Insights by industry

Insights by industry

Aerospace & Defense:

  • Reported security incidents are on the rise.The number of respondents reporting the most numerous category of security incidents – 50 or more per year – jumped 16% over 2011 and 450% over 2010. Those reporting 10-49 incidents almost doubled over last year.
  • A&D respondents know less about their data now than they did three years ago. While approximately 80% of respondents say protecting customer and employee data is important, far fewer understand what that data entails and where it is stored. This is significant because, increasingly, consumers want to be in control of their personal data and “turn off” the flow of information from companies.
Download a pdf to learn more about this topic

Automotive

  • While automotive respondents are confident in their security practices, fewer rank themselves at the top. This year 43% of industry respondents say their organisation has a strategy in place and is proactive in executing it – down from 54% in 2011.
  • Many automotive respondents are not prepared to handle customer data from in-vehicle information services. Telematics is expanding to on-the-go communications. Yet 43% of automotive respondents say they are not ready to secure this data or do not know if they can secure it. Many cite authentication and security infrastructure as top obstacles.
Download a pdf to learn more about this topic

Energy - Oil & Gas

  • O&G respondents are confident in their security practices. 42% of O&G respondents say their organisation has a strategy in place and is proactive in executing it – exhibiting two distinctive attributes of a leader.
  • O&G is trying to catch up to known cyber-security problems. 53% of O&G respondents say known weaknesses and incidents drive security spending, but just 47% address cyber security on an enterprise level. Similarly, 47% have programs in place to address Advanced Persistent Threats (APTs).
Download a pdf to learn more about this topic

Entertainment & Media

  • And while most respondents say their customer information is secure, that confidence is eroding. A strong 71% of E&M respondents say their organisation has a solid strategy for protecting customer information – but that’s down from last year’s 83%. Protecting data is essential to customer loyalty. In fact, a recent PwC consumer survey found that 61% of respondents would stop using a company’s products or services after a breach.
  • Security budgets are not driven by security needs. Economic conditions are by far the largest driver of security spending, at 44%. That’s a lower percentage than 2011 and 2010, but still a risky way to set priorities. Business continuity/disaster recovery was the highest-rated security-specific response, at 31%.
Download a pdf to learn more about this topic

Financial Services

  • Why financial services firms are unwilling to collaborate with each other on strengthening security. Only 55% of respondents say their firm works with other financial services companies to improve security practices. Why not more? It’s all about competition.
  • Many financial services respondents lack incident response processes and compliance policies for third-parties. 78% of respondents are confident that they have instilled effective security behaviours into their organisation’s culture, yet many do not have a process in place to handle third-party breaches. What’s more, fewer than half require third parties to comply with privacy policies. This suggests a troubling gap in perception.
Download a pdf to learn more about this topic

Health Provider

  • Most respondents say their information security activities are effective, but this confidence is eroding. Confidence is a good thing. A strong 65% of healthcare provider respondents say they are confident their company’s security activities are effective, but they may not realize that assurance has dropped considerably since 2009.
  • New electronic data technologies and services are driving spending. Implementation of electronic health records and public health records is, at 60%, the top driver of security spending, followed by the use of new health data technologies and services.
Download a pdf to learn more about this topic

Industrial Products

  • Security plans for manufacturing control systems have declined significantly. The number of industrial products respondents who have security policies for manufacturing control systems dropped 23% over last year. This is significant because these systems are increasingly linked to the Internet, which can leave them vulnerable to cyber attack.
  • Among industrial products respondents, the outlook for security spending over the next 12 months is mixed. Only 45% of respondents expect security budgets to increase in the year ahead, a substantial decline over last year. More encouragingly, respondents report fewer deferrals and fewer budget cutbacks. Compared with last year, for instance, 23% fewer respondents say their company has cut capital spending for security initiatives.
Download a pdf to learn more about this topic

Pharmaceuticals

  • Reported security incidents are on the rise. 11% of pharma respondents report 10-49 security incidents in the last 12 months, up from 8% in 2011. Those reporting the most numerous category of incidents – 50 or more per year – leveled off at 11%, the same as last year but far above rates in previous years. One in four respondents do not know the number of incidents, an uncertainty that suggests ineffective security practices.
  • Among pharma respondents, the outlook for security spending over the next 12 months is mixed. 37% of respondents expect security budgets to increase in the year ahead. More encouragingly, respondents report fewer deferrals and fewer budget cutbacks for security initiatives. Compared with last year, for instance, 31% more respondents say they had not deferred security programs requiring operating expenditures.
Download a pdf to learn more about this topic

Public sector

  • The global public sector should expand its definition of a ‘security culture’ to include protection from third parties. 59% of respondents, representing local, state, and national governments, are confident that they have instilled effective security behaviours into their culture. Yet most do not have a process in place to handle third-party breaches, and only 34% require third parties to comply with privacy policies. This suggests a troubling gap in perception – and demonstrates differing security capabilities of governments around the world.
  • Creation of ‘cyber commands’ to guard against attacks has stalled. Fewer than one-third of respondents say they are setting up centralised departments to protect public sector IT systems from cyber attacks. That’s a drop of 38% over last year.
Download a pdf to learn more about this topic

Retail & Consumer

  • Many R&C respondents are unsure how to handle sensitive data in the cloud. As cloud computing moves from hype to mainstream, many respondents are grappling with protection of sensitive data in the cloud or other third-party environments. Their biggest concern? Ensuring compliance with data security regulations.
  • Reported security incidents appear to be leveling off after a big rise – but that may not tell the whole story. The number of respondents reporting 50 or more security incidents per year has leveled off – a good sign. But the frequency of respondents who did not know how many security incidents they had experienced almost doubled, suggesting ineffective security practices.
Download a pdf to learn more about this topic

Technology

  • Many technology respondents are over-confident in their organisation’s security programm. 74% of respondents are confident that they have instilled effective security behaviours into their organisation’s culture, yet many do not have a process in place to handle third-party breaches. What’s more, only 30% require third parties to comply with privacy policies. This suggests a troubling gap in perception.
  • Technology adoption is moving faster than security implementation. As with many industries, technology companies are struggling to keep pace with the adoption of cloud computing, social networking, mobility, and use of personal devices. These new technologies often are not included in overall security plans even though they are widely used. In a recent survey, for instance, we found that 88% of consumers use a personal mobile device for both personal and work purposes.
Download a pdf to learn more about this topic

Telecommunications

  • Threats from insiders – current and former employees – have increased. Security incidents attributed to current employees are at the highest level in years, as are those attributed to former workers. On the other hand, 23% of this year’s respondents point the finger at competitors.
  • Telecom respondents know less about their data now than they did three years ago. While more than 80% of respondents say protecting customer and employee data is important, far fewer understand what that data entails and where it is stored. This is significant because, increasingly, consumers want to be in control of their personal data and “turn off” the flow of information from companies.
Download a pdf to learn more about this topic

Power & Utilities

  • Utilities are trying to catch up to known cyber-security problems. 42% of utilities respondents invest in cyber security primarily to address known weaknesses and incidents. But just 40% address cyber security on an enterprise level and only 35% have programmes in place to combat Advanced Persistent Threats (APTs).
  • What keeps security from being what it should be? 52% of utilities respondents continue to perceive top-level leadership as an obstacle to more effective security, although fewer identify CEOs as a stumbling block this year. A lack of vision and a dearth of in-house technical expertise continue to be a concern.
Download a pdf to learn more about this topic
 
  • Print
Find a contact in your region