SlideShare a Scribd company logo

2015 Scalar Security Study Executive Summary

P
patmisasi
1 of 4
Download to read offline
THE CYBER SECURITY READINESS OF CANADIAN ORGANIZATIONS Executive Summary of the 2015 Scalar Security Study Research independently conducted by Ponemon Institute LLC February 2015
Introduction The purpose of this research was to study how Canadian organizations are responding to cyber security threats and what technologies and tactics lead to organizations obtaining a stronger security posture. We surveyed 623 IT and IT security practitioners in Canada. Eligible participants play a role in direction the IT function, improving IT security in their organizations, setting IT priorities, and managing budgets. Respondents work in a wide variety of industries, and over half work at organizations with an employee count between 250 and 5,000. Independently conducted by Ponemon Institute, survey responses were captured in November 2014. KEY FINDINGS OF OUR RESEARCH INCLUDE: Only 41 percent of respondents believe they are winning the cyber security war. The primary challenge respondents reported is a lack of in-house expertise. Other challenges are a lack of collaboration with other functions, insufficient personnel, and a lack of clear leadership. Almost half (49 percent) of respondents believe they do not have a sufficient number of in-house personnel who have such critical qualifications as job experience, professional certifications, and specialized training. Additionally, cyber crimes are believed by the majority of respondents to be increasing in frequency, sophistication, and severity. Given the recent spate of attacks on retailers and entertainment companies, it appears the likelihood of experiencing a major attack is not as remote as many once believed. On average, organizations in this study have had 34 cyber attacks in the past 12 months—almost one attack per week. Almost half (46 percent) of respondents experienced an attack in the last year that involved the loss or exposure of sensitive information. Restoring reputation and marketplace image is the most costly consequence of a cyber attack. Cyber security compromises are costly and the average spent on each incident was approximately $208,432 on the following: clean up or remediation ($19,883), lost user productivity ($29,035), disruption to normal operations ($38,310), damage or theft of IT assets and infrastructure ($45,117), and damage to reputation and marketplace image ($76,087). The loss of intellectual property can affect an organization’s competitiveness and bottom line. Thirty- five percent of respondents say their firm experienced a loss of intellectual property or other commercially sensitive business information due to cyber attacks within the past 12 months. Thirty-two percent of these respondents believe that this theft caused a loss of competitive advantage. However, 38 percent were not able to determine if the loss affected their organizations’ competitiveness. However, it’s not all bad news. Our research also found that organizations can take definitive steps to achieve a stronger security posture. We identified certain organizations represented in this study that self- report that they have achieved a more effective cyber security posture and are better able to mitigate risks, vulnerabilities, and attacks. We refer to these as “high performing” organizations, and they represent 48% of the sample size. We contrasted their priorities, budgets, and behaviours with the remaining 52% of the sample, referred to as “low performing” organizations, to help understand the steps Canadian organizations can take to achieve a stronger security posture. The high-performing organizations achieving the greatest cyber readiness have a greater awareness of the threat landscape, receive a higher proportion of the total IT budget dedicated to IT security (12 percent versus 8 percent among the low performers), are more likely to invest in cutting-edge technologies based on ROI, and have a cyber security strategy that is aligned with their business objectives and missions. THE CYBER SECURITY READINESS OF CANADIAN ORGANIZATIONS 2
Results of the 2015 Scalar Security Study 3 As a result of the above behaviours, high-performing organizations are more likely to believe they are winning the cyber security war (46 percent versus 36 percent of the low performers), and see fewer instances where cyber attacks have evaded their intrusion detection systems (IDS) and/or anti-virus (AV) solutions. They are also 28 percent less likely to have experienced an attack in the last year that involved the loss or exposure of sensitive information (38 percent of high performers experienced such a breach versus 53 percent of low performers). Looking to the year ahead, the technologies with the highest ROI for both high and low performers are security information and event management (SIEM), identity management and authentication, and network traffic surveillance. Organizations in this study expect to see an increase in budget allocation for these technologies, as well as for big data analytics. Conclusion The practices of high-performing organizations provide guidance on how organizations can improve their cyber security effectiveness. Overall, high-performing organizations are more likely to PREPARE (they have a greater awareness of the threat landscape and align their security strategy with their business objectives and mission), better able to DEFEND (they receive higher proportions of overall IT budget, and they invest it in cutting-edge technologies which they measure the ROI of), and better able to RESPOND (they are 28 percent less likely to have experienced an incident involving the loss or exposure of sensitive information in the last 12 months) to today’s cyber security attacks. Some specific strategies and tactics organizations should consider to better prepare, defend, and respond are: Understand your current security posture and gaps in your strategy today. Consider investing in a security audit to help you do so Proactively recruit experts to help lead the organization’s cyber security team. Ensure the necessary in-house expertise exists and have specialized training for IT and IT security practitioners on staff. For organizations where in-house recruitment and training is cost or time prohibitive, consider looking to a trusted third-party provider who can manage and monitor your environment for you, and provide skilled, trained, and experienced staff of their own. Align the cyber security strategy with the overall mission of the organization. Secure adequate resources for investment in practices and technologies determined to be critical to achieving a strong cyber security posture. Invest in cutting-edge technologies such as SIEM, network intelligence, IDS with reputation feeds, big data analytics, dynamic and static scanning of applications, and endpoint security tools (including mobile device management, active sync controls, and secure container solutions), and measure the ROI of these technologies. If you have any questions on any of the findings of this study, or would like to better understand where your organization is on the high/low-performing scale, reach out to your local Scalar office. To download a copy of the full report, visit scalar.ca/security-study-2015
TORONTO 280 King St. East 4th Floor Toronto, ON M5A 1K7 416.202.0020 VANCOUVER 1100 Melville St. Suite 750 Vancouver, BC V6E 4A6 604.320.6950 MONTRÉAL 4560-B Blvd. St-Laurent Suite 203 Montréal, QC H2T 1R3 514.285.1717 S.W. ONTARIO 140 Ann St. Suite 103 London, ON N6A 1R3 519.432.1180 CALGARY 605 - 5th Ave. SW Suite 1020 Calgary, AB T2P 3H5 403.351.3640 OTTAWA 1600 Scott St. Suite 620 Ottawa, ON K1Y 4N7 613.691.1693 1.866.364.5588 | scalar.ca

Recommended

Overcoming Hidden Risks in a Shared Security Model
Overcoming Hidden Risks in a Shared Security ModelOvercoming Hidden Risks in a Shared Security Model
Overcoming Hidden Risks in a Shared Security ModelOnRamp
 
How to measure your cybersecurity performance
How to measure your cybersecurity performanceHow to measure your cybersecurity performance
How to measure your cybersecurity performanceAbhishek Sood
 
The Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian OrganizationsThe Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian OrganizationsScalar Decisions
 
Executive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyExecutive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyScalar Decisions
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityRahul Tyagi
 
Cybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesCybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesTony Moroney
 
Cybersecurity the new metrics
Cybersecurity the new metricsCybersecurity the new metrics
Cybersecurity the new metricsAbhishek Sood
 

Recommended

Overcoming Hidden Risks in a Shared Security Model
Overcoming Hidden Risks in a Shared Security ModelOvercoming Hidden Risks in a Shared Security Model
Overcoming Hidden Risks in a Shared Security ModelOnRamp
 
How to measure your cybersecurity performance
How to measure your cybersecurity performanceHow to measure your cybersecurity performance
How to measure your cybersecurity performanceAbhishek Sood
 
The Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian OrganizationsThe Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian OrganizationsScalar Decisions
 
Executive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyExecutive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyScalar Decisions
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityRahul Tyagi
 
Cybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesCybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesTony Moroney
 
Cybersecurity the new metrics
Cybersecurity the new metricsCybersecurity the new metrics
Cybersecurity the new metricsAbhishek Sood
 
Forrester Webinar: Security Ratings Set the Standard
Forrester Webinar: Security Ratings Set the StandardForrester Webinar: Security Ratings Set the Standard
Forrester Webinar: Security Ratings Set the StandardSecurityScorecard
 
Assessing and Managing IT Security Risks
Assessing and Managing IT Security RisksAssessing and Managing IT Security Risks
Assessing and Managing IT Security RisksChris Ross
 
Adopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityAdopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityEMC
 
Scalar security study2017_slideshare_rev[1]
Scalar security study2017_slideshare_rev[1]Scalar security study2017_slideshare_rev[1]
Scalar security study2017_slideshare_rev[1]Tracey Ong
 
2015 IA survey - Protiviti
2015 IA survey - Protiviti2015 IA survey - Protiviti
2015 IA survey - ProtivitiSimone Luca Giargia
 
Finding a strategic voice
Finding a strategic voiceFinding a strategic voice
Finding a strategic voiceIBM India Smarter Computing
 
Trends in Information Security
Trends in Information SecurityTrends in Information Security
Trends in Information SecurityCompTIA
 
State of Security McAfee Study
State of Security McAfee StudyState of Security McAfee Study
State of Security McAfee StudyHiten Sethi
 
Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Kim Jensen
 
2013 Incident Response Survey
2013 Incident Response Survey2013 Incident Response Survey
2013 Incident Response SurveyFireEye, Inc.
 
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...FireEye, Inc.
 
Sans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionSans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionTripwire
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
The state of incident response
The state of incident responseThe state of incident response
The state of incident responseAbhishek Sood
 
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ... 2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...Proofpoint
 
SVB Cybersecurity Impact on Innovation Report - Overview
SVB Cybersecurity Impact on Innovation Report - OverviewSVB Cybersecurity Impact on Innovation Report - Overview
SVB Cybersecurity Impact on Innovation Report - OverviewSilicon Valley Bank
 
SVB Cybersecurity Impact on Innovation Report
SVB Cybersecurity Impact on Innovation ReportSVB Cybersecurity Impact on Innovation Report
SVB Cybersecurity Impact on Innovation ReportSilicon Valley Bank
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for InsuranceAccenture Insurance
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworksAndréanne Clarke
 
Data anywhere anytime
Data anywhere anytimeData anywhere anytime
Data anywhere anytimepatmisasi
 
Resume of Thomas Conant
Resume of Thomas ConantResume of Thomas Conant
Resume of Thomas ConantThomas Conant
 
Darren Sharpe: Who is in and who is out?
Darren Sharpe: Who is in and who is out?Darren Sharpe: Who is in and who is out?
Darren Sharpe: Who is in and who is out?Sitra
 

More Related Content

What's hot

Forrester Webinar: Security Ratings Set the Standard
Forrester Webinar: Security Ratings Set the StandardForrester Webinar: Security Ratings Set the Standard
Forrester Webinar: Security Ratings Set the StandardSecurityScorecard
 
Assessing and Managing IT Security Risks
Assessing and Managing IT Security RisksAssessing and Managing IT Security Risks
Assessing and Managing IT Security RisksChris Ross
 
Adopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityAdopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityEMC
 
Scalar security study2017_slideshare_rev[1]
Scalar security study2017_slideshare_rev[1]Scalar security study2017_slideshare_rev[1]
Scalar security study2017_slideshare_rev[1]Tracey Ong
 
Trends in Information Security
Trends in Information SecurityTrends in Information Security
Trends in Information SecurityCompTIA
 
State of Security McAfee Study
State of Security McAfee StudyState of Security McAfee Study
State of Security McAfee StudyHiten Sethi
 
Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Kim Jensen
 
2013 Incident Response Survey
2013 Incident Response Survey2013 Incident Response Survey
2013 Incident Response SurveyFireEye, Inc.
 
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...FireEye, Inc.
 
Sans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionSans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionTripwire
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
The state of incident response
The state of incident responseThe state of incident response
The state of incident responseAbhishek Sood
 
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ... 2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...Proofpoint
 
SVB Cybersecurity Impact on Innovation Report - Overview
SVB Cybersecurity Impact on Innovation Report - OverviewSVB Cybersecurity Impact on Innovation Report - Overview
SVB Cybersecurity Impact on Innovation Report - OverviewSilicon Valley Bank
 
SVB Cybersecurity Impact on Innovation Report
SVB Cybersecurity Impact on Innovation ReportSVB Cybersecurity Impact on Innovation Report
SVB Cybersecurity Impact on Innovation ReportSilicon Valley Bank
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for InsuranceAccenture Insurance
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworksAndréanne Clarke
 

What's hot (19)

Forrester Webinar: Security Ratings Set the Standard
Forrester Webinar: Security Ratings Set the StandardForrester Webinar: Security Ratings Set the Standard
Forrester Webinar: Security Ratings Set the Standard
 
Assessing and Managing IT Security Risks
Assessing and Managing IT Security RisksAssessing and Managing IT Security Risks
Assessing and Managing IT Security Risks
 
Adopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityAdopting Intelligence-Driven Security
Adopting Intelligence-Driven Security
 
Scalar security study2017_slideshare_rev[1]
Scalar security study2017_slideshare_rev[1]Scalar security study2017_slideshare_rev[1]
Scalar security study2017_slideshare_rev[1]
 
2015 IA survey - Protiviti
2015 IA survey - Protiviti2015 IA survey - Protiviti
2015 IA survey - Protiviti
 
Finding a strategic voice
Finding a strategic voiceFinding a strategic voice
Finding a strategic voice
 
Trends in Information Security
Trends in Information SecurityTrends in Information Security
Trends in Information Security
 
State of Security McAfee Study
State of Security McAfee StudyState of Security McAfee Study
State of Security McAfee Study
 
Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015
 
2013 Incident Response Survey
2013 Incident Response Survey2013 Incident Response Survey
2013 Incident Response Survey
 
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
 
Sans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionSans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business Mission
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
 
The state of incident response
The state of incident responseThe state of incident response
The state of incident response
 
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ... 2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...
 
SVB Cybersecurity Impact on Innovation Report - Overview
SVB Cybersecurity Impact on Innovation Report - OverviewSVB Cybersecurity Impact on Innovation Report - Overview
SVB Cybersecurity Impact on Innovation Report - Overview
 
SVB Cybersecurity Impact on Innovation Report
SVB Cybersecurity Impact on Innovation ReportSVB Cybersecurity Impact on Innovation Report
SVB Cybersecurity Impact on Innovation Report
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworks
 

Viewers also liked

Data anywhere anytime
Data anywhere anytimeData anywhere anytime
Data anywhere anytimepatmisasi
 
Resume of Thomas Conant
Resume of Thomas ConantResume of Thomas Conant
Resume of Thomas ConantThomas Conant
 
Darren Sharpe: Who is in and who is out?
Darren Sharpe: Who is in and who is out?Darren Sharpe: Who is in and who is out?
Darren Sharpe: Who is in and who is out?Sitra
 
BMC Presentation
BMC PresentationBMC Presentation
BMC Presentationskarthik77
 
Scalar Decisions 2013 Overview
Scalar Decisions 2013 OverviewScalar Decisions 2013 Overview
Scalar Decisions 2013 Overviewpatmisasi
 
Mattel Advertising Campaign
Mattel Advertising CampaignMattel Advertising Campaign
Mattel Advertising CampaignNicole Fernandez
 
Indo pakistani war of 1971
Indo pakistani war of 1971Indo pakistani war of 1971
Indo pakistani war of 1971Raja Aleem
 
Young People's Perspectives on Recognising and Telling about Abuse and Neglect
Young People's Perspectives on Recognising and Telling about Abuse and NeglectYoung People's Perspectives on Recognising and Telling about Abuse and Neglect
Young People's Perspectives on Recognising and Telling about Abuse and NeglectBASPCAN
 

Viewers also liked (8)

Data anywhere anytime
Data anywhere anytimeData anywhere anytime
Data anywhere anytime
 
Resume of Thomas Conant
Resume of Thomas ConantResume of Thomas Conant
Resume of Thomas Conant
 
Darren Sharpe: Who is in and who is out?
Darren Sharpe: Who is in and who is out?Darren Sharpe: Who is in and who is out?
Darren Sharpe: Who is in and who is out?
 
BMC Presentation
BMC PresentationBMC Presentation
BMC Presentation
 
Scalar Decisions 2013 Overview
Scalar Decisions 2013 OverviewScalar Decisions 2013 Overview
Scalar Decisions 2013 Overview
 
Mattel Advertising Campaign
Mattel Advertising CampaignMattel Advertising Campaign
Mattel Advertising Campaign
 
Indo pakistani war of 1971
Indo pakistani war of 1971Indo pakistani war of 1971
Indo pakistani war of 1971
 
Young People's Perspectives on Recognising and Telling about Abuse and Neglect
Young People's Perspectives on Recognising and Telling about Abuse and NeglectYoung People's Perspectives on Recognising and Telling about Abuse and Neglect
Young People's Perspectives on Recognising and Telling about Abuse and Neglect
 

Similar to 2015 Scalar Security Study Executive Summary

2016 Scalar Security Study Executive Summary
2016 Scalar Security Study Executive Summary2016 Scalar Security Study Executive Summary
2016 Scalar Security Study Executive Summarypatmisasi
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesJoseph DeFever
 
2017 Scalar Security Study Summary
2017 Scalar Security Study Summary2017 Scalar Security Study Summary
2017 Scalar Security Study SummaryScalar Decisions
 
State of Security Operations 2016
State of Security Operations 2016State of Security Operations 2016
State of Security Operations 2016Tim Grieveson
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Rahul Neel Mani
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Material de apoyo Un replanteamiento masivo de la seguridad.
Material de apoyo Un replanteamiento masivo de la seguridad.Material de apoyo Un replanteamiento masivo de la seguridad.
Material de apoyo Un replanteamiento masivo de la seguridad.Universidad Cenfotec
 
R if security_priorities_03.08.22
R if security_priorities_03.08.22R if security_priorities_03.08.22
R if security_priorities_03.08.22IDG
 
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterpriseData security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterpriseThe Economist Media Businesses
 
Security Priorities Sample Slides 2023.pdf
Security Priorities Sample Slides 2023.pdfSecurity Priorities Sample Slides 2023.pdf
Security Priorities Sample Slides 2023.pdfIDG
 
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...Scalar Decisions
 
The Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian OrganizationsThe Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian OrganizationsBrian Rushton-Phillips
 
The State of Cybersecurity and Digital Trust 2016
The State of Cybersecurity and Digital Trust 2016The State of Cybersecurity and Digital Trust 2016
The State of Cybersecurity and Digital Trust 2016Accenture Operations
 
Hp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaperHp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaperrickkaun
 
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowSecurity Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowMapR Technologies
 
Cybersecurity is a field of IT concerned with reducing.docx
Cybersecurity is a field of IT concerned with reducing.docxCybersecurity is a field of IT concerned with reducing.docx
Cybersecurity is a field of IT concerned with reducing.docxwrite31
 
StateOfSecOps - Final - Published
StateOfSecOps - Final - PublishedStateOfSecOps - Final - Published
StateOfSecOps - Final - PublishedJames Blake
 

Similar to 2015 Scalar Security Study Executive Summary (20)

2016 Scalar Security Study Executive Summary
2016 Scalar Security Study Executive Summary2016 Scalar Security Study Executive Summary
2016 Scalar Security Study Executive Summary
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & Practices
 
2017 Scalar Security Study Summary
2017 Scalar Security Study Summary2017 Scalar Security Study Summary
2017 Scalar Security Study Summary
 
State of Security Operations 2016
State of Security Operations 2016State of Security Operations 2016
State of Security Operations 2016
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Security Incident Response Readiness Survey
Security Incident Response Readiness Survey
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Material de apoyo Un replanteamiento masivo de la seguridad.
Material de apoyo Un replanteamiento masivo de la seguridad.Material de apoyo Un replanteamiento masivo de la seguridad.
Material de apoyo Un replanteamiento masivo de la seguridad.
 
R if security_priorities_03.08.22
R if security_priorities_03.08.22R if security_priorities_03.08.22
R if security_priorities_03.08.22
 
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterpriseData security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
 
Security Priorities Sample Slides 2023.pdf
Security Priorities Sample Slides 2023.pdfSecurity Priorities Sample Slides 2023.pdf
Security Priorities Sample Slides 2023.pdf
 
Cybersecurity report-vol-8
Cybersecurity report-vol-8Cybersecurity report-vol-8
Cybersecurity report-vol-8
 
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
 
The Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian OrganizationsThe Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian Organizations
 
The State of Cybersecurity and Digital Trust 2016
The State of Cybersecurity and Digital Trust 2016The State of Cybersecurity and Digital Trust 2016
The State of Cybersecurity and Digital Trust 2016
 
Hp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaperHp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaper
 
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowSecurity Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to Know
 
Cybersecurity is a field of IT concerned with reducing.docx
Cybersecurity is a field of IT concerned with reducing.docxCybersecurity is a field of IT concerned with reducing.docx
Cybersecurity is a field of IT concerned with reducing.docx
 
StateOfSecOps - Final - Published
StateOfSecOps - Final - PublishedStateOfSecOps - Final - Published
StateOfSecOps - Final - Published
 
IT Security Risks Survey 2014
IT Security Risks Survey 2014IT Security Risks Survey 2014
IT Security Risks Survey 2014
 

More from patmisasi

Scalar Managed Infrastructure Services Overview
Scalar Managed Infrastructure Services OverviewScalar Managed Infrastructure Services Overview
Scalar Managed Infrastructure Services Overviewpatmisasi
 
Scalar Corporate Overview FY17 patmisasi
Scalar Corporate Overview FY17 patmisasiScalar Corporate Overview FY17 patmisasi
Scalar Corporate Overview FY17 patmisasipatmisasi
 
Scalar Cloud Consulting Advisory Services
Scalar Cloud Consulting Advisory ServicesScalar Cloud Consulting Advisory Services
Scalar Cloud Consulting Advisory Servicespatmisasi
 
Scalar Cisco Hyperflex Presentation, May 13 2016, Part III: Scalar Lunch & Le...
Scalar Cisco Hyperflex Presentation, May 13 2016, Part III: Scalar Lunch & Le...Scalar Cisco Hyperflex Presentation, May 13 2016, Part III: Scalar Lunch & Le...
Scalar Cisco Hyperflex Presentation, May 13 2016, Part III: Scalar Lunch & Le...patmisasi
 
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...patmisasi
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloudpatmisasi
 
Scalar_Managed_Security_Services_2016
Scalar_Managed_Security_Services_2016Scalar_Managed_Security_Services_2016
Scalar_Managed_Security_Services_2016patmisasi
 
Scalar Whiteboard
Scalar WhiteboardScalar Whiteboard
Scalar Whiteboardpatmisasi
 
Top 10 Executive IT concerns in 2016
Top 10 Executive IT concerns in 2016Top 10 Executive IT concerns in 2016
Top 10 Executive IT concerns in 2016patmisasi
 
Top Executive IT concerns in 2016
Top Executive IT concerns in 2016Top Executive IT concerns in 2016
Top Executive IT concerns in 2016patmisasi
 
Power of Leasing for Pat Misasi at Scalar
Power of Leasing for Pat Misasi at ScalarPower of Leasing for Pat Misasi at Scalar
Power of Leasing for Pat Misasi at Scalarpatmisasi
 
Scalar_Security_Overview October 2015
Scalar_Security_Overview October 2015Scalar_Security_Overview October 2015
Scalar_Security_Overview October 2015patmisasi
 
ScalarTASK_One-Pager_FINAL
ScalarTASK_One-Pager_FINALScalarTASK_One-Pager_FINAL
ScalarTASK_One-Pager_FINALpatmisasi
 
Visibility and Automation for Enhanced Security
Visibility and Automation for Enhanced SecurityVisibility and Automation for Enhanced Security
Visibility and Automation for Enhanced Securitypatmisasi
 
corp-overview-about-us-FY15
corp-overview-about-us-FY15corp-overview-about-us-FY15
corp-overview-about-us-FY15patmisasi
 
Scalar Decisions: Emerging Trends and Technologies in Storage
Scalar Decisions: Emerging Trends and Technologies in StorageScalar Decisions: Emerging Trends and Technologies in Storage
Scalar Decisions: Emerging Trends and Technologies in Storagepatmisasi
 
F5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 RoadshowF5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 Roadshowpatmisasi
 
Vdi storage challenges_presented at vmug_toronto 2014 by scalar decisions
Vdi storage challenges_presented at vmug_toronto 2014 by scalar decisionsVdi storage challenges_presented at vmug_toronto 2014 by scalar decisions
Vdi storage challenges_presented at vmug_toronto 2014 by scalar decisionspatmisasi
 
Scalar Decisions Sunnybrook Health Sciences VDI Case Study
Scalar Decisions Sunnybrook Health Sciences VDI Case Study Scalar Decisions Sunnybrook Health Sciences VDI Case Study
Scalar Decisions Sunnybrook Health Sciences VDI Case Study patmisasi
 
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Toronto
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 TorontoF5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Toronto
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Torontopatmisasi
 

More from patmisasi (20)

Scalar Managed Infrastructure Services Overview
Scalar Managed Infrastructure Services OverviewScalar Managed Infrastructure Services Overview
Scalar Managed Infrastructure Services Overview
 
Scalar Corporate Overview FY17 patmisasi
Scalar Corporate Overview FY17 patmisasiScalar Corporate Overview FY17 patmisasi
Scalar Corporate Overview FY17 patmisasi
 
Scalar Cloud Consulting Advisory Services
Scalar Cloud Consulting Advisory ServicesScalar Cloud Consulting Advisory Services
Scalar Cloud Consulting Advisory Services
 
Scalar Cisco Hyperflex Presentation, May 13 2016, Part III: Scalar Lunch & Le...
Scalar Cisco Hyperflex Presentation, May 13 2016, Part III: Scalar Lunch & Le...Scalar Cisco Hyperflex Presentation, May 13 2016, Part III: Scalar Lunch & Le...
Scalar Cisco Hyperflex Presentation, May 13 2016, Part III: Scalar Lunch & Le...
 
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloud
 
Scalar_Managed_Security_Services_2016
Scalar_Managed_Security_Services_2016Scalar_Managed_Security_Services_2016
Scalar_Managed_Security_Services_2016
 
Scalar Whiteboard
Scalar WhiteboardScalar Whiteboard
Scalar Whiteboard
 
Top 10 Executive IT concerns in 2016
Top 10 Executive IT concerns in 2016Top 10 Executive IT concerns in 2016
Top 10 Executive IT concerns in 2016
 
Top Executive IT concerns in 2016
Top Executive IT concerns in 2016Top Executive IT concerns in 2016
Top Executive IT concerns in 2016
 
Power of Leasing for Pat Misasi at Scalar
Power of Leasing for Pat Misasi at ScalarPower of Leasing for Pat Misasi at Scalar
Power of Leasing for Pat Misasi at Scalar
 
Scalar_Security_Overview October 2015
Scalar_Security_Overview October 2015Scalar_Security_Overview October 2015
Scalar_Security_Overview October 2015
 
ScalarTASK_One-Pager_FINAL
ScalarTASK_One-Pager_FINALScalarTASK_One-Pager_FINAL
ScalarTASK_One-Pager_FINAL
 
Visibility and Automation for Enhanced Security
Visibility and Automation for Enhanced SecurityVisibility and Automation for Enhanced Security
Visibility and Automation for Enhanced Security
 
corp-overview-about-us-FY15
corp-overview-about-us-FY15corp-overview-about-us-FY15
corp-overview-about-us-FY15
 
Scalar Decisions: Emerging Trends and Technologies in Storage
Scalar Decisions: Emerging Trends and Technologies in StorageScalar Decisions: Emerging Trends and Technologies in Storage
Scalar Decisions: Emerging Trends and Technologies in Storage
 
F5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 RoadshowF5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 Roadshow
 
Vdi storage challenges_presented at vmug_toronto 2014 by scalar decisions
Vdi storage challenges_presented at vmug_toronto 2014 by scalar decisionsVdi storage challenges_presented at vmug_toronto 2014 by scalar decisions
Vdi storage challenges_presented at vmug_toronto 2014 by scalar decisions
 
Scalar Decisions Sunnybrook Health Sciences VDI Case Study
Scalar Decisions Sunnybrook Health Sciences VDI Case Study Scalar Decisions Sunnybrook Health Sciences VDI Case Study
Scalar Decisions Sunnybrook Health Sciences VDI Case Study
 
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Toronto
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 TorontoF5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Toronto
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Toronto
 

2015 Scalar Security Study Executive Summary

  • 1. THE CYBER SECURITY READINESS OF CANADIAN ORGANIZATIONS Executive Summary of the 2015 Scalar Security Study Research independently conducted by Ponemon Institute LLC February 2015
  • 2. Introduction The purpose of this research was to study how Canadian organizations are responding to cyber security threats and what technologies and tactics lead to organizations obtaining a stronger security posture. We surveyed 623 IT and IT security practitioners in Canada. Eligible participants play a role in direction the IT function, improving IT security in their organizations, setting IT priorities, and managing budgets. Respondents work in a wide variety of industries, and over half work at organizations with an employee count between 250 and 5,000. Independently conducted by Ponemon Institute, survey responses were captured in November 2014. KEY FINDINGS OF OUR RESEARCH INCLUDE: Only 41 percent of respondents believe they are winning the cyber security war. The primary challenge respondents reported is a lack of in-house expertise. Other challenges are a lack of collaboration with other functions, insufficient personnel, and a lack of clear leadership. Almost half (49 percent) of respondents believe they do not have a sufficient number of in-house personnel who have such critical qualifications as job experience, professional certifications, and specialized training. Additionally, cyber crimes are believed by the majority of respondents to be increasing in frequency, sophistication, and severity. Given the recent spate of attacks on retailers and entertainment companies, it appears the likelihood of experiencing a major attack is not as remote as many once believed. On average, organizations in this study have had 34 cyber attacks in the past 12 months—almost one attack per week. Almost half (46 percent) of respondents experienced an attack in the last year that involved the loss or exposure of sensitive information. Restoring reputation and marketplace image is the most costly consequence of a cyber attack. Cyber security compromises are costly and the average spent on each incident was approximately $208,432 on the following: clean up or remediation ($19,883), lost user productivity ($29,035), disruption to normal operations ($38,310), damage or theft of IT assets and infrastructure ($45,117), and damage to reputation and marketplace image ($76,087). The loss of intellectual property can affect an organization’s competitiveness and bottom line. Thirty- five percent of respondents say their firm experienced a loss of intellectual property or other commercially sensitive business information due to cyber attacks within the past 12 months. Thirty-two percent of these respondents believe that this theft caused a loss of competitive advantage. However, 38 percent were not able to determine if the loss affected their organizations’ competitiveness. However, it’s not all bad news. Our research also found that organizations can take definitive steps to achieve a stronger security posture. We identified certain organizations represented in this study that self- report that they have achieved a more effective cyber security posture and are better able to mitigate risks, vulnerabilities, and attacks. We refer to these as “high performing” organizations, and they represent 48% of the sample size. We contrasted their priorities, budgets, and behaviours with the remaining 52% of the sample, referred to as “low performing” organizations, to help understand the steps Canadian organizations can take to achieve a stronger security posture. The high-performing organizations achieving the greatest cyber readiness have a greater awareness of the threat landscape, receive a higher proportion of the total IT budget dedicated to IT security (12 percent versus 8 percent among the low performers), are more likely to invest in cutting-edge technologies based on ROI, and have a cyber security strategy that is aligned with their business objectives and missions. THE CYBER SECURITY READINESS OF CANADIAN ORGANIZATIONS 2
  • 3. Results of the 2015 Scalar Security Study 3 As a result of the above behaviours, high-performing organizations are more likely to believe they are winning the cyber security war (46 percent versus 36 percent of the low performers), and see fewer instances where cyber attacks have evaded their intrusion detection systems (IDS) and/or anti-virus (AV) solutions. They are also 28 percent less likely to have experienced an attack in the last year that involved the loss or exposure of sensitive information (38 percent of high performers experienced such a breach versus 53 percent of low performers). Looking to the year ahead, the technologies with the highest ROI for both high and low performers are security information and event management (SIEM), identity management and authentication, and network traffic surveillance. Organizations in this study expect to see an increase in budget allocation for these technologies, as well as for big data analytics. Conclusion The practices of high-performing organizations provide guidance on how organizations can improve their cyber security effectiveness. Overall, high-performing organizations are more likely to PREPARE (they have a greater awareness of the threat landscape and align their security strategy with their business objectives and mission), better able to DEFEND (they receive higher proportions of overall IT budget, and they invest it in cutting-edge technologies which they measure the ROI of), and better able to RESPOND (they are 28 percent less likely to have experienced an incident involving the loss or exposure of sensitive information in the last 12 months) to today’s cyber security attacks. Some specific strategies and tactics organizations should consider to better prepare, defend, and respond are: Understand your current security posture and gaps in your strategy today. Consider investing in a security audit to help you do so Proactively recruit experts to help lead the organization’s cyber security team. Ensure the necessary in-house expertise exists and have specialized training for IT and IT security practitioners on staff. For organizations where in-house recruitment and training is cost or time prohibitive, consider looking to a trusted third-party provider who can manage and monitor your environment for you, and provide skilled, trained, and experienced staff of their own. Align the cyber security strategy with the overall mission of the organization. Secure adequate resources for investment in practices and technologies determined to be critical to achieving a strong cyber security posture. Invest in cutting-edge technologies such as SIEM, network intelligence, IDS with reputation feeds, big data analytics, dynamic and static scanning of applications, and endpoint security tools (including mobile device management, active sync controls, and secure container solutions), and measure the ROI of these technologies. If you have any questions on any of the findings of this study, or would like to better understand where your organization is on the high/low-performing scale, reach out to your local Scalar office. To download a copy of the full report, visit scalar.ca/security-study-2015
  • 4. TORONTO 280 King St. East 4th Floor Toronto, ON M5A 1K7 416.202.0020 VANCOUVER 1100 Melville St. Suite 750 Vancouver, BC V6E 4A6 604.320.6950 MONTRÉAL 4560-B Blvd. St-Laurent Suite 203 Montréal, QC H2T 1R3 514.285.1717 S.W. ONTARIO 140 Ann St. Suite 103 London, ON N6A 1R3 519.432.1180 CALGARY 605 - 5th Ave. SW Suite 1020 Calgary, AB T2P 3H5 403.351.3640 OTTAWA 1600 Scott St. Suite 620 Ottawa, ON K1Y 4N7 613.691.1693 1.866.364.5588 | scalar.ca