Key findings

Key Findings

Confidence in an era of advancing risks

While 84% of CEOs say they are confident in their security programme, closer scrutiny reveals there are far fewer real information security leaders than front-runners.

Learn more

Key Findings

Today’s incidents, yesterday’s strategies

Average losses are up 18% over last year, and big liabilities are increasing faster than smaller losses—with $10+ million losses up 51% from 2011.

Learn more

Key Findings

A weak defence against adversaries

Despite the potentially devastating consequences, many respondents do not adequately safeguard their high-value intellectual property. And, while nearly half of respondents regularly use cloud computing, four out of five do not include cloud provisions in their security policies.

Learn more

Key Findings

Preparing for the threats of tomorrow

Increasingly, companies are rethinking the fundamentals of security—and seeing security as a business imperative, not just an IT challenge.

Learn more

Key Findings

The global cyber-defence race

South America is poised to take the lead in information security investment, safeguards, and policies. Asia Pacific remains strong. Europe and North America generally lag.

Learn more

Key Findings

The future of security: Awareness to Action

Effective security requires implementation of numerous technical, policy, and people safeguards. Here are ten essential safeguards that every company should have.

Learn more

  • Advancing risks

  • Security incidents rising

  • Inadequate defences

  • Preparing for tomorrow’s threats

  • The global picture

  • The future of security

 

The Global State of Information Security® Survey 2014 shows that executives are generally heeding the need to fund enhanced security activities and have substantially improved technology safeguards, processes, and strategies. Budgets are rising and confidence continues to climb.

But not so fast: The survey also reveals that while many organisations have raised the bar on security, their adversaries are continuing to outpace them. Detected security incidents have increased—and so has the cost of breaches. And hot-button technologies like cloud computing, mobility, and BYOD (“bring your own device”) are often being implemented before they are secured. Adding to the challenge, many executives are hesitant to share security intelligence with others—forgoing a powerful offensive tool against targeted, dynamic attacks.

And, if few organisations have kept pace with today’s escalating risks, fewer still are prepared to manage future threats. “You can't fight today's threats with yesterday’s strategies,” argues Gary Loveland, a principal in PwC’s security practice. “What’s needed is a new model of information security, one that is driven by knowledge of threats, assets, and the motives and targets of potential adversaries.”

Confidence in an era of advancing risks

  • Confidence is high: many believe their security activities are effective, and top executives are even more confident.
 
 
  • Half of respondents consider themselves “front-runners,” ahead of the pack in strategy and execution of security practices.
  • Closer scrutiny reveals far fewer real leaders than front-runners.
  • Information security budgets increase significantly.
 
 

Today’s incidents, yesterday’s strategies

  • Respondents are detecting more security incidents.
 
 
  • Employee and customer data continue to be easy targets.
  • The financial costs of incidents are rising, particularly among organisations reporting high dollar-value impact.
 
  • Organisations that identify as front-runners report a high cost per security incident, leaders claim the lowest cost.
  • Insiders, particularly current or former employees, are cited as a source of security incidents by most respondents.
  • While attacks backed by nation-states make headlines, your organisation is more likely to be hit by other outsiders.

A weak defence against adversaries

  • Many organisations have not implemented technologies and processes that could provide insight into today’s risks.
 
 
  • Despite the potential consequences, many respondents do not adequately safeguard their high-value information.
  • Mobility has generated a deluge of business data, but deployment of mobile security has not kept pace with its use.
 
 
  • Almost half of respondents use cloud computing—yet often do not include cloud in their security policies.
  • 28% of respondents do not collaborate with others to improve security, forgoing a powerful offensive tool.

Preparing for the threats of tomorrow

  • Leaders are enhancing capabilities in ways that show security is now a business imperative—not just an IT challenge.
  • Many organisations have invested in technology safeguards to secure their ecosystems against today’s evolving threats.
  • Some of the highest-priority investments include technologies that can help an organisation protect its most valuable assets and gain strategic advantages.
  • Global leaders are likely to see the potential benefits of collaboration and information-sharing.
 
 
  • Effective security demands that organisations align information security with business strategy and objectives.
  • More money and committed leadership are needed to overcome obstacles to advancing security.
 
 

The global cyber-defence race

  • South America is poised to take the lead in information security investment, safeguards, and policies.
  • China has the advantage in implementation of technology safeguards to protect against today’s dynamic threats.
  • The fusion of cloud computing, mobility, personal devices, and social media is a challenge for all countries.

The future of security: Awareness to Action

  • The fundamental safeguards you’ll need for an effective security programme.
  • Beyond the fundamentals: A new approach to security for a new world.
The Global State of Information Security® is a registered trademark of International Data Group, Inc.