Information security incidents continue to spike; there has been a 38% increase in detected information security incidents in the past year. Attacks on mobile devices went up to 36% of incidents, up from 24% just a year prior; the result is more adept assaults, combined with new risks to data introduced by the digitization of business functions, mobility, the cloud and greater user of data analytics. We are seeing a realization that combating these threats is about more than just technology, but rather an approach that requires organizations to rethink their approach to information security from the top-down.
The Global State of Information Security Survey 2016, a worldwide survey by CIO magazine, CSO and PwC, features results from an online survey conducted of more than 10,000 executives from more than 127 countries, with North America (37%) and Europe (30%) representing the largest proportion of respondents. The report, while highlighting some troublesome areas in information security, does indicate active work by organizations to create more effective cybersecurity and information security programs. 91% of respondents have adopted a risk-based cybersecurity framework, the first step toward understanding risk needs in order to implement effective security controls, technologies and awareness programs.
Insight from the study includes:
- Employees, contractors and partners are the estimated source for most data security incidents. The survey attributes 34% of data breaches to current employees, 28% to past employees; 22% to current service providers/consultants/contractors, 19% to past providers/consultants/contractors; 16% to suppliers/business partners
- Healthcare organizations have less insight into security incidents, with a higher proportion of “do not know” for the estimated likely source of security incidents. 11.64% of global healthcare respondents, and 15.56% of North American healthcare respondents, did not know the source of security incidents (compared to the 8.69% global average)
- 10% of respondents estimate total financial losses as a result of all security incidents in excess of $10 million
- North American healthcare organizations are leading for proactive change, with 66% having a CISO in charge of security (vs 54% global average) and 76% having security awareness and training (vs 53% global average)
- Active board participation in cybersecurity strategy is slowly gaining traction, at 45%
- 32% of organizations have detected 50 or more security incidents in the past 12 months
PwC has provided a Data Explorer option allowing you to filter many of the results by industry, region and company size, to make the data as relevant as possible. Part of making data security a business issue, which is necessary to achieve a top-down culture that prioritizes data security, is “selling” the realities of data security. Relevant industry-specific data, combined with internal data on individualized risk profiles, is one way you can ensure that cyber and data security remains on the docket of board and executive discussions.
Richard Home, PwC Cyber Security partner, notes: “In our digitally-interconnected world, businesses cannot stand still. They need to prepare and continually test their defences – and respond to breaches – in the face of incredibly sophisticated attacks. This requires commitment and leadership from the very top of an organisation to prevent breaches, but also to detect and respond to them rapidly and in the right way when they happen.”
In our own whitepaper, The Enemy Within – Insiders are still the weakest link in your data security chain. we talk about the challenges that “people” pose to data security and how Absolute DDS can help your organization plug the security holes created by mobility and the role of insiders. Our unique Persistence technology offers an important layer to any data security strategy and helps mitigate the risk of human error, rogue employees, and cybercrime. Learn more at Absolute.com