Keep in touch Global State of Information Security Survey 2015

Transcription

Keep in touch Global State of Information Security Survey 2015
www.pwc.be/technology
Keep in touch
We’re here to listen
Global State of Information
Security Survey 2015
We would be delighted to have a deeper discussion with you.
Do not hesitate to contact us personally.
Floris Ampe
Partner
Filip De Wolf
Partner
Tel: +32 (0)2 710 41 64
Tel: +32 2 (0)710 42 51
floris.ampe@be.pwc.com
filip.de.wolf@be.pwc.com
Technology
consulting
Looking for an expert in a specific area?
Area of expertise
Who can I contact?
Operation Technology, Incident Response
and Threat Management
Peter Versmissen
Emerging Technology and Consumer
Technology Security
Marc Sel
Privacy, Security assessments,
review and tests
Gaël Hachez
Bringing cyber security on board level and
how to execute it in your organisation and
IT department
Jan De Meyer
Cyber insurance
Filip De Wolf
peter.versmissen@be.pwc.com
marc.sel@be.pwc.com
gael.hachez@be.pwc.com
jan.de.meyer@be.pwc.com
filip.de.wolf@be.pwc.be
Deployment of cyber security within
a European government context
Steven Ackx
steven.ackx@be.pwc.com
The number of security incidents continue to soar
Globally, the total number of security incidents detected by survey respondents
climbed to €32 billion this year, an increase of 48% over 2013.
75% of all Belgian respondents indicate to have encountered a security
incident on a monthly basis.
Security incidents happen on all IT layers (application, data, system and
network) but also on the people layer as 15% of the Belgian respondents have
encountered social engineering attacks against their employees
About PwC
PwC helps organisations and individuals create the value they’re looking for. We’re a network of firms in 157 countries with more than
195,000 people who are committed to delivering quality in assurance, tax and advisory services. Find out more and tell us what matters
to you by visiting us at www.pwc.com.
PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity.
Please see www.pwc.com/structure for further details.
© 2014 PwC. All rights reserved.
How can your organisation change the game?
The case of Belgium
Cyber risks will never be completely
eliminated. Today, organisations must
remain vigilant and agile in the face of a
continually evolving threat landscape.
How is Belgium playing the game?
Five actions to adapt
More than 50% of the Belgian respondents
indicated to have lost intellectual property or
encountered the compromise or damage of
customer, employee and internal records.
This figure could be explained by the fact
that, in general, less than 50% of the
respondents have encrypted their data
stores, whereas only 37% reported to use
a data loss prevention solution.
At a worldwide level, financial losses
associated with the security incidents range
from €75.000 to €7.500.000 for 60% of the
organisations and are as such higher than the
European average.
A simple explanation for these important
financial losses is the fact that only
37% of the organisations have a cyberinsurance.
At a European level, the majority of
financial losses include the loss of customer
business followed by legal expenditures. For
Belgium however, the key cost factors are
investigations and forensics.
20% of the Belgian respondents do not
know the number of security incidents on a
yearly basis, while 40% has no insight on the
financial impact of their security incidents.
The majority, about 70%, of the respondents
specified to have classic prevention solutions,
such as firewalls, in place. In contrast, no
more than 40% of the respondents indicated
to use more advanced safeguards like
malicious code-detection tools.
your organisation’s security investments
Further improve. Strengthen collaboration.
The type of respondents would account
for the lacking insight in security
incidents. However, another explanation
could be that organisations have an
ineffective security strategy and practice
in place.
Almost half of the respondents report
having a SIEM solution and securityevent-correlation tools in place.
Moreover we could conclude that not all
organisations employ analytics to model
and identify security incidents.
If you are not connected to
the conversations, you are
going to be lost. In today’s
threat environment,
there is no reason for not
collaborating.
Hayes of CenterPoint
• Belgian organisations, in contrast to European ones, do not plan a
formal collaboration with industry peers to address security risks,
fearing disabuse from involved parties as attention would be
drawn to their potential weaknesses.
• The limited cross-organisation involvement leads to a
decentralised approach for addressing security incidents, postand pre-incident.
• Outsourcing might be a solution to profit from scale advantages on
security expenditures. However, only 29% of Belgian organisations
(50% at European level) indicated conducting compliance audits
of third parties that process personal identifiable information of
employees and customers.