Cyber security: Are consumer companies up to the challenge?

Similar documents
Cyber security: it s not just about technology

Nine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity

Cyber threat intelligence and the lessons from law enforcement. kpmg.com/cybersecurity

Cyber Security: from threat to opportunity

How To Transform It Risk Management

Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom. kpmg.bm

A NEW APPROACH TO CYBER SECURITY

Data Security: Fight Insider Threats & Protect Your Sensitive Data

Cyber Security Risks for Banking Institutions.

Cyber security Building confidence in your digital future

London Business Interruption Association Technology new risks and opportunities for the Insurance industry

Developing a robust cyber security governance framework 16 April 2015

Cyber Security Evolved

INFORMATION SECURITY CYBER LIABILITY RISK MANAGEMENT. October Sponsored by:

SOCIAL MEDIA MOBILE DEVICES CLOUD SERVICES INTERNET OF THINGS (IOT)

State Governments at Risk: The Data Breach Reality

2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: A SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN THE ASIA-PACIFIC REGION

FFIEC Cybersecurity Assessment Tool

Assessing the strength of your security operating model

About the Survey Respondents

How to stay competitive in a converging healthcare system kpmg.com

Cyber Risk Management

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

Increase insight. Reduce risk. Feel confident.

Developing National Frameworks & Engaging the Private Sector

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v

2015 NETWORK SECURITY & CYBER RISK MANAGEMENT: THE FOURTH ANNUAL SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN EUROPE

Cyber Security for audit committees

Security and Privacy Trends 2014

October 24, Mitigating Legal and Business Risks of Cyber Breaches

White Paper on Financial Industry Regulatory Climate

Cyber Security. The changing landscape. Financial Sector. March 4-5, 2014

Cyber threat intelligence and the lessons from law enforcement. kpmg.com.au

Defending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014

OECD PROJECT ON CYBER RISK INSURANCE

Cybersecurity Strategic Consulting

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Information Risk Management

Seamus Reilly Director EY Information Security Cyber Security

HEALTH CARE AND CYBER SECURITY:

ADVISORY SERVICES. Risk management in an evolving world. Making the case for social media governance. kpmg.com

Cybersecurity and Privacy Hot Topics 2015

CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

Institute of Internal Auditors Cyber Security. Birmingham Event 15 th May 2014 Jason Alexander

A BUSINESS CASE FOR BEHAVIORAL ANALYTICS. White Paper

Access is power. Access management may be an untapped element in a hospital s cybersecurity plan. January kpmg.com

Cyber Security From The Front Lines

The five most common cyber security mistakes

11/27/2015. Cyber Risk as a Component of Business Risk: Communicating with the C-Suite. Conflict of interest. Learning Objectives

Address C-level Cybersecurity issues to enable and secure Digital transformation

Cyber security Building confidence in your digital future

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

Cyber Security, a theme for the boardroom

Managing cyber risks with insurance

The NIST Cybersecurity Framework (CSF) Unlocking CSF - An Educational Session

Reducing Cyber Risk in Your Organization

ACE European Risk Briefing 2012

Enterprise Risk Management: From Theory to Practice

Into the cybersecurity breach

How to protect yourself against cyber crime in 7 practical steps

Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape

Through a cyber security lens

Supporting information technology risk management

2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: THE THIRD ANNUAL SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN EUROPE

CONSULTING IMAGE PLACEHOLDER

BOARD OF GOVERNORS MEETING JUNE 25, 2014

Senate Committee on Commerce, Science, and Transportation March 19, 2015, Hearing Examining the Evolving Cyber Insurance Marketplace

January IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director

MAY 7, 2015 AND THEN THE ACCOUNTANTS SHOWED UP HOW THE INSURANCE INDUSTRY WILL DRIVE CYBER SECURITY. CHIP BLOCK EVOLVER, INC Reston, VA

Game Changer The Impact of Cognitive Technology on Business and Financial Reporting. May 23, 2016

Italy. EY s Global Information Security Survey 2013

The economics of IT risk and reputation

Enterprises are transforming, market place priorities are changing, Is your business ready?

5 Traits of Companies Successfully Preventing Fraud and How to Apply Them in Your Business. An IDology, Inc. Whitepaper

Nine Cyber Security Trends for 2016

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Testimony of Dan Nutkis CEO of HITRUST Alliance. Before the Oversight and Government Reform Committee, Subcommittee on Information Technology

Building a Roadmap to Robust Identity and Access Management

The State of Sustainable Business Annual Results September 2015

Remaining Secure in an Evolving Industry. White Paper

Mitigating and managing cyber risk: ten issues to consider

Cyber ROI. A practical approach to quantifying the financial benefits of cybersecurity

Managing Risk at Bank of America Corporation. Overview

Cyber Security: Confronting the Threat

Vital Risk Insights kpmg.com

Creating, Developing and Instituting an Effective Incident Response Plan. Webinar. 15 April 2015

Managing Cyber Risk through Insurance

How to Develop Successful Enterprise Risk and Vendor Management Programs

Securing Internet Payments across Europe. Guidelines for Detecting and Preventing Fraud

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Cybersecurity. Considerations for the audit committee

Where insights lead Cybersecurity and the role of internal audit: An urgent call to action

Cyber Security For not-for-profit organizations. Kevvie Fowler, GCFA, CISSP February, 2015

Cyber Security - What Would a Breach Really Mean for your Business?

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

Transcription:

Cyber security: Are consumer companies up to the challenge? 1 Cyber security: Are consumer companies up to the challenge? A survey of webcast participants kpmg.com

1 Cyber security: Are consumer companies up to the challenge? Cyber security: It s not just about technology Technology has truly empowered the customer and is rapidly changing the consumer industry. While all digital channels, as well as brick and mortar, are being integrated to provide a seamless brand and shopping experience, the technological advances making this possible are also making companies increasingly vulnerable. Threats from cyber criminals and hacktivists are growing in scale and sophistication. Customers, investors, and regulators are all demanding stepped-up efforts when it comes to cyber security, and organizations are subject to increasing amounts of legislative, corporate, and regulatory requirements. From profit, customer, and data loss to operations disruption and reputation damage, cyber crime has enormous implications to any business. Organizations need to take action to reduce the risk of a data breach. And when a breach occurs, they need to act quickly and efficiently to manage and resolve the issue with as little damage as possible. Focusing on technology alone to address these issues is not enough. In April 2014, KPMG held a webcast entitled Cyber security: It s not just about technology, which focused on assessing and effectively managing cyber risk. Participants were provided with a concrete model they can use to assess their organization s cyber maturity and to implement sustainable cyber security practices. Our conversation covered: Evolving cyber threats what is new? The cyber landscape how consumer organizations are responding The Cyber Maturity Assessment how to find answers to, Are we prepared? and, How safe are we? Immediate action items 10 key questions to determine next steps To view a replay of the webcast, go to: www.kpmg.com/us/cswebcast During KPMG s cyber security webcast, more than 100 professionals from the retail and food, drink, and consumer goods industry responded to survey questions about their organizations and cyber security. The results reveal that despite the fact that cyber threats have received much attention from the media and industry organizations, the majority of consumer companies have a long way to go to effectively mitigate cyber risk and manage evolving threats. Explore our findings and the perspectives of our cyber security specialists to learn how your organization compares to those surveyed in such areas as cyber readiness, and how you can effectively address the complex challenge of cyber security. Effectively managing cyber risk means putting in place the right governance and the right supporting processes, along with the right enabling technology.

Cyber security: Are consumer companies up to the challenge? 2 Cyber security is front and center In the last six months, more than 86 percent of survey participants organizations have increased their focus on cyber security. Survey question 1 Please select the statement below that best describes your organization in the last six months. There has been a significant increase in our focus on cyber security 44 86% increased their focus There has been some increase in our focus on cyber security 42 There has been no change in our focus on cyber security 8 Don t know 4 There has been less focus on cyber security 2 {Respondents: 107} KPMG insights: Cyber security is an important concern for every organization, and consumer businesses are ideal targets for hackers trying to capture cardholder data and steal customer identities. Clearly, the recent cyber breaches were a wakeup call for the industry. The majority of retailers and consumer packaged goods companies have elevated cyber security to the top of their agendas. Daily occurrences demonstrate the risk posed by cyber attackers from individual, opportunistic hackers, to professional and organized groups of cyber criminals with strategies for systematically stealing intellectual property and disrupting business. The management of any organization faces the task of ensuring that its organization understands the risks and sets the right priorities. While this is no easy task, it is essential that leaders take control of allocating resources to deal with cyber security, actively manage governance and decision making over cyber security, and build an informed and knowledgeable organizational culture.

3 Cyber security: Are consumer companies up to the challenge? Innovation and transformation: rewards worth the risk Participants indicate that business model and operational changes along with new technologies are having a significant impact on their organizations. Survey question 2 Which of the trends listed below is having the most impact on your organization? Change in the way business is conducted: Cloud computing, big data, social media, consumerization, BYOD, mobile banking 46 External threats: Organized crime, nation-states, cyber espionage, hacktivism, insider threats 27 Regulatory compliance: Data loss, privacy, records management 18 Rapid technology change: Critical national infrastructure, smart/metering, Internet of all things 9 Don t know 6 Changing market and client needs: Strategic shift, situational awareness, intelligence sharing, cyber response 4 None of the above 1 {Respondents: 111} KPMG insights: Most consumer companies are not being driven by fear, uncertainty, or doubt. They see the potential that rapidly advancing technology has and continue to explore new ways of doing business, new ways of running a business, and new ways to better understand and engage with consumers. However, technology does not come without challenges. Companies must balance a relentless pursuit of innovation with assessing and effectively managing risk. Cyber crime risks can be controlled. The key is to embed security and risk management processes in technology and related initiatives right from the get-go. By treating cyber security as business as usual and balancing investment between risks and potential impacts, an organization can be well-prepared to combat cyber crime.

Cyber security: Are consumer companies up to the challenge? 4 Unprepared for a data breach Only 36 percent of survey participants indicated that their organization has a formal cyber incident response plan. Survey question 3 Does your organization have a formal cyber incident response plan? 20 16 36 Yes Not yet, but in the process of defining the plan No Don t know 33 {Respondents: 105} KPMG insights: The majority of consumer companies are not yet considering how they will respond to a data breach before it occurs. When companies do not have a formal cyber incident response plan now considered a standard of care across industries they are forced to rely on the ad hoc action of their people, leaving the outcome unpredictable and unreliable. Mishandling an incident is a major liability potentially costing billions of dollars and having the potential to destroy a brand virtually overnight. In some cases, not having a plan may even be perceived as negligence and become a legal liability. Additionally, should an incident occur, organizations need to ensure that they are evaluated in such a way that lessons can be learned. In practice, however, actions are driven by real-time incidents and often are not recorded or evaluated. This destroys the ability of the organization to learn and put better security arrangements in place in the future. Organizations can reduce the risks to their business by building up capabilities in three critical areas prevention, detection, and response. Prevention Prevention begins with governance and organization. It is about installing fundamental measures, including placing responsibility for dealing with cyber crime within the organization and developing awareness training for key staff. Detection Through monitoring of critical events and incidents, an organization can strengthen its technological detection measures. Monitoring and data mining together form an excellent instrument to detect strange patterns in data traffic, to find the location on which the attacks focus, and to observe system performance. Response Response refers to activating a wellrehearsed plan as soon as evidence of a possible attack occurs. During an attack, the organization should be able to directly deactivate all technology affected. When developing a response and recovery plan, an organization should perceive cyber security as a continuous process and not as a one-off solution.

5 Cyber security: Are consumer companies up to the challenge? Cyber security demands attention Less than 20 percent of survey participants have a chief information security officer dedicated to overseeing cyber security at their organization. Survey question 4 At your organization, who is responsible for cyber security? 44% 19% 16% 8% 7% 6% Chief information officer Chief information security officer There is shared responsibility between several departments Other Chief financial officer Don t know {Respondents: 105} KPMG insights: Across the marketplace, we are seeing chief information security officers taking on much more prominent roles. Survey results reveal that consumer companies are moving slower in adopting this approach than other industries. Given the complexity and multidisciplinary nature of the problem, cyber security demands direct management attention. Companies should be evaluating their leadership models to ensure effective oversight of security operations and support of risk and compliance functions. High-profile data breaches of retail and CPG companies exposed the massive drop in shareholder value which can result from ineffective cyber security. In other words, defending against cyber crime became a board problem. As a result, cyber security initiatives in the consumer industry are being driven from the top down. From boards, to audit and risk committees, to CEOs, CFOs, CIOs, and CISOs, leadership is under immense pressure to show progress in securing systems and managing risk and compliance, and they are seizing control of cyber. Have you considered Having an on-call expert forensic team to provide on-demand response, analysis, containment, eradication, and investigation of any threat, concern, or incident? Establishing a relationship with outside counsel to mitigate potential exposure of a data breach?

Cyber security: Are consumer companies up to the challenge? 6 Merely average at cyber security Nearly three-quarters of survey respondents rate their organization s cyber maturity level as average or below. Survey question 5 On a scale where 1 indicates informal and 5 indicates industry leading, where would you rank your organization s cyber maturity level? 50 45 40 30 20 22 22 < 1 1-2 2-3 3-4 4-5 Don't know 10 5 4 9 0 {Respondents: 107} KPMG insights: Cyber security has historically been a neglected area in consumer companies. It s no wonder that only five percent of organizations believe they have industry-leading levels of cyber maturity. With the growth of omni-channel retailing exposing new risks and regulatory watchdogs sharpening their teeth the industry needs to play catch-up. Now is the time to increase the focus on cyber security. At KPMG, we consider six key dimensions that together provide a wide-ranging and in-depth view of an organization s cyber maturity. Leadership and governance Is the board demonstrating due diligence, ownership, and effective management of risk? Human factors What is the level and integration of a security culture that empowers and ensures the right people, skills, culture and knowledge? Information risk management How robust is the approach to achieve comprehensive and effective risk management of information throughout the organization and its delivery and supply partners? Business continuity Have we made preparations for a security event and the ability to prevent or minimize the impact through successful crisis and stakeholder management? Operations and technology What is the level of control measures implemented to address identified risks and minimize the impact of compromise? Legal and compliance Are we complying with relevant regulatory and international certification standards?

About KPMG s cyber security services With award-winning, global cyber security specialists who are at the forefront of the cyber agenda, KPMG helps the world s leading organizations solve the biggest cyber security challenges of today and tomorrow. Our capabilities cut across the entire cyber security spectrum: information protection, privacy, and security; threat intelligence and cyber investigations; business resilience and continuity; risk management and compliance; and governance, strategy, and operations. Through our global network of KPMG member firms, we have the deep consumer industry insight and vast knowledge on the evolving cyber landscape and regulatory environment necessary to help you manage cyber risk across a broad spectrum of evolving threats. Contact us Tony Buffomante Principal Information Protection and Business Resilience E: abuffomante@kpmg.com Tony Buffomante is KPMG s US leader for Cyber Security Assessment and specializes in information security, privacy and business continuity. Over the past 20 years, he has managed and executed Information Technology security strategies, assessments and implementations for some of the largest global organizations. Tony is a recognized industry leader in information protection, frequently speaking at industry conferences and instructing at training seminars both nationally and internationally. Ronald Plesco, Jr., Managing Director Cyber Investigations, Forensic Services E: rplesco@kpmg.com Ron Plesco is an internationally known information security and privacy attorney with 16 years experience in cyber investigations, information assurance, privacy, identity management, computer crime, and emerging cyber threats and technology solutions. Ron is the National Lead of the KPMG Cyber Investigations, Intelligence and Analytics practice. He joined KPMG in 2012 after a distinguished career in the private and public sectors, and is a frequent speaker nationally. Dennis Van Ham Director Information Protection and Business Resilience E: dennisvanham@kpmg.com Dennis Van Ham focuses on transformational projects and on overall strategy and governance in cyber security and threat intelligence. In 2012, he joined KPMG s US firm from the Netherlands office and is currently responsible for the execution and the ongoing development of the firm s Cyber Security Assessment services. In his 15-year tenure, he has acquired deep industry experience in Retail, Oil & Gas, Financial Services and Healthcare. kpmg.com The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. Printed in the U.S.A. The KPMG name, logo and cutting through complexity are registered trademarks or trademarks of KPMG International. NDPPS 259750

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information