Benchmark your organisation

How do your organisation’s security strategy and programmes compare with those of your peers?

PwC, in conjunction with CIO and CSO magazines, carried out a global survey of more than 9,600 security and business executives to find out how they viewed the scope and efficacy of their security policies, strategies, and technologies.

How would you have answered the questions on behalf of your organisation? Use this tool to see how your organisation’s security profile compares with other organisations surveyed globally, as well as in your industry and region.

Once you have entered your responses, you can create a customized PDF file that summarises how your views compare with those of others, with insights from PwC’s Security Advisory team.

Benchmark now


The Global State of Information Security ® is a registered trademark of International Data Group, Inc.

Welcome: Getting started

Step 1 of 6

Tell us about your organization

Providing us with information about the industry and region you operate within and your company size allows us to show you how your views compare with respondents who participated in The Global State of Information Security® Survey 2014.

What is your organization’s annual revenue (in US dollars)?

What is your organization’s primary industry sector?

What is your region of employment?

Begin

Questions

Step 2 of 6

What business issues or factors drive your organization’s information security spending?

Next

Benchmark your information security preparedness

Step 3 of 6

Policies, strategies and safeguards

Which of the following are included in your organization's security policy?

What process information security safeguards does your organization have in place?

What data privacy safeguards does your organization have in place?

What information security safeguards does your organization have in place?

What initiatives has your organization launched to address mobile security risks?

Does your organization formally collaborate with others in your industry, including competitors, to improve security and reduce the potential for future risks?

Next

Benchmark your information security preparedness

Step 4 of 6

Security incidents

What was the estimated source of security incidents?

How was your organization impacted by the security incidents?



Next

Benchmark your information security preparedness

Step 5 of 6

Efficacy of security activities

How does your company measure the effectiveness of information security spending?

When taking action to improve the effectiveness of your organization’s information security function, what are your greatest obstacles?

Next

Please enter your contact information

Step 6 of 6

Please fill in your contact details to receive your personalized risk profile in your email.

Name:
First
Last
Position:
Company:
E-mail address:
By submitting your name and email address, you acknowledge that you have read the Privacy Statement referenced below and that you consent to the processing of your data in accordance with these terms (including international transfers). The information you submit via this form will only be used for the purpose of responding to your request.
View benchmark
PwC logo

Benchmarking tool:

Compare your security profile against The Global State of Information Security Survey 2014 results

Welcome:
Getting started
Step 2:
Security spending
Step 3:
Policies, strategies, and safeguards
Step 4:
Security incidents
Step 5:
Efficacy of security activities
Step 6:
See how you compare
Back:
Change your answers

The Global State of Information Security Survey 2014 personalized benchmark report

Prepared by PwC for:
Unknown, role
Company
Date

About The Global State of Information Security® Survey 2014

As digital technologies become universal, they have transformed the business environment.

Organizations are increasingly interconnected, integrated, and interdependent. They employ technology and ubiquitous connectivity to share an unprecedented volume of information assets with customers, service providers, suppliers, partners, and employees. Today’s new world of quickly evolving security risks demands that organizations treat information security threats as enterprise risk-management issues that can critically threaten business objectives.

Against this backdrop, we asked security and IT professionals to tell us how they are addressing information security imperatives, and how well their privacy and information security safeguards are aligned with business objectives. The results of The Global State of Information Security® Survey 2014 show that 74% of executives across industries say their security activities are effective. And more than 80% of respondents say security spending and policies are aligned with business objectives. Half of respondents consider themselves Front-runners, indicating they have an effective strategy in place and are proactive in executing the plan.

Yet security incidents are increasing. Survey respondents report a 25% jump in detected incidents over last year. Similarly, 24% of respondents reported loss of data as a result of security incidents, a hike of 17% over 2012. And average financial losses associated with security incidents rose 18% over last year.

Insiders, particularly current or former employees, are cited as a source of security incidents by most respondents. Hackers, however, are cited by 32% of survey respondents as the source of incidents, an increase of 27% over last year.

Given these results, it’s not entirely surprising that many survey respondents report they have not implemented technologies and processes that provide new insight into current risks. For instance, 52% of respondents have not deployed behavioral profiling and monitoring tools, and fewer (46%) do not employ security information and event-management technologies. We also found that 42% of respondents do not use data loss prevention tools. And despite the increasing value of IP, many respondents do not adequately identify and safeguard their high-value information.

If few organizations have kept pace with today’s escalating cybersecurity risks, fewer still are prepared to manage future threats.

“You can’t fight today’s threats with yesterday’s strategies,” says Gary Loveland, a principal in PwC’s security practice. “What’s needed is a new model of information security, one that is driven by knowledge of threats, assets, and the motives and targets of potential adversaries.”

This evolved approach requires that organizations identify their most valuable assets and prioritize protection. Security incidents should be seen as a critical business risk that may not always be preventable, but can be managed to acceptable levels. And it is essential that security is a foundational component of the business strategy, one that is championed by the CEO and board, and adequately funded.

In this new model of information security, knowledge is power. Seize it.

Study methodology

The Global State of Information Security® Survey 2014 is a worldwide study by PwC, CIO magazine, and CSO magazine. It was conducted online from February 1, 2013, to April 1, 2013. Readers of CIO and CSO magazines and clients of PwC from around the globe were invited via e-mail to take the survey. The results discussed in the report are based on the responses of more than 9,600 CEOs, CFOs, CISOs, CIOs, CSOs, vice presidents, and directors of IT and information security from 115 countries. Thirty-six percent of respondents were from North America, 26% from Europe, 21% from Asia Pacific, 16% from South America, and 2% from the Middle East and Africa. The margin of error is less than 1%. All figures and graphics in this report were sourced from survey results.

How your organization’s security spending compares with survey respondents

In the charts below, we compare your self-assessment vs. the average assessments of organizations in the industry, that have revenues of and are located in . Survey respondents indicate that their information security budgets have increased over last year. Your information security budget and spending drivers are compared below.

What business issues or factors drive your organization’s information security spending?

How your organization’s security policies, strategies, and safeguards stack up.

This year's survey reveals an overall increase in deployment of many security safeguards over the past 12 months, although adoption of technologies that can deliver insight into new threats is relatively low. The charts below compare your answers with those of survey respondents for key questions. The factors you indicated are marked with red bars, and the figures on the right represent the percentage of your peers who selected each factor.


Which of the following are included in your organization's security policy?

What process information security safeguards does your organization have in place?

What data privacy safeguards does your organization have in place?

What information security safeguards does your organization have in place?

What initiatives has your organization launched to address mobile security risks?

Does your organization formally collaborate with others in your industry, including competitors, to improve security and reduce the potential for future risks?

How your organization's detection of and impact from security incidents measure up.

Respondents to this year's survey report that the number of detected security incidents increased by 25% over last year. (We define a security incident as any adverse incident that threatens some aspect of computer security.) We also found that 24% of respondents reported loss of data as a result of security incidents, a hike of 17% over 2012. Insiders, particularly current or former employees, are cited as a source of security incidents by most respondents. Among outsiders, 32% of survey respondents attribute security incidents to hackers. The factors you indicated are marked with red bars. The figures on the right represent the percentage of your peers who selected each factor.

What was the estimated source of security incidents?

How was your organization impacted by the security incidents?

Does your organization have an incident-management response process in place?

How the efficacy of your security practices compares.

Survey respondents are confident in their security programs. Globally, 74% of respondents say their security activities are effective. And more than 80% of respondents say security spending and policies are aligned with business objectives. The charts below compare your answers with those of survey respondents on key questions concerning confidence and increasing the effectiveness of security. The factors you indicated are marked with red bars, and the figures on the right represent the percentage of your peers who selected each factor.

Over the past year, has your company measured and reviewed the effectiveness of its information security policies and procedures?

How does your company measure the effectiveness of information security spending?

When taking action to improve the effectiveness of your organization’s information security function, what are your greatest obstacles?

How PwC can help

Traditional security safeguards will only take you so far. Today’s elevated risk landscape demands a new approach to security, one that is driven by knowledge of threats, assets, and adversaries. We call this model Awareness to Action.

Security is a business imperative
  • You should understand the exposure and potential business impact associated with operating in an interconnected global business ecosystem.
  • An integrated security strategy should be a pivotal part of your business model; security is no longer simply an IT challenge.
Security threats are business risks
  • CEOs, board members, and business executives should understand that security risks are organizational threats.
  • You should anticipate these threats, know your vulnerabilities, and be able to identify and manage the associated risks.
  • Ensure that suppliers, partners, and other third parties know—and agree to adhere to—your security practices.
Protect the information that really matters
  • Understand and adapt to changes in the threat environment by identifying your most valuable information.
  • Know where these "crown jewels" are located and who has access to them.
  • Allocate and prioritize resources to protect your valuable information.
Gain advantage from Awareness to Action
  • All activities and investments should be driven by the best-available knowledge about information assets, ecosystem threats and vulnerabilities, and business-activity monitoring.
  • Create a culture of security that starts with commitment of top executives and cascades to all employees.
  • Engage in public-private collaboration with others for enhanced threat intelligence.

Most organizations lack the in-house expertise to create, implement, and manage a comprehensive information security program that addresses all these factors. That’s where we can help.

PwC has expertise in the full spectrum of information security. Our team of specialists can help you with security management, threat and vulnerability assessment, information security architecture, regulatory and policy compliance, identity and access management, privacy and data protection, and security awareness and education. After implementation of these solutions, we can help monitor and measure deployments to drive future performance.

We believe that information security should be both a means to protect data and an opportunity to create value to the business. Let us show you how.

For more information, please contact:

Gary Loveland
Products & Services Industries
+1 (949) 437-5380
Mark Lobel
Products & Services Industries
+1 (646) 471-5731
Joe Nocera
Financial Services Industry
+1 (312) 298-2745
Peter Harries
Health Industries
+1 (213) 356-6760
John Hunt
Public Sector
+1 (703) 918-3767
Dave Burg
Forensic Services
+1 (703) 918-1067
Dave Roath
Risk Assurance Services
+1 (646) 471-5876