Keep in touch Global State of Information Security Survey 2015
Transcription
Keep in touch Global State of Information Security Survey 2015
www.pwc.be/technology Keep in touch We’re here to listen Global State of Information Security Survey 2015 We would be delighted to have a deeper discussion with you. Do not hesitate to contact us personally. Floris Ampe Partner Filip De Wolf Partner Tel: +32 (0)2 710 41 64 Tel: +32 2 (0)710 42 51 floris.ampe@be.pwc.com filip.de.wolf@be.pwc.com Technology consulting Looking for an expert in a specific area? Area of expertise Who can I contact? Operation Technology, Incident Response and Threat Management Peter Versmissen Emerging Technology and Consumer Technology Security Marc Sel Privacy, Security assessments, review and tests Gaël Hachez Bringing cyber security on board level and how to execute it in your organisation and IT department Jan De Meyer Cyber insurance Filip De Wolf peter.versmissen@be.pwc.com marc.sel@be.pwc.com gael.hachez@be.pwc.com jan.de.meyer@be.pwc.com filip.de.wolf@be.pwc.be Deployment of cyber security within a European government context Steven Ackx steven.ackx@be.pwc.com The number of security incidents continue to soar Globally, the total number of security incidents detected by survey respondents climbed to €32 billion this year, an increase of 48% over 2013. 75% of all Belgian respondents indicate to have encountered a security incident on a monthly basis. Security incidents happen on all IT layers (application, data, system and network) but also on the people layer as 15% of the Belgian respondents have encountered social engineering attacks against their employees About PwC PwC helps organisations and individuals create the value they’re looking for. We’re a network of firms in 157 countries with more than 195,000 people who are committed to delivering quality in assurance, tax and advisory services. Find out more and tell us what matters to you by visiting us at www.pwc.com. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details. © 2014 PwC. All rights reserved. How can your organisation change the game? The case of Belgium Cyber risks will never be completely eliminated. Today, organisations must remain vigilant and agile in the face of a continually evolving threat landscape. How is Belgium playing the game? Five actions to adapt More than 50% of the Belgian respondents indicated to have lost intellectual property or encountered the compromise or damage of customer, employee and internal records. This figure could be explained by the fact that, in general, less than 50% of the respondents have encrypted their data stores, whereas only 37% reported to use a data loss prevention solution. At a worldwide level, financial losses associated with the security incidents range from €75.000 to €7.500.000 for 60% of the organisations and are as such higher than the European average. A simple explanation for these important financial losses is the fact that only 37% of the organisations have a cyberinsurance. At a European level, the majority of financial losses include the loss of customer business followed by legal expenditures. For Belgium however, the key cost factors are investigations and forensics. 20% of the Belgian respondents do not know the number of security incidents on a yearly basis, while 40% has no insight on the financial impact of their security incidents. The majority, about 70%, of the respondents specified to have classic prevention solutions, such as firewalls, in place. In contrast, no more than 40% of the respondents indicated to use more advanced safeguards like malicious code-detection tools. your organisation’s security investments Further improve. Strengthen collaboration. The type of respondents would account for the lacking insight in security incidents. However, another explanation could be that organisations have an ineffective security strategy and practice in place. Almost half of the respondents report having a SIEM solution and securityevent-correlation tools in place. Moreover we could conclude that not all organisations employ analytics to model and identify security incidents. If you are not connected to the conversations, you are going to be lost. In today’s threat environment, there is no reason for not collaborating. Hayes of CenterPoint • Belgian organisations, in contrast to European ones, do not plan a formal collaboration with industry peers to address security risks, fearing disabuse from involved parties as attention would be drawn to their potential weaknesses. • The limited cross-organisation involvement leads to a decentralised approach for addressing security incidents, postand pre-incident. • Outsourcing might be a solution to profit from scale advantages on security expenditures. However, only 29% of Belgian organisations (50% at European level) indicated conducting compliance audits of third parties that process personal identifiable information of employees and customers.