The latest “State of Information Security Survey” from consulting firm PcW sheds some new light on what organizations are doing to protect their data assets from hacker attacks and other incidents. And it helps to illustrate how cyber security has become a top-of-mind consideration for business leaders as they try to stay a step ahead of the bad actors.
PwC’s Global State of Information Security Survey 2016 conducted in conjunction with CIO and CSO, explores how executives are looking toward “new innovations and frameworks to improve security and mitigate enterprise risk,” according to the report.
The global survey was conducted online in May and June 2015, and includes responses from more than 10,000 executives including CEOs, CFOs, CISOs, CIOs, CSOs from more than 127 countries. Among the key findings are that organizations are clearly devoting more resources toward their security efforts, which is certainly good news for security executives looking to bolster their companies’ defenses against increasingly sophisticated attacks.
Survey respondents boosted their information security budgets by 24% in 2015, a reversal of the slight drop in security spending in 2014. They are also spending more on insurance against losses from security breaches. More than half (59%) are buying cyber security insurance to help mitigate the financial impact of cyber crimes when they do occur.
It’s not just a matter of organizations putting more money into security efforts, however. Security management is at the C-level at many companies, with 54% having a CISO in charge of the security program. The most frequently cited reporting structure is the CEO, CIO, board and CTO, in that order.
Business leaders at the highest levels are becoming more involved in initiatives to protect corporate information assets. There has been increasing involvement by boards of directors, the report says, with 45% of boards now participating in the overall security strategy of their organizations.
This deepening of board involvement has helped improve security practices in numerous ways, the study notes. “As cyber risks become increasingly prominent concerns in the C-suite and boardroom, business leaders are increasingly rethinking cyber security practices, focusing on a nexus of innovative technologies that can reduce enterprise risks and improve performance,” it says.
And as David Burg, PwC’s global and U.S. advisory cyber security leader notes, "we are seeing more of what we once saw as a risk being turned into possible solutions. For example, many organizations are embracing advanced authentication as a cloud service in place of solely password based authentication."
The deployment of traditional cyber security measures to an increasingly cloud-based environment is an example of this effort, the report says, with considerable investments being made to create new network infrastructure capabilities that enable improved intelligence gathering, threat modeling, defense against attacks and incident response. About 70% of the survey respondents said they use cloud-based security services to help protect sensitive data and ensure privacy and the protection of consumer information.
Organizations are also putting in place comprehensive frameworks to deliver enterprise-wide security. A huge majority of those surveyed (91%), say their organization has adopted a security framework or an amalgam of frameworks. New tools are helping companies to transform their cyber security frameworks, yielding “holistic, integrated safeguards against cyber attacks,” the study says.
In addition, more efforts are underway to share information about security threats. Over the past three years the number of organizations that leverage external collaboration has steadily risen. About two thirds (65%) of survey respondents said they are collaborating with others to enhance security. As more organizations share more data with a growing number of business partners and customers, it makes sense that they also would share intelligence on cyber security threats and responses, the report notes.
The greater emphasis on cyber security comes as organizations face increasing threats from a growing number of sources. In the latest survey there was a 38% increase in detected information security incidents.
Big data and the emerging Internet of Things (IoT) are presenting both challenges and opportunities for security programs. For example, while big data is often considered a cyber security liability, 59% of the respondents are leveraging data-powered analytics to improve security by shifting security away from perimeter-based defenses and enabling organizations to put real-time information to use in ways that create value.
IoT is expected to increase the stakes for securing cloud-based networks in the years ahead, as the number of Internet-connected devices continues to surge to more than 30 billion by 2020, the report notes. Investments aimed at addressing these issues doubled in 2015. But only 36% of the survey respondents said they have a strategy specifically addressing the IoT.