The Global State of Information Security® Survey 2016

Key themes

By now, the numbers have become numbing. Cybersecurity incidents are daily news, with reports of escalating impacts and costs that are sometimes measured in the billions. Take a look beyond the headlines, however, and you’ll find new reasons for optimism.

The rewards of risk-based frameworks

The vast majority of organisations—91 %—have adopted a security framework or, more often, an amalgam of frameworks.

The most frequently followed guidelines are ISO 27001, the US National Institute of Standards and Technology (NIST) Cybersecurity Framework and SANS Critical Controls. Respondents say adoption of these types of guidelines enable them to identify and prioritise threats, quickly detect and mitigate risks and understand security gaps.

A risk-based framework allows companies to better communicate and collaborate on cybersecurity efforts, internally and externally. These frameworks also can help businesses design, monitor and measure goals toward an improved cybersecurity programme. And many say that risk-based standards have helped ensure that sensitive data is more secure.

Harnessing the power of cloud-enabled cybersecurity

Cloud computing has emerged as a sophisticated cybersecurity tool in recent years as providers have steadily invested in advanced technologies for data protection, privacy, network security, and identity and access management. Many also have added infrastructure capabilities that enable them to improve intelligence gathering and threat modelling, better block attacks and accelerate incident response.

It’s no wonder, then, that 69 % of survey respondents said they use cloud-based cybersecurity services to help protect sensitive data and ensure privacy. And they entrust a broadening range of critical services to the cloud, including real-time monitoring and analytics, advanced authentication, and identity and access management.

The big impact of Big Data

Big Data is getting bigger. This year, 59% of respondents leverage Big Data analytics to model and monitor for cybersecurity threats, respond to incidents, and audit and review data to understand how it is used, by whom and when.

A data-driven approach can shift cybersecurity away from perimeter-based defences and enable organisations to put real-time information to use in ways that can help predict cybersecurity incidents. Data-driven cybersecurity allows companies to better understand anomalous network activity and more quickly identify and respond to cybersecurity incidents.

Some businesses are combining Big Data with existing security information and event management (SIEM) technologies to generate a more extensive view of network activity. Others are exploring the use of data analytics for identity and access management to monitor employee usage patterns, flag outliers and identify improper access.

Partnering up to sharpen security intelligence

Over the past three years, the number of organisations that embrace external collaboration has steadily increased. This year, 65% of respondents said they collaborate to improve cybersecurity and reduce cyber-risks, up from 50% in 2013.

And those that do work with others cite clear benefits. Most organisations say external collaboration allows them to share and receive more actionable information from industry peers, as well as Information Sharing and Analysis Centres (ISACs), government agencies and law enforcement. Many also say information sharing has improved their threat awareness.

Organisations that do not collaborate often cite the lack of an information-sharing framework, as well as incompatible data formats and platforms. Another weakness: Updates are not communicated at network speed.

The evolving involvement of top executives

Technology advances can dim the focus on the cybersecurity competencies and training of people. So it is encouraging to find that top security executives and Boards of Directors are playing increasingly prominent roles.

This year, 54 % of respondents reported they have a CISO in charge of their security programme. and 49 % have a CSO. Regardless of title, the roles and responsibilities of the top cybersecurity executive have expanded in recent years. Today’s CISO is a business manager who should have expertise not only in security but also risk management, corporate governance and overall business objectives.

Just as the top cybersecurity executive has become more involved in a wider range of activities, so too has the Board of Directors. This year we saw a double-digit uptick in Board participation in most aspects of information security.

This deepened Board involvement has helped improve cybercysecurity practices in numerous ways. Perhaps the most striking is that 46 % of survey respondents said their Board participates in information security budgets, which may have contributed to this year’s significant boost in security spending. Other notable outcomes include identification of key risks, helping foster an organisational culture of security and better alignment of information security with overall risk management and business goals.

The Global State of Information Security® is a registered trademark of International Data Group, Inc.