The Global State of Information Security Survey 2014 personalized benchmark report
About The Global State of Information Security® Survey 2014
As digital technologies become universal, they have transformed the business environment.
Organizations are increasingly interconnected, integrated, and interdependent. They employ technology and ubiquitous connectivity to share an unprecedented volume of information assets with customers, service providers, suppliers, partners, and employees. Today’s new world of quickly evolving security risks demands that organizations treat information security threats as enterprise risk-management issues that can critically threaten business objectives.
Against this backdrop, we asked security and IT professionals to tell us how they are addressing information security imperatives, and how well their privacy and information security safeguards are aligned with business objectives. The results of The Global State of Information Security® Survey 2014 show that 74% of executives across industries say their security activities are effective. And more than 80% of respondents say security spending and policies are aligned with business objectives. Half of respondents consider themselves Front-runners, indicating they have an effective strategy in place and are proactive in executing the plan.
Yet security incidents are increasing. Survey respondents report a 25% jump in detected incidents over last year. Similarly, 24% of respondents reported loss of data as a result of security incidents, a hike of 17% over 2012. And average financial losses associated with security incidents rose 18% over last year.
Insiders, particularly current or former employees, are cited as a source of security incidents by most respondents. Hackers, however, are cited by 32% of survey respondents as the source of incidents, an increase of 27% over last year.
Given these results, it’s not entirely surprising that many survey respondents report they have not implemented technologies and processes that provide new insight into current risks. For instance, 52% of respondents have not deployed behavioral profiling and monitoring tools, and fewer (46%) do not employ security information and event-management technologies. We also found that 42% of respondents do not use data loss prevention tools. And despite the increasing value of IP, many respondents do not adequately identify and safeguard their high-value information.
If few organizations have kept pace with today’s escalating cybersecurity risks, fewer still are prepared to manage future threats.
“You can’t fight today’s threats with yesterday’s strategies,” says Gary Loveland, a principal in PwC’s security practice. “What’s needed is a new model of information security, one that is driven by knowledge of threats, assets, and the motives and targets of potential adversaries.”
This evolved approach requires that organizations identify their most valuable assets and prioritize protection. Security incidents should be seen as a critical business risk that may not always be preventable, but can be managed to acceptable levels. And it is essential that security is a foundational component of the business strategy, one that is championed by the CEO and board, and adequately funded.
In this new model of information security, knowledge is power. Seize it.
The Global State of Information Security® Survey 2014 is a worldwide study by PwC, CIO magazine, and CSO magazine. It was conducted online from February 1, 2013, to April 1, 2013. Readers of CIO and CSO magazines and clients of PwC from around the globe were invited via e-mail to take the survey. The results discussed in the report are based on the responses of more than 9,600 CEOs, CFOs, CISOs, CIOs, CSOs, vice presidents, and directors of IT and information security from 115 countries. Thirty-six percent of respondents were from North America, 26% from Europe, 21% from Asia Pacific, 16% from South America, and 2% from the Middle East and Africa. The margin of error is less than 1%. All figures and graphics in this report were sourced from survey results.