While 84% of CEOs say they are confident in their security programme, closer scrutiny reveals there are far fewer real information security leaders than front-runners.
Average losses are up 18% over last year, and big liabilities are increasing faster than smaller losses—with $10+ million losses up 51% from 2011.
Despite the potentially devastating consequences, many respondents do not adequately safeguard their high-value intellectual property. And, while nearly half of respondents regularly use cloud computing, four out of five do not include cloud provisions in their security policies.
Increasingly, companies are rethinking the fundamentals of security—and seeing security as a business imperative, not just an IT challenge.
South America is poised to take the lead in information security investment, safeguards, and policies. Asia Pacific remains strong. Europe and North America generally lag.
Effective security requires implementation of numerous technical, policy, and people safeguards. Here are ten essential safeguards that every company should have.
Security incidents rising
Preparing for tomorrow’s threats
The global picture
The future of security
The Global State of Information Security® Survey 2014 shows that executives are generally heeding the need to fund enhanced security activities and have substantially improved technology safeguards, processes, and strategies. Budgets are rising and confidence continues to climb.
But not so fast: The survey also reveals that while many organisations have raised the bar on security, their adversaries are continuing to outpace them. Detected security incidents have increased—and so has the cost of breaches. And hot-button technologies like cloud computing, mobility, and BYOD (“bring your own device”) are often being implemented before they are secured. Adding to the challenge, many executives are hesitant to share security intelligence with others—forgoing a powerful offensive tool against targeted, dynamic attacks.
And, if few organisations have kept pace with today’s escalating risks, fewer still are prepared to manage future threats. “You can't fight today's threats with yesterday’s strategies,” argues Gary Loveland, a principal in PwC’s security practice. “What’s needed is a new model of information security, one that is driven by knowledge of threats, assets, and the motives and targets of potential adversaries.”