together on cyber attacks. Many financial companies are using Big Data analytics to monitor covert threats to better comprehend security risks.
Cybersecurity Impacts Many Industries
Other industry sectors impacted by cybersecurity include: retail and consumer; life science and pharmaceuticals; power and utilities; automotive; entertainment, media and communications; health care payers and providers; industrial products; oil and gas; public sector; technology; and telecommunications.
• In 2015, there were 38% more security incidents than in 2014.
• Theft of “hard” intellectual property grew 56% in 2015.
• Survey respondents increased information security budgets in 2015 by 25%.
• 58% of respondents have an information security function.
• 53% have an employee training and awareness program.
• 52% have third party security base-line standards.
• 49% do threat assessments.
• 48% have active monitoring and analysis of security intelligence.
• 59% have cybersecurity insurance.
Images from Shutterstock and PricewaterhouseCoopers.