Global State of Information Security Survey: Industry focus

Averages for information security budgets have decreased across industry sectors

Explore the survey findings by industry to find out how organizations across sectors are implementing technologies, processes, and people skills to combat today’s sophisticated cyber threats.


As technologies advance, so too do threats and security incidents reported by automotive companies. Compounding risks to data and privacy is the drive to connect to the digital ecosystems of business partners and ultimately consumer devices via the Internet of Things. Many organizations are unprepared for the challenges these evolutions will bring.

Read more

Financial services

As the frequency and costs of information security incidents continue to rise, financial services organizations face increasing threats from insiders and third-party partners, as well as intensified scrutiny from industry regulators.

Read more

Healthcare payers and providers

As the global healthcare ecosystem and consumer demands evolve, the frequency and costs of information security incidents have soared. New partnerships and business models, mobility, data proliferation, and the Internet of Things will further intensify cybersecurity risks among healthcare payers and providers .

Read more

Industrial products

While the frequency and costs of security incidents show no signs of leveling off, industrial products companies are continuing to invest heavily in information security programs. As a result, they report advances in essential security processes, technologies, and personnel training. In the coming year, a key area of focus should be improved due diligence of third-party partners.

Read more

Oil & gas

In the oil and gas sector, foreign nation-states and employees are the fastest growing culprits of security incidents. Yet while companies continue to invest in their security programs, many have not implemented capabilities to manage new threats resulting from digital field technologies, the Internet of Things, and compromises by employees and third-party partners.

Read more

Power & utilities

Incidents detected by power and utilities respondents skyrocketed in 2014, with compromises attributed to sophisticated adversaries like foreign nation-states and organized crime showing the highest year-over-year growth. Attrition in critical strategies, processes, and personnel skills, as well as erosion in fundamental cybersecurity initiatives, may further intensify risks.

Read more

Public sector

As information security incidents escalated in frequency and scope in 2014, public sector respondents detected 25% fewer incidents. In the coming year, rising risks will demand that organizations improve insider threat programs, identity management solutions, and monitoring and diagnostics technologies. Sharing cybersecurity information with others will also be critical.

Read more

Retail and consumer

Respondents detected 19% more security incidents in 2014, including several very high-profile retail data compromises. Despite the publicity, information security budgets declined over 2013. We also found shortcomings in data governance, increasing threats from third parties and insiders, and a lagging commitment to key strategic security practices.

Read more


Technology organizations detected fewer security incidents in 2014, despite a global increase in cyberattacks. Incidents carried out by insiders and nation-states represent particular challenges for many companies, whose identity management and employee training programs often fall short of the mark. On the upside, the tech sector leads the way in adoption of certain strategic security initiatives.

Read more