Are European companies equipped to fight off cyber security attacks?



Similar documents
Are European companies equipped to fight off cyber security attacks?

Business Intelligence Maturity Audit (bima) - Specialist Cloud Services

Adoption, Approaches & Attitudes

CYBERSECURITY. Global cybersecurity capabilities for a digital transformation with confidence. Delivering Transformation. Together.

Performance Testing and Functional Automation Specialist Cloud Services

Is cyber security now too hard for enterprises? Cyber security trends in the UK. Executive Summary

Gold study sponsor: Is cyber security now too hard for enterprises? Cyber security trends in the UK. Executive Summary

HR Software and Services in France in Good Health

Address C-level Cybersecurity issues to enable and secure Digital transformation

The Future of Stakeholder Engagement

REPORT. Next steps in cyber security

A global infrastructure to safeguard your business_

How To Improve Security In An Organization

Cybersecurity: Mission integration to protect your assets

Gold Sponsor of the study: Incident Response Management

Cyber Security - What Would a Breach Really Mean for your Business?

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Who s next after TalkTalk?

TCS as a Digital Transformation Partner for European Customers

Are European companies ready for customer centricity?

Cybersecurity Strategic Consulting

Unisys Security Insights: Global Summary A Consumer Viewpoint

Meeting the challenge

Accenture Risk Management. Industry Report. Life Sciences

Combating a new generation of cybercriminal with in-depth security monitoring

Companies need integrated mobility management solutions

Is your business secure in a hosted world?

Guide Antivirus. You wouldn t leave the door to your premises open at night. So why risk doing the same with your network?

Wealth Advisory Services Winning with clients

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Sytorus Information Security Assessment Overview

Enterprise Software Security Strategies

Is a cyber breach inevitable? Cyber Security Challenges in the Netherlands

Token Security or Just Token Security? A Vanson Bourne report for Entrust

CYBER SECURITY AND CYBER DEFENCE IN THE EUROPEAN UNION OPPORTUNITIES, SYNERGIES AND CHALLENGES

Managed Security in the Enterprise (U.S. Enterprise)

Consumer Goods and Services

Supplier Connect Supplier Collaboration within Product Development. December 2015

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things

A Steria Report SEPA: will European businesses be ready for the transformation? Prepared in collaboration with. è

2015 GLOBAL ASSET MANAGEMENT SURVEY

Premium study sponsors: Is cyber security now too hard for enterprises?

Private Cloud Deployment

2011 GLOBAL INVESTMENT MANAGEMENT SURVEY

BT Assure Threat Intelligence

Cyber Security for audit committees

How are companies currently changing their facilities management delivery model...?

Cyber Security Trends Market trends from leading security analysts and consultants at TÜV Rheinland, OpenSky, and OpenSky UK

Is now a good time to sell your consulting firm?

Smart Security. Smart Compliance.

Outsourcing RESEARCH PAPER

Response to the European Commission consultation on. European Data Protection Legal Framework

Testing the Security of your Applications

Under control 2015 Hot topics for IT internal audit in financial services. An Internal Audit viewpoint

White Paper. The benefits of basing and web security in the cloud. including cost, speed, agility and better protection

Cyber Security Strategy for Germany

Achieving Global Cyber Security Through Collaboration

Leading Providers of Consulting & System Integration (C&SI) Services to the Automotive Industry in Germany 2014

Information Protection in Today s Changing Mobile and Cloud Environments

CYBER SECURITY, A GROWING CIO PRIORITY

Europe: For Richer, For Poorer? Government s Role in Preserving Standard of Living

Seamus Reilly Director EY Information Security Cyber Security

Far more than finance

Independent wealth managers. Société Générale Private Banking (Suisse) SA

The Purpose of PR 2016

Digital Leaders Survey

ICT Industry in Europe. Outsourcing Fuels Business Growth

SUPPLY, DEMAND, ENERGY AND LOCATION: THE FOUR PILLARS TO SUCCESS

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

Keeping sight of your business Hot topics facing Financial Services organisations in IT Internal Audit

Cyber security Building confidence in your digital future

Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape

IT Workforce snapshot

SUPPLY, DEMAND, ENERGY AND LOCATION: THE FOUR PILLARS TO SUCCESS

Western Australian Auditor General s Report. Information Systems Audit Report

NNIT Cybersecurity. A new threat landscape requires a new approach

Caretower s SIEM Managed Security Services

W H I T E P A P E R I n t u i t i v e e n t e r p r i s e a p p l i c a t i o n s i m p r o v e b u s i n e s s p e r f o r m a n c e

SOPRA-STERIA GROUP. Merger project Creation of a European leader in digital transformation

Global Cyber Security Market Forecast and Opportunities, 2020

W H I T E P A P E R I m p a c t o f C y b e r s e c u r i t y A t t a c k s a n d N e w - A g e S e c u r i t y S t r a t e g i e s

Fraud Solution for Financial Services

UK ICT Outsourcing Service Provider Performance and Satisfaction (SPPS) Study: 2013

A stocktaking of measures

National Cyber Security Policy -2013

MOBILE BANKING TESTING TIMES FOR APPS DEVELOPMENT RESULTS OF OUR SURVEY

Putting your best foot forward. Managing corporate security in a world of consumer devices an analysis of primary research

I D C M a r k e t S c a p e : W o r l d w i d e F i n a n c i a l S e r v i c e s C o n s u l t i n g V e n d o r A n a l y s i s

COMBATING CYBER THREATS: A HOW TO FOR THE CISO.

2015 GLOBAL THREAT INTELLIGENCE REPORT EXECUTIVE SUMMARY

Digital Transformation in Germany

Managing Growth, Risk and the Cloud

Dell Global Technology Adoption Index Overview

SETTING THE STANDARD FOR SUPPLY CHAIN SECURITY

RUAG Cyber Security. More security for your data

PMR. IT outsourcing in Central and Eastern Europe FREE ARTICLE.

Best practices FOR implementing an executive

AGILE BUSINESS SERVICES. Guiding and supporting your business. at any stage of your agile journey

2 Gabi Siboni, 1 Senior Research Fellow and Director,

Transcription:

A Steria Report Are European companies equipped to fight off cyber security attacks? Executive summary In collaboration with PAC è www.steria.com

è www.steria.com Are European companies equipped to fight off cyber security attacks? 3 FOREWORD Digital has opened up new ways of working and interacting socially. It has created open, collaborative and connected virtual environments on top of our physical environments. It has enabled electronic document exchange, mobility, cloud computing and social networks. But at the same time, it has opened up new prospects for malevolent acts. Even if complete protection is not possible, have they put in place the resources, solutions and governance needed to provide the best possible prevention, detection and protection? Do they have access to appropriate resources and offerings from security experts? Steria has surveyed 270 public and private sector organisations across Europe, lifting the veil on how Europe s firms are positioned today in terms of cyber security. We have also assessed what short- and mediumterm trends these organisations foresee. Cyber-related risks are greater than ever. It has been estimated that in 2012 the world saw a staggering 42% increase in targeted attacks compared to 2011, $110 billion worth of financial losses due to cyber attacks and more than $200 billion lost due to online fraud. Attacks are becoming more diverse, complex and professional on a daily basis, with increasingly serious effects on business and finance, as well as on firms competitiveness and reputations. To be able to make the most of all the business opportunities in our multi-faceted digital world, the key is to be properly armed for cyberwarfare, without making things too complex or cumbersome. Given this alarming state of affairs, we must ask whether companies have fully grasped the scope of the attacks with which they are increasingly being faced. Are they properly equipped to deal with major crises? Patricia Langrand Executive Vice President Group Business Development & Marketing, Steria Florent Skrabacz Head of Security Business, Steria

4 Are European companies equipped to fight off cyber security attacks? è www.steria.com OBJECTIVES AND METHODOLOGY Steria, a European leader in IT and business services, has worked with Pierre Audoin Consultants (PAC) to publish this independent report on cyber security. The report is based on a survey of 270 security decisionmakers in France, the United Kingdom, Germany and Norway. They represent small and medium companies, as well as large organisations working in all areas of activity. In this context, companies refers to both private and public-sector organisations. Large companies are defined as those with more than 5000 employees. Except where otherwise stated, all figures used in this report have been taken from this survey. The survey comprises a quantitative phase and a qualitative phase. The quantitative phase draws on 250 telephone interviews conducted as follows: 70 interviews in France, 70 in the UK, 17 in Germany and 40 in Norway. PAC also conducted 20 in-depth face-to-face interviews. Based on the same questionnaire as the quantitative interviews, these were an opportunity for security decision-makers from large companies and specialised government bodies to discuss their cyber security strategy and how it is implemented. This report provides an outlook on cyber security strategies and models for the next three years. Its purpose is to reveal how current and future threats are actually perceived by companies in Europe and the appropriateness or otherwise of the resources brought to bear. Are European companies equipped to fight off cyber security attacks? Between 500 and 1,000 employees Between 1,000 and 5,000 employees More than 5,000 employees 27% 63% 10% Figure 1 : Size of organisations surveyed (n = 270)

è www.steria.com Are European companies equipped to fight off cyber security attacks? 5 2% 36% 33% 22% 40% Between 500 and 1,000 employees Between 1,000 and 5,000 employees More than 5,000 employees 62% 67% 78% 60% Norway France UK Germany Figure 2 : Distribution by size and country (n = 270) 6% 6% 11% 6% 6% 12% 21% 12% 20% Banking Insurance Manufacturing Public sector Retail Services Telecom Transport Utilities Figure 3 : Distribution by business sector (n = 270)

6 Are European companies equipped to fight off cyber security attacks? è www.steria.com EXECUTIVE SUMMARY As concerns about the impact of cyber security rise in tandem with the uptake of digital technologies, this report sets out to examine where European companies currently stand in their defence of corporate assets and reputations. What measures do they have in place and how great an understanding is there of the scope and scale of cyber-related risks? The 270 security decision makers who took part in our survey across both public and private sector organisations revealed a number of challenges and opportunities in the corporate fight against cyber crime. 1.European companies have not yet fully grasped the scope of the attacks to which they will be increasingly exposed Despite the growing number of external attacks, European companies are still more concerned about internal attacks. More than 50% of companies still see external attacks as accounting for less than 20% of the threat. Despite the fact that organised crime and state-sponsored attacks are becoming an increasing and genuine threat, these types of attack are still of relatively little concern to European companies in the short and medium term. Overall, less than 15% of companies believe that, either currently or in the next three years, they will have to deal with organised crime; less than 6% believe they will have to deal with state-sponsored attacks. Only the largest organisations are starting to become concerned about this type of attack: 19% of them believe they will be faced with attacks from organised crime within the next three years, and 18% believe they will be faced with state-sponsored attacks. Data theft is a major concern and is likely to remain so. 60% of the companies surveyed say that data theft is one of the three most significant risks keeping them awake at night, and is set to remain so over the next three years. The impact of Prism, Bullrun, and Mandiant is clearly evident. Advanced Persistent Threats (APTs), a three-letter threat that should have heads of security quaking in their boots, has not yet been identified as one of the major risks. Only 12% of the companies identified APTs as one of the three chief threats. However, 35% of the largest companies are concerned about APTs.

è www.steria.com Are European companies equipped to fight off cyber security attacks? 7 European companies are confident about their future security in terms of available resources, funding, and their ability to withstand major risks 2.European companies appear extremely unruffled about the prospect of a major security crisis; 90% of them believe they are capable of dealing with one. One in five of the larger companies identifies a lack of experienced security resources as one of their main risks, but 85% of respondents believe that within the next three years they will have good access to the necessary skills. Security budgets have not been cut and are likely to remain protected: less than one third of the companies surveyed anticipate cuts. 85% of the respondents are of the opinion that they will have an appropriate security budget over the next three years. Maintaining these budgets is, however, accompanied by cost control, with cost KPIs in place in over half of the companies surveyed.

8 Are European companies equipped to fight off cyber security attacks? è www.steria.com It is unclear whether this show of confidence is backed up by reality. Many companies have not taken the most basic ad hoc measures to deal with crises 3.24/7 security is not yet standard: only one quarter of the companies surveyed have implemented it. Fewer than half of the largest companies benefit from this level of protection. As yet, companies have little insurance cover for cyber security risks and have not taken out this type of policy; two thirds of them do not plan to take out specific insurance in the future. Cyber risk insurance has not yet found its market: policies are seen as being too complex, with too many exclusions. Changes in cyber security strategy are not predominantly driven by changing cyber risks or the need to protect against cyber threats. Strategic priorities are directed more at risks arising from the use of new information and communication technologies, particularly with mobility and Bring Your Own Device (BYOD) policies.

è www.steria.com Are European companies equipped to fight off cyber security attacks? 9 Companies mostly adopt a self-reliant approach when dealing with risks 4.European companies identify a number of structural barriers to outsourcing (security criticality, giving priority to internal resources, etc). Only one in five of the largest companies would have no problem in outsourcing. There is a perceived lack of maturity in industry offerings: 20% of companies (and one in four large companies) have not yet found the right outsourcing offering for their requirements. Looking forward, however, companies believe they will be more willing to envisage outsourcing; almost three-quarters of them believe that they will outsource part of their security operations in the future. The most compelling argument in favour of outsourcing is cost reduction. For companies with over 5000 employees, however, improvements in attack detection rank second.

10 Are European companies equipped to fight off cyber security attacks? è www.steria.com The relationship between companies and their security partners will need 5.to change in coming years Within the next five years, more than one enterprise in four (and more than one large enterprise in three) believe that security is likely to be dealt with mainly by external providers. Over the same period, co-operation between companies in the same business sectors is predicted to become a reality: 15% of companies think they will end up pooling security resources with other players in their sector. Security as a service has not yet achieved market maturity. Less than 10% of companies have bought security as a service or plan to do so in 2014. However, companies of all sizes are open to this possibility in the future. Over 40% of all companies have already done so, or plan to do so ultimately.

è www.steria.com Are European companies equipped to fight off cyber security è www.steria.com attacks? 37 CONCLUSIONS AND RECOMMENDATIONS

38 Are European companies equipped to fight off cyber security attacks? è www.steria.com Being properly equipped to deal with cyber risks is vital to enable organisations small, medium and large to make the most of all the business opportunities available in a multi-faceted digital world. There is no such thing as zero risk, but European companies must put in place prevention, detection, protection and response resources commensurate with the actual threat levels. In view of the growing sophistication of attacks, European companies are still too focused on internal threats, and not concerned enough about new forms of external attack; they have not yet implemented even the most basic resources, for example in order to deal with major crises 24/7. However, there are some more positive observations. Firstly, budget decisions still favour security, with budgets in this field remaining intact and likely to do so in the future. Secondly, the fact that security is currently managed at high levels within companies favours the implementation of ambitious strategies that address business issues. While security experts clearly still have some way to go in tailoring their outsourcing offerings to client needs and making their solutions better known, improving attack detection is already cited as the second most important reason for outsourcing by major companies, just behind cost reduction. Awareness of outsourcing is growing as is the willingness to pool resources. Two thirds of the companies interviewed plan to make use of outsourcing in the future; over one quarter of them believe that five years from now, security will be handled mostly by external partners. Motives are still largely centred on cost control the chief criterion for evaluating security performance to date. It is now up to security experts to demonstrate the effectiveness of their capabilities in terms of attack prevention and detection (as well as response) if they are to persuade Europe s security decision-makers of the benefits of pooling protection resources.

è www.steria.com Are European companies equipped to fight off cyber security attacks? 39 a a a a Recommendations for optimum cyber security The above conclusion means that a number of recommendations can be made when it comes to defending the best interests of companies in cyberspace. The following recommendations in particular may be made: - greater co-operation is needed in Europe between security experts and all other stakeholders in order to create global, joint capabilities and to increase the firepower of European providers - performance measurement for security should be improved by focusing first and foremost on security itself (number of attacks detected and dealt with, response times, etc). Today, although security budgets have been maintained, the leading KPI is cost control, whereas greater expenditure may actually indicate better protection - 24/7 operational security management should be provided more systematically - there is a need to develop professional service offers that are better geared to addressing the twofold challenge of economic performance and security effectiveness, in line with companies expectations. a a a Some industry professionals have already invested heavily to develop top-ranking cyber security capabilities, and are inviting companies to benefit from these. Cooperation between Europe s security experts and companies is dependent on three factors: - better support by the experts to help companies understand security issues, diagnostics and the definition of the right governance and resources, in terms of criteria based on efficiency and return on investment - greater maturity of security implementation models in order to drive a much broader uptake whilst improving practices - developing innovative technological partnerships within Europe to provide better protection from the most sophisticated attacks (such as APTs) and to respond as quickly as possible. These recommendations will enable European companies to take hold of the many opportunities offered by every aspect of the digital world, whilst keeping cyber risks under control. As a result, companies will be able to express cautious confidence in their digital activities and cyber security controls and, just as importantly, be justified in doing so.

42 Are European companies equipped to fight off cyber security attacks? è www.steria.com About PAC Pierre Audoin Consultants (PAC) is a privately held and management-owned research & consulting firm, specialized on the software and ICT services (SITS) industry. PAC combines detailed knowledge of the local ICT markets in 30+ countries around the globe, with a strong European heritage. At present, PAC is the most reliable source of European IT market intelligence. With a growing network of 120 industry analysts and consultants around the globe, PAC and its partners ensure local presence in the major IT markets. For more information, visit: https://www.pac-online.com/

è www.steria.com Are European companies equipped to fight off cyber security attacks? 43 About Steria Steria delivers IT enabled business services and is the Trusted Transformation Partner for private and public sector organisations across the globe. By combining in depth understanding of our clients businesses with expertise in IT and business process outsourcing, we take on our clients challenges and develop innovative solutions to address them efficiently and profitably. Through our highly collaborative consulting style, we work with our clients to transform their business, enabling them to focus on what they do best. Our 20,000 people, working across 16 countries, support the systems, services and processes that make today s world turn, touching the lives of millions around the globe each day. For more than 20 years, Steria has been the trusted partner of both private businesses and public organisations seeking a security services provider to protect their infrastructures, applications and data. With more than 700 experts throughout Europe, Steria manages every stage of the security lifecycle, from agreeing on a security strategy through to running day-to-day routine tasks. Steria s deep consulting skills allow the company to recommend the most efficient security policies and improve clients return on investment. Steria s Advanced Security Operations Centre (SOC) ensures early detection and prevention of the most complex threats, including APTs (Advanced Persistent Threats), as well as an appropriate, proactive response. Steria also delivers digital trust solutions tailored to clients specific requirements and business processes: identity and access management and authentication, data protection, cloud security, mobile security and more. Founded in 1969, Steria has offices in Europe, India, North Africa and SE Asia and a 2012 revenue of 1.83 billion. Over 20%(*) of Steria s capital is owned by its employees. Headquartered in Paris, Steria is listed on the Euronext Paris market. (*): including SET Trust and XEBT Trust (4.15% of capital)

www.steria.com @Steria_cybersec Groupe Steria SCA 43-45 Quai du Président Roosevelt 92130 Issy-les-Moulineaux France Steria is committed to supporting a sustainable world and is Certified Carbon Neutral for Flight and Fleet Travel Steria

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information