www.pwc.com/ca/security
Insights from The Global State of Information Security® Survey 2016
Ottawa, OntarioApril 13, 2016
Trends in Cybersecurity and Privacy
PwC
Your speakers today
2
April 2016Canadian Insights – The Global State of Information Security® Survey 2016
Anthony DiasDavid Craig
PwC
The digital world just got bigger
Canadian Insights – The Global State of Information Security® Survey 2016
3
April 2016
The evolution:
• Technology-led innovation is transforming business models.
• Organizations operate in a dynamic environment that is increasingly hyper-connected and interdependent.
Leading to:
• Traditional threats are manifesting increasingly through digital channels.
• Benefits of same technological advances are being exploited by an increasing number of global cyber adversaries.
• Adversaries are actively targeting critical assets throughout the ecosystem.
• Data is distributed and disbursed, increasing the potential for loss and exposure.
PwC
Canadian insights
April 2016Canadian Insights – The Global State of Information Security® Survey 2016
4
PwC
Methodology
5
• Readers of CSO and CIO and clients of PwC from 127 countries
• 37% respondents from North America, 30% from Europe, 16% from Asia Pacific, 14% from South America and 3% from the Middle East and Africa
The Global State of Information Security® Survey 2016, a worldwide study by PwC, CIO and CSO, was conducted online from May 7, 2015 to June 12, 2015.
Canadian Insights – The Global State of Information Security® Survey 2016 April 2016
www.pwc.com/gsiss
PwC
The Global State of Information Security® Survey 2016
6
Respondents
• 51% C-suite level
• 15% Director level
• 34% Other (e.g. Manager, Analyst, etc.)
• 39% Business and 61% IT (18% increase compared to 2014)
10,040 17Industries represented
Top 5
• 22% Technology
• 10% Financial Services
• 8% Consulting/Prof. Services
• 7% Engineering/ Construction
• 7% Consumer Products & Retail
Reported annual revenues
• 34% at least US$1B
• 48% US$25 to $999M
• 26% less than US$100M
• 3% non-profit
Canadian Insights – The Global State of Information Security® Survey 2016 April 2016
PwC
Profile of Canadian respondents
7
Respondents
• 35% C-suite level
• 25% Director level
• 40% Other (e.g. Manager, Analyst, etc.)
• 34% Business and 66% IT (17% increase compared to 2014)
157 17Industries represented
Top 5
• 19% Technology
• 12% Financial Services
• 9% Engineering/ Construction
• 9% Government Services
• 8% Agriculture
Reported annual revenues
• 31% at least US$1B
• 52% $25 to US$999M
• 21% less than US$100M
• 4% non-profit
Canadian Insights – The Global State of Information Security® Survey 2016 April 2016
PwC
Top 4 global cybersecurity trends
8
Rise of state-directed capitalism: New threats and actors
Technology as a tool:Risks and opportunities
Global instability: Cybersecurity as a top strategic priority
Competition for resources: Talent is key
Canadian Insights – The Global State of Information Security® Survey 2016
1
2
3
4
April 2016
PwC
Organizations today face four main types of cyber adversaries
9
Nation state
Insiders &Former Insiders
Organized crime
Hacktivists
• Military, economic or political advantage
• Immediate financial gain• Collect information for
future financial gains
• Personal advantage, monetary gain
• Professional revenge• Bribery or coercion
• Influence political and /or social change
• Pressure business to change their practices
MotivesAdversary
• Trade secrets• Sensitive business information• Emerging technologies• Critical infrastructure
• Financial / payment systems• Personally Identifiable
Information• Payment Card Information• Protected Health Information
• Critical infrastructure• Operational technologies• Highly visible venues
• Corporate secrets• Sensitive business information• Information related to key
executives, employees, customers & business partners
Targets
• Loss of competitive advantage• Disruption to critical
infrastructure
• Costly regulatory inquiries and penalties
• Consumer and shareholder lawsuits
• Loss of consumer confidence
• Destabilize, disrupt, and destroy physical and logical assets
• Disruption of business activities• Brand and reputation• Loss of consumer confidence
Impact
Adversary motives and tactics evolve as business strategies change and business activities are executed; ‘crown jewels’ must be identified and their protection prioritized, monitored and adjusted accordingly.
Canadian Insights – The Global State of Information Security® Survey 2016 April 2016
PwC
2016 Canadian insights at a glance
10
160% increase in detected incidents in Canada (over 2014)
Incidents attributed to foreign nation-states increased the most ( up 67%over 2014) while employeescontinue to be the most cited source of incidents (66%)
Averagefinancial loss due to detected incidents is $1M (18%decrease from 2014)
Attacks on IoT devices and systems are on the rise
Customer records continue to be the most targeted data (36%)
Security spending increased by 82% over 2014, currently at 5%of IT spend
Canadian Insights – The Global State of Information Security® Survey 2016 April 2016
PwC
Board participation in cybersecurity programs continues to grow
11
Security budget
Overall security strategy
Security policies
Security technologies
Review of security & privacy risks
Board participation in cybersecurity
20142015
20142015
25%50%40%46%
38%40%42%45%
25%37%36%41%
16%36%30%37%
25%34%25%32%
Canadian Insights – The Global State of Information Security® Survey 2016 April 2016
PwC
Organizations are investing in core safeguards to better defend their ecosystems against evolving threats
12
Canadian Insights – The Global State of Information Security® Survey 2016
Have an overall information security strategy
65% 58%
Have a CISO in charge of security
50% 54%
Employee training and awareness programs
57% 53%
Conduct threat assessments
50% 49%
Have security baselines / standards for third parties
55% 52%
Active monitoring analysis of security intelligence
54% 48%
April 2016
PwC
Public sector insights
April 2016Canadian Insights – The Global State of Information Security® Survey 2016
13
PwC
2016 public sector insights at a glance
14
137% increase in detected incidents in Canada (over 2014)
Incidents attributed to service providers increased the most while employeescontinue to be the most cited source of incidents
Estimated financial losses increased 27%over last year
Citizen and employee records continue to be the most targeted data
Security spending increased by 23% over 2014, currently at 5%of IT spend
April 2016Public Sector Insights – The Global State of Information Security® Survey 2016
PwC
Public sector organizations are also investing in new and innovative safeguards
15
April 2016Public Sector Insights – The Global State of Information Security® Survey 2016
Use cloud-based cybersecurity services
56%
of respondents use big data analytics for cybersecurity44%
of respondents formally collaborate with others in on cybersecurity62%
of respondents have purchased cybersecurity insurance46%
of respondents used risk-based security frameworks92%
PwC
Top five priorities for public sector agencies
16
April 2016Public Sector Insights – The Global State of Information Security® Survey 2016
24/7 monitoring for incidents1Enhancing cybersecurity with cloud computing2
3
4
5
Making mobile devices more secure
Better ways to manage access
Compliance is key
PwC
Internal Audit Messaging
April 2016Canadian Insights – The Global State of Information Security® Survey 2016
17
PwC
Emerging issues in regulation
18
Insider Risk Program maturity
Collaboration with others
Privacy
Mandatory breach notification
Canadian Insights – The Global State of Information Security® Survey 2016 April 2016
PwC
Key messages for Audit Professionals
19
Keep a Risk focus, and monitor maturity improvement
Cybersecurity & Privacy are business issues - avoid the
technology trap
Expand your network –collaboration extends to audit as
well
Talent issues – recruitment, retention, training, certifications, engagement
now more critical
InternalAudit
Canadian Insights – The Global State of Information Security® Survey 2016April 2016
PwC
What are the areas of Audit Committees focus?
1. Data(what, where, who)
2. Insiders(current & former)
3. Third Parties(connected 3rd parties)
4. Incident Response Plans(written, rehearsed,collaboration partners)
20
Canadian Insights – The Global State of Information Security® Survey 2016 April 2016
PwC
For more information, please contact:
Visit www.pwc.com/gsiss to explore the data further.
21
The Global State of Information Security® is a registered trademark of International Data Group, Inc.
© 2016 PricewaterhouseCoopers LLP, an Ontario limited liability partnership. All rights reserved. PwC refers to the Canadian member firm, and may sometimes
refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details. The content of this presentation is
for general information purposes only, and should not be used as a substitute for consultation with professional advisers.
www.pwc.com/ca/security
April 2016Canadian Insights – The Global State of Information Security® Survey 2016
Anthony Dias, Partner, Risk Assurance613 755 [email protected]
David Craig, Partner, Risk Assurance416 814 5812 [email protected]
Top Related