Cybersecurity Challenges, Risks, Trends, and Impacts: Survey Executive Summary

Similar documents
Gold Sponsor of the study: Incident Response Management

Building a Comprehensive Mobile Security Strategy

Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age

Assumption of Breach: A New Approach to Cyber Security

Third Annual Study: Is Your Company Ready for a Big Data Breach?

Data Security: Fight Insider Threats & Protect Your Sensitive Data

Global IT Security Risks

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution

Balancing Cloud-Based Benefits With Security. White Paper

Developing National Frameworks & Engaging the Private Sector

Global Corporate IT Security Risks: 2013

How New Cyber Security Federal Regulations Are Impacting Application and Network Security

2014: A Year of Mega Breaches

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Industrial Cyber Security Risk

State of Security Survey GLOBAL FINDINGS

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS

Threat Management Survey GLOBAL FINDINGS

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re

Bridging the data gap in the insurance industry. Cyber crisis management: Readiness, response, and recovery

Aftermath of a Data Breach Study

2009 Talent Management Factbook

Exercising Your Enterprise Cyber Response Crisis Management Capabilities

Mobile Device Payment Card Processing: How Secure is It? Richard Poworski CISSP, ISP, ITCP, SCF, PCI QSA, PCIP Managing Consultant

The economics of IT risk and reputation

IT Workforce snapshot

Are You Ready for PCI 3.1?

2015 Global Cyber Impact Report

Cybersecurity Skills Shortage: A State of Emergency

Is Your Company Ready for a Big Data Breach?

The State of SEO within Retail Ecommerce Research Report

Gold study sponsor: Is cyber security now too hard for enterprises? Cyber security trends in the UK. Executive Summary

Finance outsourcing in the high-tech and electronics industries

Enterprise Software Security Strategies

The Post Breach Boom. Sponsored by Solera Networks. Independently conducted by Ponemon Institute LLC Publication Date: February 2013

WHITE PAPER. Managed Security. Five Reasons to Adopt a Managed Security Service

CRISIS MANAGEMENT: Practice Series. The Economy, Security and Coping with the Unexpected. Anton R. Valukas. Robert R. Stauffer. Thomas P.

VIGILANCE INTERCEPTION PROTECTION

Mobility in Business Report

the evolving governance Model for CYBERSECURITY RISK By Gary owen, Director, Promontory Financial Group

The State of Network Security 2013: Attitudes and Opinions An AlgoSec Survey

Zero Trust Requires Effective Business-Centric Application Segmentation

BUSINESS SURVEYS 2015

The business of sustainability

Information Security Services

Reducing Cyber Risk in Your Organization

AVAILABILITY SERVICES MANAGED SERVICES

The New Crisis Communication Challenge: Data Breach

What Consumers Believe About Cloud File Sharing & Why That s a Warning to IT Pros

Cyber Security for Competitve Advantage: How SaaS Providers are Transforming their Business

Building the business case for continuity and resiliency

The Cloud Balancing Act for IT: Between Promise and Peril

CYBER AND PRIVACY INSURANCE: LOSS MITIGATION SERVICES

How To Protect Your Endpoints From Attack

Highlights. The Bottom Line

BOARD OF GOVERNORS MEETING JUNE 25, 2014

MAXIMIZING THE VALUE OF YOUR NETWORK PENETRATION TESTS. Jay Ferron. CEHi, CISSP, CHFIi, C)PTEi, CRISC, CVEi, MCITP, MCSE, MCT, MVP, NSA-IAM

Managing the Ongoing Challenge of Insider Threats

DAMAGE CONTROL: THE COST OF SECURITY BREACHES IT SECURITY RISKS SPECIAL REPORT SERIES

The Path Forward. International Women s Day 2012 Global Research Results

Increase insight. Reduce risk. Feel confident.

2015 Travelers Business Risk Index. Findings from a survey of U.S. business risk decision makers May 2015

Reputation Impact of a Data Breach Executive Summary

Supporting information technology risk management

Global IT Security Risks: 2012

Mitigating and managing cyber risk: ten issues to consider

Protecting your business interests through intelligent IT security services, consultancy and training

Enterprise Encryption Trends Survey GLOBAL RESULTS

The automotive manufacturing sector is

Employer Perspectives on Social Networking A Manpower Survey

2016 Dell Data Security Survey FULL REPORT

The Importance of Senior Executive Involvement in Breach Response

FINANCIAL FRAUD: THE IMPACT ON CORPORATE SPEND IT SECURITY RISKS SPECIAL REPORT SERIES

State of Network Security 2014

The Top Ten of Information Security - For 2015

Small Business. Optimism Report

How to protect yourself against cyber crime in 7 practical steps

Acronis Digital Assets Research Findings: Unveiling Backup & Recovery Practices across Europe

The Purpose of PR 2016

2015 NETWORK SECURITY & CYBER RISK MANAGEMENT: THE FOURTH ANNUAL SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN EUROPE

Corporate Security in 2016.

SOCIAL MEDIA MOBILE DEVICES CLOUD SERVICES INTERNET OF THINGS (IOT)

Employer Perspectives on Social Networking: Global Key Findings

CYBER LIABILITY INSURANCE MARKET TRENDS: SURVEY

THE IMPORTANCE OF EXPENSE MANAGEMENT AUTOMATION

Amid Ongoing Transformation and Compliance Challenges, Cybersecurity Represents Top IT Concern in Financial Services Industry

LIVE STREAMING VIDEO FOR BRANDS AND RETAILERS

FFIEC Cybersecurity Assessment Tool

Why you MUST protect your customer data

Cyber Security Auditing for Credit Unions. ACUIA Fall Meeting October 7-9, 2015

PRIORITIZING CYBERSECURITY

Law Firm Cyber Security & Compliance Risks

The Importance of Cyber Threat Intelligence to a Strong Security Posture

Discussion on Network Security & Privacy Liability Exposures and Insurance

The State of Sustainable Business Annual Results September 2015

Digital Consumer s Online Trends and Risks

Nationwide Cyber Security Survey

Top 5 Global Bank Selects Resolution1 for Cyber Incident Response.

GLOBAL IT SECURITY RISKS SURVEY 2014 DISTRIBUTED DENIAL OF SERVICE (DDoS) ATTACKS

Transcription:

Survey and Executive Summary Produced by MIT Technology Review Custom in Partnership with Hewlett Packard Enterprise Security Services and FireEye Inc. Cybersecurity Challenges, Risks, Trends, and Impacts: Survey Executive Summary IN THIS REPORT 1 Introduction Cybersecurity Challenges, Risks, Trends, and Impacts: Survey Executive Summary 2 Survey Highlights Issue 1: Security Challenges 3 Issue 2: Security Threats 4 Issue 3: Attack Frequency 5 Issue 4: Breach Preparedness 6 Issue 5: Risk Management Strategies 7 Issue 6: Breach Impact 8 Methodology and Participant Profile No question about it: Information security or, more precisely, the lack of it is firmly on the radar for business and information-technology leaders in organizations of all sizes and in every sector. Many executives and managers fear that their companies are ill-prepared to prevent, detect, and effectively respond to various types of cyberattacks, and a shortage of in-house security expertise remains of widespread concern. Those are among the initial findings of the Cybersecurity Challenges, Risks, Trends, and Impacts Survey, conducted by MIT Technology Review Custom in February 2016. About 225 business and IT executives, directors, managers, and other leaders participated in the online survey, which was commissioned by Hewlett Packard Enterprise Security Services and FireEye Inc. While the research team continues to analyze survey results, themes about several key issues have already emerged. Among them: Few survey respondents are fully confident in their ability to respond to security threats. For instance, only about 6 percent of those surveyed believe their organizations are extremely well prepared to respond to a security breach involving a major loss of information. Many struggle to hire and retain highly qualified security specialists. Lack of in-house expertise ranks as the single greatest information-security challenge, cited by more than one-third of participants. Most lack information risk-management strategies. While many expect to develop them, roughly 25 percent either have no plans to do so or simply don t know whether their organizations have, or eventually will have, such strategies. Most see multiple security threats on the rise. Areas of greatest concern include threats related to mobile computing, email- or Web-based attacks, and the vulnerabilities created by the bring-your-own-device (BYOD)/bring-your-own apps (BYOA) workplace trends. A majority report experiencing either more or as many data attacks today as in 2014. Only 7 percent report fewer attacks now than two years ago. Participants call lost time and productivity the most negative effect of recent breaches. Other impacts include remediation time and necessary expenditures on consultants and additional technologies. Additional findings will be released in mid-march 2016. Meanwhile, please read on for a few preliminary survey highlights. 1

Survey Highlights Following are initial survey results for several key issues: security challenges and threats, attack frequency, preparedness levels, information risk management strategies, and breach impact. Issue 1: Security Challenges For more than a third of survey participants, lack of in-house expertise ranks as the top informationsecurity headache. What are your organization s top information security challenges? * 39+34+27+23+21+20+20+18+16+13+9+20 Lack of in-house expertise Inadequate enabling technologies Insufficient funding Evasion of existing preventive security controls Difficulty in locating right security talent Inadequate forensic capabilities Loss of sensitive or confidential data (non-mobile sources) Lack of accountability Loss of mobile devices containing sensitive/ confidential data Poor leadership Third-party vetting failure Other 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Security Challenges *Multiple responses allowed. All percentages have been rounded. 2

Issue 2: Security Threats Participants perceive mobile computing as the biggest current threat to information security, but several other factors rank close behind. Where do you see the most growth in security threats? * 43+42+42+41+28+23+22+21+19+8 Mobile computing Employee mobiledevice or application use (BYOD/BYOA) Attacks via email Attacks via Web Cloud migration process Attacks via social media New app implementation/app development process Nation-on-nation breaches Data sovereignty Other 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Security Threats *Multiple responses allowed. All percentages have been rounded. 3

Issue 3: Attack Frequency For more than a third of survey participants, data attacks are clearly on the rise today, but nearly as many don t know for sure whether they re experiencing more or fewer attacks than they did two years ago. About a quarter of survey participants see no change, while a few report being under constant attack. Only a handful say data attacks have decreased. Same number of attacks as two years ago 24% 34+31+24+7+4 Across your organization, do you feel that you are experiencing more, fewer, or the same number of data attacks today compared with two years ago? * Fewer data attacks than two years ago 7% We re under constant attack these days 4% More data attacks than two years ago 34% Attack Frequency Don't know 31% *All percentages have been rounded. 4

Issue 4: Breach Preparedness Only a handful of survey participants feel their organizations are extremely well prepared to respond to a security breach involving serious information loss. 18+23+31+22+6 Well prepared 4 On a scale of 1 to 5, how prepared is your organization to respond to an incident involving a material loss of information? Somewhat prepared 3 Extremely well prepared 5 Inadequately prepared 1 Somewhat inadequately prepared 2 Breach Preparedness 5

Issue 5: Risk Management Strategies Roughly 40 percent of participants have information risk management strategies, and nearly as many are either developing such strategies or plan to do so. However, others either don t know whether their organizations have such strategies or don t expect to develop them. Does your organization have an information risk management strategy? * 39+21+16+14+10 Yes No; one in development No; plan to develop one No; no plans to develop one Don t know 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% *All percentages have been rounded. Risk Management Strategies 6

Issue 6: Breach Impact Security incidents impact organizations in a variety of ways, from remediation expenses to lost customers to brand-value damage. While about a quarter of survey participants report no significant impact and about as many say they don t know whether they ve been affected, the rest indicate that they have experienced one or more breach-related impacts in the past two years. How have security breaches impacted your organization in the past two years? * 422524161612121086524265 Lost time and productivity Remediation time Cost of purchased technologies Cost of outside consultants/technologies Short-term damage to reputation, brand, image Lost revenues Cost of notification Out-of-pocket costs to prevent harm to victims Lost customers Regulatory fines and lawsuits Long-term damage to reputation, brand, image None/no significant impact Don t know Other 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Breach Impact *Multiple responses allowed. All percentages have been rounded. 7

Methodology and Participant Profile Methodology and Participant Profile: MIT Technology Review Custom conducted an online survey of IT and business executives and managers across a broad range of industries in February 2016. About 225 qualified participants primarily from North America, the United Kingdom, Western Europe, India, China, Latin America, and the Asia-Pacific region completed the 31-question survey. Additional findings will be released in mid-march 2016. About MIT Technology Review Custom Built on more than 115 years of excellence in technology journalism, MIT Technology Review Custom is the arm of global media company MIT Technology Review that creates and distributes custom content. Our turnkey solutions include everything from writing, editing, and design expertise to multiple options for promotional support. Working closely with clients, our expert custom-editorial staff develops a range of high-quality, relevant content, delivering it to users when and where they want it in digital, print, online, or in-person experiences. Everything is customized to fit clients content marketing goals and position them as thought leaders aligned with the authority on technology that matters. Copyright 2016, MIT Technology Review. All rights reserved. www.technologyreview.com/media 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information