Cyber Security key emerging risk Q3 2015



Similar documents
Addressing Cyber Risk Building robust cyber governance

Developing a robust cyber security governance framework 16 April 2015

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council

Cyber Security: from threat to opportunity

Seamus Reilly Director EY Information Security Cyber Security

Best Practices to Improve Breach Readiness

Session 9: 20 Questions You Should Answer About Your Cyber Security Readiness Jeff Thomas, Partner, KPMG Ivan Alcoforado, Senior Manager, KPMG

How To Manage Risk On A Scada System

CONSULTING IMAGE PLACEHOLDER

Third-Party Cybersecurity and Data Loss Prevention

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant

Overview TECHIS Manage information security business resilience activities

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

Committees Date: Subject: Public Report of: For Information Summary

Changing the Enterprise Security Landscape

REPORT. Next steps in cyber security

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties

Cyber Security Auditing for Credit Unions. ACUIA Fall Meeting October 7-9, 2015

Cybersecurity in the States 2012: Priorities, Issues and Trends

Defending Against Data Beaches: Internal Controls for Cybersecurity

A NEW APPROACH TO CYBER SECURITY

How small and medium-sized enterprises can formulate an information security management system

The Current State of Cyber Security

Designing & Building a Cybersecurity Program. Based on the NIST Cybersecurity Framework (CSF)

Managing cyber risks with insurance

Extracting learning from operational risk loss events and root cause analysis. Caroline Coombe Chief Executive, ORIC International

¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ à Securities and Exchange Board of India

DON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS?

CYBERSECURITY INDEX OF INDICES

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

Information Technology

Course 4202: Fraud Awareness and Cyber Security Workshop (3 days)

RSA Archer Risk Intelligence

IT Governance Regulatory. P.K.Patel AGM, MoF

CYBER SECURITY SERVICES PWNED

The enemies ashore Vulnerabilities & hackers: A relationship that works

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure

Office of the Chief Information Officer

IT Governance Charter

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Cybersecurity The role of Internal Audit

ISE Northeast Executive Forum and Awards

Assessing the strength of your security operating model

Cyber, Social Media and IT Risks. David Canham (BA) Hons, MIRM

Cyber Risk and the Utility Industry

Defending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014

Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR

The Protection Mission a constant endeavor

Get More Out of Your Risk Assessment. Austin Chapter of the IIA

CYBER SECURITY, A GROWING CIO PRIORITY

CBEST FAQ February 2015

Firewall Administration and Management

Cybersecurity. Are you prepared?

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Cyber Security for audit committees

Threat smart: Building a cyber resilient financial institution - an East Cluster perspective

Unleashing your growth potential Product Innovation and Development

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

NIST Cybersecurity Framework & A Tale of Two Criticalities

Cyber security Building confidence in your digital future

State of South Carolina Initial Security Assessment

Cybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015

IT AUDIT WHO WE ARE. Current Trends and Top Risks of /9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski

Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst

Italy. EY s Global Information Security Survey 2013

Achieving Cyber Resilience. By Garin Pace, Anthony Shapella and Greg Vernaci

Technology and Cyber Resilience Benchmarking Report December 2013

States at Risk: Cyber Threat Sophistication, Inadequate Budget and Talent

DON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS?

FFIEC Cybersecurity Assessment Tool

Government Procurement Service

The STAGEnet Security Model

MANAGED SECURITY SERVICES (MSS)

Cybersecurity Enhancement Account. FY 2017 President s Budget

Best Practice Strategies for Managing and Mitigating Key Cyber Risks. Brendan Saunders, Principal Security Consultant - November 2015

Cyber Security From The Front Lines

Data Security: Fight Insider Threats & Protect Your Sensitive Data

W H I T E P A P E R I m p a c t o f C y b e r s e c u r i t y A t t a c k s a n d N e w - A g e S e c u r i t y S t r a t e g i e s

Transcription:

Cyber Security key emerging risk Q3 2015 The study is based on interviews with CIO:s, CISO:s and Head of Security in August and September 2015. November 2015 www.pwc.se

Companies falling behind are more likely to face a Cyber Security attack 2 Cyber Security key emerging risk Q3 2015

State of Swedish Cyber Security Key observations from survey Rolf Rosenvinge One of Swedens leading experts and responsible for Cyber at PwC Sweden 0703-37 12 15 rolf.rosenvinge@se.pwc.com Number of incidents continue to increase and overall dedicated Cyber Security spend is not picking up at surveyed clients as we see among Global peers. These two facts equals increasing risk levels among clients. Are Audit Committees aware? And is this in line with the Boards Risk Appetite? Additionally, when comparing Swedish companies with European and global companies, it is clear that Swedish clients are falling behind in terms of: 1. Single responsible Executive appointed CISO with fit for purpose organization including clear mandates and management support. 2. Lack of mature Cyber Security Governance mechanisms policies, procedures, mandates, forums and Board level reporting. 3. Clear understanding of Crown Jewels. What are they, where are they and who has access? Resilience Martin Allen Internationally experienced Cyber Security expert, PwC Sweden 0725-84 93 80 martin.allen@se.pwc.com Cyber Security Risk Management Cyber Security - Sweden Is the lack of a large scale/high impact attack in Sweden with significant media coverage the reason why we still see relatively low maturity levels in a European/global comparison? Privacy Cyber Security key emerging risk Q3 2015 3

Cyber Security Strategy 36% Only 36% of surveyed clients have a fully or partially implemented Management system for Information Security. How much risk are the organizations (unknowingly) carrying due to lack of Management oversight and only partially defined standards, procedures and control environments? 55% of the Boards of surveyed clients are not continuously engaged in Cyber Security discussions (Strategy, status and funding etc). 55% More robust Cyber Security Governance mechanisms are needed among surveyed clients. Getting to a Board level risk appetite statement is the first step to a successful Cyber Security Strategy. And designing a set of non-technical KPI:s/KRI:s supporting the risk appetite statement would allow for continuous Board level monitoring of this key emerging risk. 37% Only 37% of surveyed clients have classified their data. And only 27% are actively monitoring their technology landscape for data loss. Defining the Crown Jewels (CJ) should be one of the immediate starting points for a effective Cyber Security program. Designing and implementing a fit for purpose monitoring of the CJs to avoid critical data being ex-filtrated would be a logic next step. 4 Cyber Security key emerging risk Q3 2015

Cyber Security Operations 0% 0% of surveyed clients have full Forensics capabilities in-house. Most clients (55%) rely on external vendors for Forensic services. Focusing in-house resources on daily Cyber Security operations and relying on vendors for external expertise makes sense if it is a conscious decision. Only 10% of surveyed clients have fully integrated response capabilities. 10% 63% have limited response capabilities to counter an active ongoing attack. Do we fully understand that taking the Compliance -approach to Cyber Security will not be sufficient tomorrow? Are clients integrating Threat Intelligence into their Cyber Security operating model? 27% Only 27% of surveyed clients are actively monitoring their technology landscape for data loss. Many clients have partial monitoring in place but since Crown Jewels are not designated in many organizations (see previous page) the effectiveness of the monitoring in place could be inadequate. Are sufficient efforts in place to monitor data exfiltration attempts? Or are too many (relatively) efforts placed on only identifying incoming malicious threats? Cyber Security key emerging risk Q3 2015 5

The Cyber Security Roadmap - 8 steps to fix the problem 1. Cyber Risk Assessment 2. Roles & Responsibilities CISO etc 3. Information Security Program funded and resourced, fit for purpose design 4. Critical data crown jewels: What are they? Where are they? Who owns them? 5. Fix the basics policies, standards, vulnerabilities, access etc 6. Detection and response capabilities 7. 3rd party risk vendors, outsourcing partners, JVs etc 8. People matter company culture, awareness training, insider threats etc 6 Cyber Security key emerging risk Q3 2015

Cyber Security key emerging risk Q3 2015 7

Contact information Rolf Rosenvinge rolf.rosenvinge@se.pwc.com +46 (0)703 37 12 15 Martin Allen martin.allen@se.pwc.com + 46 (0)72 584 93 80 PwC Sweden is the market leader within auditing, accounting, tax and advisory services, with 3,600 people with operations at 100 locations throughout the country. Using our experience and unique business knowledge, we enhance value for our 60,000 clients, who are comprised of global companies, major Swedish companies and organisations, smaller and medium-sized companies, primarily local, and the public sector. PwC Sweden is a separate and independent legal entity. We are the Swedish member firm of the PwC global network. Close to 208,000 people in 157 countries across our network share their thinking, experience and solutions to develop fresh perspectives and practical advice.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information