Beruflich Dokumente
Kultur Dokumente
1. Main report
2. Industrial products
www.pwc.com/gsiss
Turnaround and transformation in cybersecurity: Key findings from The Global State of Information Security Survey 2016
Table of contents
Global responses to rising risks
12
13
15
18
19
21
22
24
Methodology
27
28
PwC
38%
Increase in detected
information security
incidents
Turnaround and transformation in cybersecurity: Key findings from The Global State of Information Security Survey 2016
1 IDC, Public Cloud Computing to Reach Nearly $70 billion in 2015 Worldwide, According to IDC, July 21, 2015
PwC
Reclaiming cybersecurity
through innovation
The rewards of riskbased frameworks
91%
Have adopted
a risk-based
cybersecurity
framework
49%
47%
45%
37%
32%
Turnaround and transformation in cybersecurity: Key findings from The Global State of Information Security Survey 2016
69%
Use cloud-based
cybersecurity services
Real-time
monitoring
& analytics
55%
Advanced
authentication
48%
47%
Identity &
access
management
Threat
intelligence
44%
PwC
End-point
protection
59%
Leverage Big Data
analytics for security
2 Netflix, Announcing Security Monkey-AWS Security Configuration and Monitoring, June 30, 2014
Turnaround and transformation in cybersecurity: Key findings from The Global State of Information Security Survey 2016
61%
49%
Better understanding
of external threats
Better understanding
of internal threats
41%
Better understanding
of user behavior
40%
Better visibility
into anomalous
network activity
39%
Improved ability
to quickly identify
& respond to
security incidents
PwC
Replacing passwords
with advanced
authentication
91%
Use advanced
authentication
39%
38%
45%
44%
50%
3 SecureID News, Biometrics secure next generation of mobile banking apps, July 7, 2015
4 Google, The key for working smarter, faster, and more securely, April 21, 2015
Turnaround and transformation in cybersecurity: Key findings from The Global State of Information Security Survey 2016
86%
34%
2014
2015
5 Starwood Hotels & Resorts, Starwood Hotels & Resorts Celebrates UK Launch of Keyless Check-In Through the SPG App for Apple Watch, April 24, 2015
6 IDC, Connecting the IoT: The Road to Success, June 2015
PwC
36%
Have a
security
strategy for
the Internet of Things
10
Turnaround and transformation in cybersecurity: Key findings from The Global State of Information Security Survey 2016
29%
26%
24%
13%
2014
11%
10%
2015
Mobile
devices
Embedded
systems
Consumer
technologies
Operational
systems
The real barrier is between those expectations, what privacy, legal concerns, and technology
used to mean, and what they may come to mean, said Stuart Berman of Steelcase.
7 GE Lighting, GE Unveils LED-enabled Intelligent Environments, a Glimpse into The Connected Future, May 5, 2015
PwC
11
Going mobile
with payments
This year, 57% of survey respondents
said they have adopted mobile
payment systems. While mobile
payments is already mainstream,
the ecosystem continues to rapidly
evolve as new partnerships are
formed among a constellation of
technology, financial, retail and
telecommunications firms. This
shifting environment will likely bring
unanticipated cybersecurity threats
and broaden the cyberattack vector.
Risks can result from new
technologies as well as processes,
as demonstrated during the highprofile rollout of the Apple Pay
service in the US. Some of the initial
challenges [of Apple Pay] werent
45%
45%
12
43%
42%
Turnaround and transformation in cybersecurity: Key findings from The Global State of Information Security Survey 2016
Partnering up to
sharpen cybersecurity
intelligence
As more businesses share more
data with an expanding roster of
partners and customers, it makes
sense that they also would swap
intelligence on cybersecurity threats
and responses. Indeed, over the
past three years the number of
organizations that embrace external
collaboration has steadily increased.
PwC
13
I believe ISAOs will fill certain gaps that current groups do not address and ultimately play a
valuable role in contributing to a national cybersecurity immune system, said David Burg,
Global and US Cybersecurity Leader for PwC.
14
Turnaround and transformation in cybersecurity: Key findings from The Global State of Information Security Survey 2016
56%
Share & receive
information from
industry peers
46%
Share & receive
information from
ISACs
42%
Improved threat
intelligence &
awareness
40%
Share & receive
information from
government
37%
Share & receive
information
from law
enforcement
9 European Commission, Network and Information Security (NIS) Directive, March 16, 2015
10 PwC, Insurance 2020 & beyond: Reaping the dividends of cyber resilience, September 2015
PwC
15
59%
Have purchased
cybersecurity
insurance
16
Turnaround and transformation in cybersecurity: Key findings from The Global State of Information Security Survey 2016
41%
38%
36%
31%
Incident response
17
54%
Have a CISO
in charge of
the security
program
43%
43%
41%
36%
Communicates
information security
risks & strategies
directly to executive
leaders
Approaches
information security
as an enterprise riskmanagement issue
Understands the
organizations
business issues
& competitive
environment
Collaborates with
internal stakeholders
to understand
business issues
& needs
18
Turnaround and transformation in cybersecurity: Key findings from The Global State of Information Security Survey 2016
35%
Delivers information
security risk updates
to the Board at least
four times a year
45%
Boards
participate
in the overall
security strategy.
PwC
19
40%
46%
Security
budget
2014
Overall security
strategy
36%
41%
Security
policies
30%
37%
Security
technologies
Review of
security &
privacy risks
2015
20
25%
32%
Turnaround and transformation in cybersecurity: Key findings from The Global State of Information Security Survey 2016
Due diligence of
cybersecurity in M&As
As organizations continue to grow
through mergers and acquisitions
(M&As), the cybersecurity practices
and potential liabilities of a target
company have become serious risks.
Businesses that do not adequately
assess the cybersecurity practices
and capabilities of target companies
may put themselves in jeopardy
of attack. How so? Sophisticated
cyberadversaries may infiltrate
smaller companies with less secure
cybersecurity capabilities and
wait for them to be acquired by
larger firms. When the companies
information systems are integrated,
threat actors may attempt to gain
a foothold on the networks of the
acquiring firms to carry out attacks.
PwC
21
22
Turnaround and transformation in cybersecurity: Key findings from The Global State of Information Security Survey 2016
PwC
23
In 2015, 38%
more security
incidents were
detected than
in 2014.
38%
56%
Theft of hard
intellectual
property
increased 56%
in 2015.
34%
30%
2014
2015
29%
22%
19%
18%
15%
Current
employees
24
Former
employees
16%
13%
Suppliers/
partners
22%
While employees
remain the most
cited source of
compromise,
incidents attributed
to business partners
climbed 22%.
Turnaround and transformation in cybersecurity: Key findings from The Global State of Information Security Survey 2016
$2.5m
24%
Respondents boosted their information
security budgets by 24% in 2015.
2014
2015
-5%
Financial losses
decreased 5%
from 2014 to 2015.
69%
Cloud-based
cybersecurity
59%
Big Data
analytics
59%
91%
Risk-based
security
framework
65%
Formally
collaborate
with others
Cybersecurity
insurance
PwC
25
58%
Have an overall
information
security strategy
53%
Employee training
and awareness
program
52%
Have security
baselines/standards
for third parties
26
54%
Have a CISO
in charge
of security
49%
Conduct threat
assessments
48%
Active monitoring/
analysis of security
intelligence
Turnaround and transformation in cybersecurity: Key findings from The Global State of Information Security Survey 2016
Methodology
The Global State of Information Security Survey 2016 is a worldwide study by PwC, CIO and CSO. It was conducted
online from May 7, 2015 to June 12, 2015. Readers of CIO and CSO and clients of PwC from around the globe were
invited via email to participate in the survey.
The results discussed in this report are based on responses of more than
10,000 CEOs, CFOs, CIOs, CISOs, CSOs, VPs and directors of IT and security
practices from more than 127 countries.
30%Europe
37%North America
3%Middle East
and Africa
16%Asia Pacific
14%South America
PwC
27
China
Israel
Richard Bergman
Partner
richard.bergman@au.pwc.com
Megan Haas
Partner
megan.l.haas@hk.pwc.com
Yaron Blachman
Partner
yaron.blachman@il.pwc.com
Andrew Gordon
Partner
andrew.n.gordon@au.pwc.com
Ramesh Moosa
Partner
ramesh.moosa@cn.pwc.com
Italy
Steve Ingram
Partner
steve.ingram@au.pwc.com
Kenneth Wong
Partner
kenneth.ks.wong@hk.pwc.com
Austria
Denmark
Christian Kurz
Senior Manager
christian.kurz@at.pwc.com
Christian Kjr
Director
christian.x.kjaer@dk.pwc.com
Belgium
Filip De Wolf
Partner
filip.de.wolf@be.pwc.com
Brazil
Edgar DAndrea
Partner
edgar.dandrea@br.pwc.com
Canada
David Craig
Partner
david.craig@ca.pwc.com
Sajith (Saj) Nair
Partner
s.nair@ca.pwc.com
Richard Wilson
Partner
richard.m.wilson@ca.pwc.com
28
France
Philippe Trouchaud
Partner
philippe.trouchaud@fr.pwc.com
Germany
Derk Fischer
Partner
derk.fischer@de.pwc.com
Wilfried Meyer
Partner
wilfried.meyer@de.pwc.com
India
Sivarama Krishnan
Partner
sivarama.krishnan@in.pwc.com
Fabio Merello
Partner
fabio.merello@it.pwc.com
Japan
Yuji Hoshizawa
Partner
yuji.hoshizawa@jp.pwc.com
Maki Matsuzaki
Partner
maki.matsuzaki@jp.pwc.com
Naoki Yamamoto
Partner
naoki.n.yamamoto@jp.pwc.com
Korea
Soyoung Park
Partner
s.park@kr.pwc.com
Luxembourg
Vincent Villers
Partner
vincent.villers@lu.pwc.com
Middle East
Mike Maddison
Partner
mike.maddison@ae.pwc.com
Patrick MacGloin
Director
patrick.macgloin@ae.pwc.com
Turnaround and transformation in cybersecurity: Key findings from The Global State of Information Security Survey 2016
Netherlands
South Africa
Turkey
Otto Vermeulen
Partner
otto.vermeulen@nl.pwc.com
Sidriaan de Villiers
Partner
sidriaan.de.villiers@za.pwc.com
Burak Sadic
Director
burak.sadic@tr.pwc.com
Elmo Hildebrand
Director/Partner
elmo.hildebrand@za.pwc.com
United Kingdom
New Zealand
Busisiwe Mathe
Partner/Director
busisiwe.mathe@za.pwc.com
Norway
Tom Remberg
Director
tom.remberg@no.pwc.com
Poland
Rafal Jaczynski
Director
rafal.jaczynski@pl.pwc.com
Jacek Sygutowski
Director
jacek.sygutowski@pl.pwc.com
Piotr Urban
Partner
piotr.urban@pl.pwc.com
Russia
Tim Clough
Partner
tim.clough@ru.pwc.com
Singapore
Vincent Loy
Partner
vincent.j.loy@sg.pwc.com
Kok Weng Sam
Partner
kok.weng.sam@sg.pwc.com
Spain
Jordi Juan Guillem
Director
jordi.juan.guillem@es.pwc.com
Elena Maestre
Partner
elena.maestre@es.pwc.com
Neil Hampson
Partner
neil.r.hampson@uk.pwc.com
Richard Horne
Partner
richard.horne@uk.pwc.com
United States
David Burg
Principal
david.b.burg@pwc.com
Sweden
Scott Dillman
Principal
scott.dillman@us.pwc.com
Martin Allen
Director
martin.allen@se.pwc.com
Chris OHara
Principal
christopher.ohara@us.pwc.com
Rolf Rosenvinge
Director
rolf.rosenvinge@se.pwc.com
Shawn Panson
Partner
shawn.panson@us.pwc.com
Switzerland
Grant Waterfall
Partner
grant.waterfall@us.pwc.com
Rodney Fortune
Manager
rodney.fortune@ch.pwc.com
Chris Hemmi
Manager
christoph.hemmi@ch.pwc.com
Jan Schreuder
Partner
jan.schreuder@ch.pwc.com
PwC
29
www.pwc.com/gsiss
www.pwc.com/cybersecurity
PwC helps organisations and individuals create the value theyre looking for. Were a network of firms in 157 countries with more than 184,000 people who are
committed to delivering quality in assurance, tax and advisory services. Tell us what matters to you and find out more by visiting us at www.pwc.com.
This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the
information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the
accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PwC does not accept or assume any liability,
responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or
for any decision based on it.
2015 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity.
Please see www.pwc.com/structure for further details.
The Global State of Information Security is a registered trademark of International Data Group, Inc.
71224-2016 JP
100%
-25%
Estimated total
nancial losses
as a result of
all security
incidents
declined 24%
over the year
before.
36%
30%
26%
26%
28%
30%
24%
22%
Following last
years signicant
increase in
security spending,
budgets dropped
15% in 2015.
-15%
17%
2014
2015
Hackers
Current
employees
Former
employees
86%
68%
56%
50%
67%
59%
58%
Have an overall
security strategy
56%
55%
50%
Conduct threat
assessments
Active monitoring/
analysis of security
intelligence
50%
-24%
Quentin Orr
Principal, Cybersecurity and Privacy
e.quentin.orr@pwc.com
Mark Ruiz
Director, Cybersecurity and Privacy
mark.a.ruiz@pwc.com
2015 PwC. All rights reserved. PwC refers to the US member firm or one of its subsidiaries or affiliates, and may sometimes refer to the PwC network.
2015 PricewaterhouseCoopers
LLP,
a Delaware
limited legal
liability
partnership.
All rights reserved. for
PwC
refers
to the
United States member firm, and may sometimes refer
Each
member
firm is a separate
entity.
Please see www.pwc.com/structure
further
details.
71224-2016.km
to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details. 76502-2016 JP