SlideShare a Scribd company logo

Ponemon 2015 EMEA Cyber Impact Report

Graeme Cross
Graeme Cross

In an era of global connectivity, online information and systems are playing an increasingly central role in business. According to data from Cisco, worldwide internet-connected devices will reach 50 billion by 2020, and with 15 billion devices already in 2015 it is apparent that an increasing numbers of companies, systems and information are working online.

Technology
1 of 12
Download to read offline
Research independently conducted by Ponemon Institute LLC and commissioned by Aon Risk Solutions Published: June 2015 2015 EMEA Cyber Impact Report The increasing cyber threat – what is the true cost to business?
Aon Foreword. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Ponemon Institute Cyber Impact Research. . . . . . . . . . . . . . . . . . 4 Tangible versus intangible assets – a story of unequal risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Data and security breaches – more common than you think . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Management versus mitigation – the role and take-up of insurance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 An industry challenge – limited experience with an evolving risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Aon Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Table of Contents 2 2015 EMEA Cyber Impact Report2 2015 EMEA Cyber Impact Report
In an era of global connectivity, online information and systems are playing an increasingly central role in business. According to data from Cisco, worldwide internet-connected devices will reach 50 billion by 2020, and with 15 billion devices already in 2015 it is apparent that an increasing numbers of companies, systems and information are working online. As the tech revolution gathers pace however, so too do the associated risks. In 2014 Sony Pictures suffered a high profile and damaging hack, and early in 2015 the co-ordinated Carbanak attack on banks worldwide was estimated to have totalled up to USD1 billion in stolen funds. Further evidence of the growth in cyber risk is the +50% Compound Annual Growth Rate (CAGR) of Aon cyber insurance cover in the five years to 2014. The financial consequences of a cyber breach can be wide-ranging, including business interruption, forensic IT costs, supply chain disruption and intellectual property theft. Attacks have the potential to affect virtually every industry, from manufacturing, through to retail, life sciences, and healthcare - the issue is not confined to financial institutions or global brand management companies. It is against this backdrop that, in March 2015, Aon commissioned the Ponemon Institute, a leading research firm on privacy, data protection and information security, to conduct a groundbreaking global cyber risk study (including almost 550 interviews with Europe, Middle East and Africa (EMEA) business leaders). We sought to understand how organisations qualify and quantify the financial statement exposures of their intangible (cyber) assets, relative to tangible assets like property, plant and equipment. The research found that in EMEA, only 11% of potential loss to intangible assets was covered by insurance, compared with 49% for tangible assets. This is despite almost four in ten companies having experienced a cyber breach in the past 24 months. This bias means information and system assets are too often exposed without appropriate coverage, which has significant implications for increasingly connected global businesses. Our intention is that this cyber risk study will assist risk managers, finance, IT and legal in taking a broader look at their organisation’s overall risk profile and ensuring sufficient insurance coverage is in place for the relative financial impact of all risks – not only the traditional, tangible ones. Bill Peck CCO EMEA, Aon Risk Solutions Karl Hennessy CBO EMEA & CEO Global Broking Centre, Aon Risk Solutions Aon Foreword Research independently conducted by Ponemon Institute LLC and commissioned by Aon Risk Solutions 3
This research was commissioned by Aon and independently conducted by Ponemon Institute LLC. This report focuses on the research findings for EMEA only, based on the perceptions of 545 EMEA business leaders, largely in finance, risk, information security and compliance. Further information on the research methodology is provided on page 8. Tangible versus intangible assets – a story of unequal risk The survey reveals that the perceived value of both tangible and intangible assets is relatively similar, with just 3% difference. On average, the total value of tangible assets reported was USD872 million, compared to USD845 million for intangible assets. When asked to estimate an average figure for the loss or destruction of all their intangible assets (or probable maximum loss / PML), again the estimation was similar (USD638 million for intangible assets, compared to USD615 million for their tangible assets). In contrast, both the impact of business disruption to intangible assets and the likelihood of an intangible asset or data breach occurring is seen as significantly greater than for tangible assets. The estimated impact of a business interruption to intangible assets is USD168 million, 63% higher than USD103 million for tangible assets; while the likelihood of experiencing a loss is 4.7%, compared to 1.5% for tangible assets (for losses totalling no more than 50% of PML over the next 12 months). Aon Expert Perspective “The preparedness and protection mechanisms of companies against a tangible assets disruption is greater; there are more contingency/ emergency plans in place as risks are better known and understood, while tangible assets can also be more easily replaced. Conversely, disruption against intangible assets such as know-how, and intellectual property which, once lost, are lost forever, is harder to plan for and protect against.” Claudia Beatriz Gomez Financial Lines Director, Aon Risk Solutions, Spain Incident impact and loss likelihood Tangible assets Intangible assets Impact: estimated loss to assets (USD) following business disruption Likelihood: of loss totalling ≤50% of PML in next 12 months 4.7% +313% Difference between tangible and intangible assets 1.5% $168m +163% $103m Ponemon Institute Cyber Impact Research 4 2015 EMEA Cyber Impact Report
Data and security breaches – more common than you think While some risk professionals may feel a cyber incident is unlikely in their business or industry, the reality is quite different, with the survey revealing that almost four in ten (38%) have experienced a material or significantly disruptive loss relating to a data breach or security exploit (vulnerability) in the past 24 months. The average financial impact of these EMEA incidents was USD1.1 million, with the most common involving a cyber attack disrupting business and IT operations (84%). Cyber is clearly on the corporate risk agenda for four in ten businesses, with 38% placing cyber as a top five business risk. Further, just under half (46%) expect cyber risk exposures to increase in the next two years, while 40% think the level of risk will stay the same. Data and security breaches Not experienced a breach Experienced a breach* 9% 15% 16% 16% 21% 84% Cyber attack that caused disruption to business and IT operations System or business process failures that caused disruption to business operations Negligence or mistakes that resulted in the loss of business confidential information Cyber attack that resulted in the misuse or theft of business confidential information Cyber attack that resulted in the theft of business confidential information, thus requiring notification to victims Other 62% 38% *Breach is a material or significantly disruptive security exploit or data breach one or more times in past 24 months Aon Expert Perspective “Cyber incidents have complex implications and are becoming increasingly common. For example, in late 2014 a European steel mill suffered huge damage resulting from hackers gaining entry to the plant’s network and causing an unscheduled furnace shutdown. Here we saw an intangible asset incident having very real implications on physical assets and business interruption. As mobile devices, cloud computing, data and analytics and ‘the internet of things’ continue to grow and become even more integral to business operations, the opportunities for cyber incidents increase at a similar pace.” Mark Buningh Cyber Risk Practice Leader, Aon Risk Solutions, Netherlands Research independently conducted by Ponemon Institute LLC and commissioned by Aon Risk Solutions 5
Expect to be included External attacks by cyber criminals Malicious or criminal insiders Forensic and investigative costs 3rd party liability Legal defence costs Replacement of lost or damaged equipment Access to cyber security forensic experts Access to legal and regulatory experts Assistance in remediation of the incident Don’t expect to be included Human error, mistakes and negligence Incidents affecting business partners, vendors or other 3rd parties that have access to your company’s information assets System or business process failures Brand damages Revenue losses Communications costs to regulators Regulatory penalties and fines Notification costs to data breach victims Identity protection for breach victims Credit monitoring for breach victims Assistance in the notification of breach victims Advanced warnings about ongoing threats Access to specialised technology and tools Aon Expert Perspective “Some organisations think cyber insurance will have too many exclusions, or is too new, unproven or specialist. There is also a perception that quotations require a lot of time, so these perceptions are rarely challenged and organisations continue to rely on self insurance. However, cyber cover has been available for more than 15 years and getting an indication of price and exactly what is covered is relatively easy these days. Further, many aspects that EMEA organisations don’t expect to be covered (e.g. human error, third party incidents, system failures and notification costs to victims) are often included in cyber insurance policies, or can certainly be negotiated with insurers. And with a tangible proposal that can be discussed at board level, organisations can make more deliberate and informed decisions about cyber insurance, rather than leaving it ‘out of sight, out of mind’.” Jonathan Case Chief Broking Officer, Aon Risk Solutions, Finland Management versus mitigation – the role and take-up of insurance Despite this growing awareness of cyber risk, there is a huge insurance gap. When comparing intangible assets to tangible assets, EMEA business leaders indicated that intangible assets are 38% more exposed than tangible assets on a relative value to insurance protection basis. Nearly half the potential loss (49%) to tangible assets is covered by insurance, but only 11% for intangible assets. In contrast, self insurance – retaining the risk on their own balance sheets rather than buying an insurance policy – is far more common for intangible assets. Percentage of assets covered by insurance Potential loss self insured Potential loss covered by insurance Intangible assets Tangible assets 59% 11% 26% 49% Perceptions of cyber insurance in EMEA Respondents considered what incidents, coverages and services are included in cyber insurance • “Expect to be included” is aspects of cyber cover 70% or more agree with • “Don’t expect to be included” is aspects of cyber cover 30% or less agree with Focusing specifically on cyber insurance cover, 79% of businesses surveyed don’t currently have cyber insurance in place. And on average, there seems to be a stronger perception of exclusions than inclusions. Less than 3 in 10 EMEA businesses surveyed believe incidents involving human error or affecting third parties are covered, nor the costs to notify data breach victims. In contrast, most perceive external cyber criminal and internal malicious attacks would be covered. ServicesCoveragesIncidents ServicesCoveragesIncidents 6 2015 EMEA Cyber Impact Report
Financial statment disclosure of material losses Tangible assets Intangible assets No material loss disclosure 37% 9% An industry challenge – limited experience with an evolving risk Reflecting the relatively low take-up of cyber insurance, there is also a clear lack of formal risk assessment around cyber risk with 44% determining their business’s level of cyber risk based on intuition, informal internal assessment, or without any assessment at all. The research also revealed a low level of awareness and understanding of the consequences of cyber risk. For example, only 23% of respondents said they were fully aware of the legal and economic consequences that could result from a data breach or security exploit in other countries in which their business operates. In addition, 37% of businesses would not disclose a material loss to their intangible assets in their financial statements, whereas only 9% would not disclose a material loss to tangible assets. This under reporting for intangible assets (driven by different regulatory requirements) results in the frequency and magnitude of cyber risk being under- represented in the public realm. Aon Expert Perspective “Almost all organisations recognise cyber as a growing concern, but many still perceive it to be a ‘new’ or unfamiliar risk. Depending on an organisation’s risk maturity, some don’t have the experience to both assess and quantify the risk effectively, nor risk manage it within their organisations. But once the risks are better understood and valued, then organisations can intelligently consider cyber solutions, risk management procedures and what an insurance policy can bring to the table.” Jonathan Upshall Cyber Insurance Broking Director, London Global Broking Centre, Aon Risk Solutions, UK Research independently conducted by Ponemon Institute LLC and commissioned by Aon Risk Solutions 7
Employees (worldwide) 27% 20% 20% 15% 8%10% Less than 500 500 to 1,000 1,001 to 5,000 5,001 to 25,000 25,001 to 75,000 More than 75,000 Industry 10% 10% 20% 9% 6% 6% 6% 7% 6% 4% Financial services Health & pharmaceuticals Retail Industrial Services Consumer products Public sector Technology & software Education & research Energy & utilities Country 18% 22% 12%9% 8% 7% 5% 4% 4% UK Germany France Spain Italy Netherlands Saudi Arabia Russian Fed Turkey Less than 4% not annotated in chart Less than 4% not annotated in chart Methodology This global cyber impact research was independently conducted by Ponemon Institute LLC, and commissioned by Aon. The research was conducted in March 2015 and included 2,243 companies in 37 countries across Europe, Middle East, Africa (EMEA), North America, Asia, Pacific, Japan and Latin America. This report focuses on the research findings for EMEA only, based on surveys with 545 companies in 15 countries throughout EMEA. The profile of the survey sample is summarised in these charts. 8 2015 EMEA Cyber Impact Report
Key definitions In the context of this research: • Cyber risk means any risk of financial loss, disruption or damage to the reputation of an organisation from some sort of failure of its information technology systems. • Intangible (cyber) assets includes customer records, employee records, financial reports, analytical data, source code, models methods and other intellectual properties. • Tangible (property, plant and equipment) assets includes all a company’s fixed assets plus supervisory control and data acquisition systems, and industrial control systems. • Probable maximum loss (PML) relates to the maximum loss a business can suffer following an incident. • For tangible assets this assumes the normal functioning of passive protective features – such as firewalls, non-flammable materials, proper functioning of active suppression systems, fire sprinklers, raised flooring and more. • For intangible assets this assumes the normal functioning of passive protective cybersecurity features – such as perimeter controls, data loss prevention tools, data encryption, identity and access management systems and more. • Total Value is an estimate of the value based on full replacement cost (not historic cost). • Average financial impact of security exploits or data breaches includes all costs, including out-of-pocket expenditures such as consultant and legal fees, indirect business costs such as productivity losses, diminished revenues, legal actions, customer turnover and reputation damages. Research independently conducted by Ponemon Institute LLC and commissioned by Aon Risk Solutions 9
The Ponemon Institute 2015 Cyber Impact Report research has revealed a troublingly low level of understanding and insurance risk transfer for intangible assets, particularly when contrasted with EMEA businesses’ approach to tangible assets. Specific highlights from the Ponemon Institute 2015 Cyber Risk Study research include: • Information technology assets are 38% more exposed than property assets, with 11% of potential loss to intangible assets covered by insurance, compared with 49% for tangible assets. • This is despite the fact that estimated value and maximum loss is on a par for intangible and tangible assets (e.g. probable maximum loss of USD638 million and USD615 million respectively). • Almost four in ten (38%) of businesses surveyed experienced a material or significantly disruptive loss relating to a security or data breach in the past 24 months. The average financial impact of these incidents was USD1.1 million. • 37% of businesses would not disclose a material loss to their intangible assets in their financial statements, whereas only 9% would not disclose a material loss to tangible assets. • Four in ten (44%) determine their businesses’ level of cyber risk based on intuition, informal internal assessment, or without any assessment at all. Given the limited level of cyber risk assessment and cyber incident disclosure, it is unsurprising that cyber risks often remain misunderstood or unquantified. We would recommend companies take a proactive approach to assessing their cyber risk exposures and consider more closely the significance and business disruption impact of intangible asset incidents. Further, as cyber cuts across many areas of an organisation, cross functional engagement is key, including risk/compliance, IT, finance and legal. Aon Conclusion 10 2015 EMEA Cyber Impact Report
Mark Buningh Cyber Risk Practice Leader Netherlands +31 (0)6 5134 6614 mark.buningh@aon.nl Jonathan Case Chief Broking Officer Finland +358 201 266 281 jonathan.case@aon.fi Claudia Beatriz Gomez Financial Lines Director Spain +34 91 340 5645 claudiabeatriz.gomez@aon.es Jonathan Upshall Cyber Insurance Broking Director United Kingdom +44 (0)20 7086 1897 jonathan.upshall@aon.co.uk Contacts Research independently conducted by Ponemon Institute LLC and commissioned by Aon Risk Solutions 11 Research independently conducted by Ponemon Institute LLC and commissioned by Aon Risk Solutions 11
FP GBCXTEMEA0001 About Aon Aon plc (NYSE:AON) is a leading global provider of risk management, insurance brokerage and reinsurance brokerage, and human resources solutions and outsourcing services. Through its more than 69,000 colleagues worldwide, Aon unites to empower results for clients in over 120 countries via innovative risk and people solutions. For further information on our capabilities and to learn how we empower results for clients, please visit: http://aon.mediaroom.com. Follow Aon on Twitter: twitter.com/Aon_plc Sign up for News Alerts: aon.mediaroom.com/index.php?s=58 © Aon plc 2015. All rights reserved. The information contained herein and the statements expressed are of a general nature and are not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information and use sources we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. Ponemon Institute Advancing Responsible Information Management Ponemon Institute is dedicated to independent research and education that advances responsible information and privacy management practices within business and government. Our mission is to conduct high quality, empirical studies on critical issues affecting the management and security of sensitive information about people and organizations. As a member of the Council of American Survey Research Organizations (CASRO),we uphold strict data confidentiality, privacy and ethical research standards. We do not collect any personally identifiable information from individuals (or company identifiable information in our business research). Furthermore, we have strict quality standards to ensure that subjects are not asked extraneous, irrelevant or improper questions.

Recommended

Briefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimensionBriefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimensionThe Economist Media Businesses
 
2017 global-cyber-risk-transfer-report-final
2017 global-cyber-risk-transfer-report-final2017 global-cyber-risk-transfer-report-final
2017 global-cyber-risk-transfer-report-finalΔρ. Γιώργος K. Κασάπης
 
The cyber-chasm: How the disconnect between the C-suite and security endanger...
The cyber-chasm: How the disconnect between the C-suite and security endanger...The cyber-chasm: How the disconnect between the C-suite and security endanger...
The cyber-chasm: How the disconnect between the C-suite and security endanger...The Economist Media Businesses
 
Protecting the brand—cyber-attacks and the reputation of the enterprise
Protecting the brand—cyber-attacks and the reputation of the enterprise Protecting the brand—cyber-attacks and the reputation of the enterprise
Protecting the brand—cyber-attacks and the reputation of the enterprise The Economist Media Businesses
 
The case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmThe case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmDavid Sweigert
 
The Digital Multiplier: Five Steps To Digital Success In The Insurance Sector
The Digital Multiplier: Five Steps To Digital Success In The Insurance SectorThe Digital Multiplier: Five Steps To Digital Success In The Insurance Sector
The Digital Multiplier: Five Steps To Digital Success In The Insurance SectorAccenture Insurance
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)Sarah Jarvis
 
Cybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsCybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsAbdul-Hakeem Ajijola
 

Recommended

Briefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimensionBriefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimensionThe Economist Media Businesses
 
2017 global-cyber-risk-transfer-report-final
2017 global-cyber-risk-transfer-report-final2017 global-cyber-risk-transfer-report-final
2017 global-cyber-risk-transfer-report-finalΔρ. Γιώργος K. Κασάπης
 
The cyber-chasm: How the disconnect between the C-suite and security endanger...
The cyber-chasm: How the disconnect between the C-suite and security endanger...The cyber-chasm: How the disconnect between the C-suite and security endanger...
The cyber-chasm: How the disconnect between the C-suite and security endanger...The Economist Media Businesses
 
Protecting the brand—cyber-attacks and the reputation of the enterprise
Protecting the brand—cyber-attacks and the reputation of the enterprise Protecting the brand—cyber-attacks and the reputation of the enterprise
Protecting the brand—cyber-attacks and the reputation of the enterprise The Economist Media Businesses
 
The case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmThe case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmDavid Sweigert
 
The Digital Multiplier: Five Steps To Digital Success In The Insurance Sector
The Digital Multiplier: Five Steps To Digital Success In The Insurance SectorThe Digital Multiplier: Five Steps To Digital Success In The Insurance Sector
The Digital Multiplier: Five Steps To Digital Success In The Insurance SectorAccenture Insurance
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)Sarah Jarvis
 
Cybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsCybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsAbdul-Hakeem Ajijola
 
2017 cost of cyber crime study accenture
2017 cost of cyber crime study accenture2017 cost of cyber crime study accenture
2017 cost of cyber crime study accenturejob Titri company
 
Ics white paper report 2017
Ics white paper report 2017Ics white paper report 2017
Ics white paper report 2017Ir. Indin Hasan ST, MT, IPM, ASEAN Eng
 
Cost of Cybercrime 2017
Cost of Cybercrime 2017Cost of Cybercrime 2017
Cost of Cybercrime 2017Paperjam_redaction
 
Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Kim Jensen
 
cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattYigal Behar
 
Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?EMC
 
Cyber Risks - Maligec and Eskins
Cyber Risks - Maligec and EskinsCyber Risks - Maligec and Eskins
Cyber Risks - Maligec and EskinsChristine Maligec, CRM-E, CRIS
 
Four mistakes to avoid when hiring your next security chief (print version ...
Four mistakes to avoid when hiring your next security chief (print version ...Four mistakes to avoid when hiring your next security chief (print version ...
Four mistakes to avoid when hiring your next security chief (print version ...Niren Thanky
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
Heidi
HeidiHeidi
Heidikategat
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity EssayMichael Solomon
 
US cost_of_cyber_crime_study_final6
US cost_of_cyber_crime_study_final6 US cost_of_cyber_crime_study_final6
US cost_of_cyber_crime_study_final6 CMR WORLD TECH
 
Hpesp wp ponemon_costofcybercrimestudy2012_unitedstates(1)
Hpesp wp ponemon_costofcybercrimestudy2012_unitedstates(1)Hpesp wp ponemon_costofcybercrimestudy2012_unitedstates(1)
Hpesp wp ponemon_costofcybercrimestudy2012_unitedstates(1)Zeno Idzerda
 
15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage YearsJeremiah Grossman
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
2013-ISC2-Global-Information-Security-Workforce-Study
2013-ISC2-Global-Information-Security-Workforce-Study2013-ISC2-Global-Information-Security-Workforce-Study
2013-ISC2-Global-Information-Security-Workforce-StudyTam Nguyen
 
Prof m01-2013 global information security workforce study - final
Prof m01-2013 global information security workforce study - finalProf m01-2013 global information security workforce study - final
Prof m01-2013 global information security workforce study - finalSelectedPresentations
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for InsuranceAccenture Insurance
 
SolarWinds Federal Webinar: Government Cyber Security Survey: What you told us
SolarWinds Federal Webinar: Government Cyber Security Survey: What you told us SolarWinds Federal Webinar: Government Cyber Security Survey: What you told us
SolarWinds Federal Webinar: Government Cyber Security Survey: What you told us SolarWinds
 
2016 technology Industry Report
2016 technology Industry Report2016 technology Industry Report
2016 technology Industry ReportGraeme Cross
 
Aon RE-GEN Facility Fact Sheet
Aon RE-GEN Facility Fact SheetAon RE-GEN Facility Fact Sheet
Aon RE-GEN Facility Fact SheetGraeme Cross
 

More Related Content

What's hot

2017 cost of cyber crime study accenture
2017 cost of cyber crime study accenture2017 cost of cyber crime study accenture
2017 cost of cyber crime study accenturejob Titri company
 
Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Kim Jensen
 
cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattYigal Behar
 
Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?EMC
 
Four mistakes to avoid when hiring your next security chief (print version ...
Four mistakes to avoid when hiring your next security chief (print version ...Four mistakes to avoid when hiring your next security chief (print version ...
Four mistakes to avoid when hiring your next security chief (print version ...Niren Thanky
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity EssayMichael Solomon
 
US cost_of_cyber_crime_study_final6
US cost_of_cyber_crime_study_final6 US cost_of_cyber_crime_study_final6
US cost_of_cyber_crime_study_final6 CMR WORLD TECH
 
Hpesp wp ponemon_costofcybercrimestudy2012_unitedstates(1)
Hpesp wp ponemon_costofcybercrimestudy2012_unitedstates(1)Hpesp wp ponemon_costofcybercrimestudy2012_unitedstates(1)
Hpesp wp ponemon_costofcybercrimestudy2012_unitedstates(1)Zeno Idzerda
 
15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage YearsJeremiah Grossman
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
2013-ISC2-Global-Information-Security-Workforce-Study
2013-ISC2-Global-Information-Security-Workforce-Study2013-ISC2-Global-Information-Security-Workforce-Study
2013-ISC2-Global-Information-Security-Workforce-StudyTam Nguyen
 
Prof m01-2013 global information security workforce study - final
Prof m01-2013 global information security workforce study - finalProf m01-2013 global information security workforce study - final
Prof m01-2013 global information security workforce study - finalSelectedPresentations
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for InsuranceAccenture Insurance
 
SolarWinds Federal Webinar: Government Cyber Security Survey: What you told us
SolarWinds Federal Webinar: Government Cyber Security Survey: What you told us SolarWinds Federal Webinar: Government Cyber Security Survey: What you told us
SolarWinds Federal Webinar: Government Cyber Security Survey: What you told us SolarWinds
 

What's hot (20)

2017 cost of cyber crime study accenture
2017 cost of cyber crime study accenture2017 cost of cyber crime study accenture
2017 cost of cyber crime study accenture
 
Ics white paper report 2017
Ics white paper report 2017Ics white paper report 2017
Ics white paper report 2017
 
Cost of Cybercrime 2017
Cost of Cybercrime 2017Cost of Cybercrime 2017
Cost of Cybercrime 2017
 
Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015
 
cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-matt
 
Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?
 
Cyber Risks - Maligec and Eskins
Cyber Risks - Maligec and EskinsCyber Risks - Maligec and Eskins
Cyber Risks - Maligec and Eskins
 
Four mistakes to avoid when hiring your next security chief (print version ...
Four mistakes to avoid when hiring your next security chief (print version ...Four mistakes to avoid when hiring your next security chief (print version ...
Four mistakes to avoid when hiring your next security chief (print version ...
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...
 
Heidi
HeidiHeidi
Heidi
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity Essay
 
US cost_of_cyber_crime_study_final6
US cost_of_cyber_crime_study_final6 US cost_of_cyber_crime_study_final6
US cost_of_cyber_crime_study_final6
 
Hpesp wp ponemon_costofcybercrimestudy2012_unitedstates(1)
Hpesp wp ponemon_costofcybercrimestudy2012_unitedstates(1)Hpesp wp ponemon_costofcybercrimestudy2012_unitedstates(1)
Hpesp wp ponemon_costofcybercrimestudy2012_unitedstates(1)
 
15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
 
2013-ISC2-Global-Information-Security-Workforce-Study
2013-ISC2-Global-Information-Security-Workforce-Study2013-ISC2-Global-Information-Security-Workforce-Study
2013-ISC2-Global-Information-Security-Workforce-Study
 
Prof m01-2013 global information security workforce study - final
Prof m01-2013 global information security workforce study - finalProf m01-2013 global information security workforce study - final
Prof m01-2013 global information security workforce study - final
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance
 
SolarWinds Federal Webinar: Government Cyber Security Survey: What you told us
SolarWinds Federal Webinar: Government Cyber Security Survey: What you told us SolarWinds Federal Webinar: Government Cyber Security Survey: What you told us
SolarWinds Federal Webinar: Government Cyber Security Survey: What you told us
 

Viewers also liked

2016 technology Industry Report
2016 technology Industry Report2016 technology Industry Report
2016 technology Industry ReportGraeme Cross
 
Aon RE-GEN Facility Fact Sheet
Aon RE-GEN Facility Fact SheetAon RE-GEN Facility Fact Sheet
Aon RE-GEN Facility Fact SheetGraeme Cross
 
March 2016 Recall Register
March 2016 Recall RegisterMarch 2016 Recall Register
March 2016 Recall RegisterGraeme Cross
 
February 2016 Recall Register
February 2016 Recall RegisterFebruary 2016 Recall Register
February 2016 Recall RegisterGraeme Cross
 
May 2016 recall register
May 2016 recall registerMay 2016 recall register
May 2016 recall registerGraeme Cross
 
Risk intelligence: How to reliably mitigate transaction risk and secure clean...
Risk intelligence: How to reliably mitigate transaction risk and secure clean...Risk intelligence: How to reliably mitigate transaction risk and secure clean...
Risk intelligence: How to reliably mitigate transaction risk and secure clean...Graeme Cross
 
Aon Property Eye Summer 2016
Aon Property Eye Summer 2016Aon Property Eye Summer 2016
Aon Property Eye Summer 2016Graeme Cross
 
Political risk quarterly update Q3 2016
Political risk quarterly update Q3 2016Political risk quarterly update Q3 2016
Political risk quarterly update Q3 2016Graeme Cross
 
Guide to Unmanned Aircraft Systems (UAS)
Guide to Unmanned Aircraft Systems (UAS)Guide to Unmanned Aircraft Systems (UAS)
Guide to Unmanned Aircraft Systems (UAS)Graeme Cross
 
2015 Annual Global Climate and Catastrophe Report
2015 Annual Global Climate and Catastrophe Report2015 Annual Global Climate and Catastrophe Report
2015 Annual Global Climate and Catastrophe ReportGraeme Cross
 
Cyber Claims Insight
Cyber Claims InsightCyber Claims Insight
Cyber Claims InsightGraeme Cross
 
Aon credit international review 2015
Aon credit international review 2015Aon credit international review 2015
Aon credit international review 2015Graeme Cross
 
Real estate captive-en
Real estate captive-enReal estate captive-en
Real estate captive-enGraeme Cross
 
2016 London Market Review
2016 London Market Review2016 London Market Review
2016 London Market ReviewGraeme Cross
 
UK food and drink market update 2016
UK food and drink market update 2016UK food and drink market update 2016
UK food and drink market update 2016Graeme Cross
 

Viewers also liked (15)

2016 technology Industry Report
2016 technology Industry Report2016 technology Industry Report
2016 technology Industry Report
 
Aon RE-GEN Facility Fact Sheet
Aon RE-GEN Facility Fact SheetAon RE-GEN Facility Fact Sheet
Aon RE-GEN Facility Fact Sheet
 
March 2016 Recall Register
March 2016 Recall RegisterMarch 2016 Recall Register
March 2016 Recall Register
 
February 2016 Recall Register
February 2016 Recall RegisterFebruary 2016 Recall Register
February 2016 Recall Register
 
May 2016 recall register
May 2016 recall registerMay 2016 recall register
May 2016 recall register
 
Risk intelligence: How to reliably mitigate transaction risk and secure clean...
Risk intelligence: How to reliably mitigate transaction risk and secure clean...Risk intelligence: How to reliably mitigate transaction risk and secure clean...
Risk intelligence: How to reliably mitigate transaction risk and secure clean...
 
Aon Property Eye Summer 2016
Aon Property Eye Summer 2016Aon Property Eye Summer 2016
Aon Property Eye Summer 2016
 
Political risk quarterly update Q3 2016
Political risk quarterly update Q3 2016Political risk quarterly update Q3 2016
Political risk quarterly update Q3 2016
 
Guide to Unmanned Aircraft Systems (UAS)
Guide to Unmanned Aircraft Systems (UAS)Guide to Unmanned Aircraft Systems (UAS)
Guide to Unmanned Aircraft Systems (UAS)
 
2015 Annual Global Climate and Catastrophe Report
2015 Annual Global Climate and Catastrophe Report2015 Annual Global Climate and Catastrophe Report
2015 Annual Global Climate and Catastrophe Report
 
Cyber Claims Insight
Cyber Claims InsightCyber Claims Insight
Cyber Claims Insight
 
Aon credit international review 2015
Aon credit international review 2015Aon credit international review 2015
Aon credit international review 2015
 
Real estate captive-en
Real estate captive-enReal estate captive-en
Real estate captive-en
 
2016 London Market Review
2016 London Market Review2016 London Market Review
2016 London Market Review
 
UK food and drink market update 2016
UK food and drink market update 2016UK food and drink market update 2016
UK food and drink market update 2016
 

Similar to Ponemon 2015 EMEA Cyber Impact Report

ADAM ADLER MIAMI
ADAM ADLER MIAMI ADAM ADLER MIAMI
ADAM ADLER MIAMI AdamAdler10
 
Kaspersky: Global IT Security Risks
Kaspersky: Global IT Security RisksKaspersky: Global IT Security Risks
Kaspersky: Global IT Security RisksConstantin Cocioaba
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the MainframeBig Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the MainframePrecisely
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeErnst & Young
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeNishantSisodiya
 
The Economics of IT Risk and Reputation
The Economics of IT Risk and ReputationThe Economics of IT Risk and Reputation
The Economics of IT Risk and ReputationIBM Security
 
WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015Jeremiah Grossman
 
Aon Retail & Wholesale Inperspective Nov 2016
Aon Retail & Wholesale Inperspective Nov 2016Aon Retail & Wholesale Inperspective Nov 2016
Aon Retail & Wholesale Inperspective Nov 2016Graeme Cross
 
White Paper - Nuix Cybersecurity - US Localized
White Paper - Nuix Cybersecurity - US LocalizedWhite Paper - Nuix Cybersecurity - US Localized
White Paper - Nuix Cybersecurity - US LocalizedStuart Clarke
 
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the BoardroomSecuring the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the BoardroomIBM Security
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the BoardroomMarko Suswanto
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
 
State of Security Operations 2016
State of Security Operations 2016State of Security Operations 2016
State of Security Operations 2016Tim Grieveson
 
DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014- Mark - Fullbright
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityRahul Tyagi
 

Similar to Ponemon 2015 EMEA Cyber Impact Report (20)

ADAM ADLER MIAMI
ADAM ADLER MIAMI ADAM ADLER MIAMI
ADAM ADLER MIAMI
 
Kaspersky: Global IT Security Risks
Kaspersky: Global IT Security RisksKaspersky: Global IT Security Risks
Kaspersky: Global IT Security Risks
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the MainframeBig Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
 
ROI On DLP
ROI On DLPROI On DLP
ROI On DLP
 
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
 
The Economics of IT Risk and Reputation
The Economics of IT Risk and ReputationThe Economics of IT Risk and Reputation
The Economics of IT Risk and Reputation
 
WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015
 
Aon Retail & Wholesale Inperspective Nov 2016
Aon Retail & Wholesale Inperspective Nov 2016Aon Retail & Wholesale Inperspective Nov 2016
Aon Retail & Wholesale Inperspective Nov 2016
 
White Paper - Nuix Cybersecurity - US Localized
White Paper - Nuix Cybersecurity - US LocalizedWhite Paper - Nuix Cybersecurity - US Localized
White Paper - Nuix Cybersecurity - US Localized
 
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the BoardroomSecuring the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the Boardroom
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...
 
State of Security Operations 2016
State of Security Operations 2016State of Security Operations 2016
State of Security Operations 2016
 
DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe Security
 
Get Prepared
Get PreparedGet Prepared
Get Prepared
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And Security
 

More from Graeme Cross

Temporarily idle sites - COVID19
Temporarily idle sites - COVID19Temporarily idle sites - COVID19
Temporarily idle sites - COVID19Graeme Cross
 
Surety and Guarantee
Surety and GuaranteeSurety and Guarantee
Surety and GuaranteeGraeme Cross
 
Client bulletin; Brexit
Client bulletin; BrexitClient bulletin; Brexit
Client bulletin; BrexitGraeme Cross
 
BioEnergy Value Proposition
BioEnergy Value PropositionBioEnergy Value Proposition
BioEnergy Value PropositionGraeme Cross
 
IFRS Report - Important upcoming accounting changes
IFRS Report - Important upcoming accounting changes IFRS Report - Important upcoming accounting changes
IFRS Report - Important upcoming accounting changes Graeme Cross
 
Aon Cyber Risk Solutions
Aon Cyber Risk SolutionsAon Cyber Risk Solutions
Aon Cyber Risk SolutionsGraeme Cross
 
Aon property laser placemat
Aon property laser placematAon property laser placemat
Aon property laser placematGraeme Cross
 
Prepare to Disclose Climate Risk
Prepare to Disclose Climate RiskPrepare to Disclose Climate Risk
Prepare to Disclose Climate RiskGraeme Cross
 
Supply chain diagnostic brochure
Supply chain diagnostic brochureSupply chain diagnostic brochure
Supply chain diagnostic brochureGraeme Cross
 
Global supply chain management brochure
Global supply chain management brochureGlobal supply chain management brochure
Global supply chain management brochureGraeme Cross
 
Aon Global Client Network Fact Sheet
Aon Global Client Network Fact SheetAon Global Client Network Fact Sheet
Aon Global Client Network Fact SheetGraeme Cross
 
Aon Global Client Network map
Aon Global Client Network mapAon Global Client Network map
Aon Global Client Network mapGraeme Cross
 
Cyber Client Alert
Cyber Client AlertCyber Client Alert
Cyber Client AlertGraeme Cross
 
Global optimisation index
Global optimisation indexGlobal optimisation index
Global optimisation indexGraeme Cross
 
Aon Thought Leadership Guide
Aon Thought Leadership GuideAon Thought Leadership Guide
Aon Thought Leadership GuideGraeme Cross
 
Environmental insurance market status Q1 2017
Environmental insurance market status Q1 2017Environmental insurance market status Q1 2017
Environmental insurance market status Q1 2017Graeme Cross
 
Global Cyber Market Overview June 2017
Global Cyber Market Overview June 2017Global Cyber Market Overview June 2017
Global Cyber Market Overview June 2017Graeme Cross
 
Aon GDPR prepare and protect solution placemat
Aon GDPR prepare and protect solution placematAon GDPR prepare and protect solution placemat
Aon GDPR prepare and protect solution placematGraeme Cross
 
Aon GDPR white paper
Aon GDPR white paperAon GDPR white paper
Aon GDPR white paperGraeme Cross
 

More from Graeme Cross (20)

Temporarily idle sites - COVID19
Temporarily idle sites - COVID19Temporarily idle sites - COVID19
Temporarily idle sites - COVID19
 
Surety and Guarantee
Surety and GuaranteeSurety and Guarantee
Surety and Guarantee
 
Client bulletin; Brexit
Client bulletin; BrexitClient bulletin; Brexit
Client bulletin; Brexit
 
BioEnergy Value Proposition
BioEnergy Value PropositionBioEnergy Value Proposition
BioEnergy Value Proposition
 
IFRS Report - Important upcoming accounting changes
IFRS Report - Important upcoming accounting changes IFRS Report - Important upcoming accounting changes
IFRS Report - Important upcoming accounting changes
 
Aon Cyber Risk Solutions
Aon Cyber Risk SolutionsAon Cyber Risk Solutions
Aon Cyber Risk Solutions
 
Aon property laser placemat
Aon property laser placematAon property laser placemat
Aon property laser placemat
 
Prepare to Disclose Climate Risk
Prepare to Disclose Climate RiskPrepare to Disclose Climate Risk
Prepare to Disclose Climate Risk
 
Supply chain diagnostic brochure
Supply chain diagnostic brochureSupply chain diagnostic brochure
Supply chain diagnostic brochure
 
Global supply chain management brochure
Global supply chain management brochureGlobal supply chain management brochure
Global supply chain management brochure
 
Aon Global Client Network Fact Sheet
Aon Global Client Network Fact SheetAon Global Client Network Fact Sheet
Aon Global Client Network Fact Sheet
 
Aon Global Client Network map
Aon Global Client Network mapAon Global Client Network map
Aon Global Client Network map
 
Cyber Client Alert
Cyber Client AlertCyber Client Alert
Cyber Client Alert
 
Global optimisation index
Global optimisation indexGlobal optimisation index
Global optimisation index
 
Aon Thought Leadership Guide
Aon Thought Leadership GuideAon Thought Leadership Guide
Aon Thought Leadership Guide
 
2017 Risk Maps
2017 Risk Maps2017 Risk Maps
2017 Risk Maps
 
Environmental insurance market status Q1 2017
Environmental insurance market status Q1 2017Environmental insurance market status Q1 2017
Environmental insurance market status Q1 2017
 
Global Cyber Market Overview June 2017
Global Cyber Market Overview June 2017Global Cyber Market Overview June 2017
Global Cyber Market Overview June 2017
 
Aon GDPR prepare and protect solution placemat
Aon GDPR prepare and protect solution placematAon GDPR prepare and protect solution placemat
Aon GDPR prepare and protect solution placemat
 
Aon GDPR white paper
Aon GDPR white paperAon GDPR white paper
Aon GDPR white paper
 

Recently uploaded

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 

Recently uploaded (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 

Ponemon 2015 EMEA Cyber Impact Report

  • 1. Research independently conducted by Ponemon Institute LLC and commissioned by Aon Risk Solutions Published: June 2015 2015 EMEA Cyber Impact Report The increasing cyber threat – what is the true cost to business?
  • 2. Aon Foreword. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Ponemon Institute Cyber Impact Research. . . . . . . . . . . . . . . . . . 4 Tangible versus intangible assets – a story of unequal risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Data and security breaches – more common than you think . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Management versus mitigation – the role and take-up of insurance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 An industry challenge – limited experience with an evolving risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Aon Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Table of Contents 2 2015 EMEA Cyber Impact Report2 2015 EMEA Cyber Impact Report
  • 3. In an era of global connectivity, online information and systems are playing an increasingly central role in business. According to data from Cisco, worldwide internet-connected devices will reach 50 billion by 2020, and with 15 billion devices already in 2015 it is apparent that an increasing numbers of companies, systems and information are working online. As the tech revolution gathers pace however, so too do the associated risks. In 2014 Sony Pictures suffered a high profile and damaging hack, and early in 2015 the co-ordinated Carbanak attack on banks worldwide was estimated to have totalled up to USD1 billion in stolen funds. Further evidence of the growth in cyber risk is the +50% Compound Annual Growth Rate (CAGR) of Aon cyber insurance cover in the five years to 2014. The financial consequences of a cyber breach can be wide-ranging, including business interruption, forensic IT costs, supply chain disruption and intellectual property theft. Attacks have the potential to affect virtually every industry, from manufacturing, through to retail, life sciences, and healthcare - the issue is not confined to financial institutions or global brand management companies. It is against this backdrop that, in March 2015, Aon commissioned the Ponemon Institute, a leading research firm on privacy, data protection and information security, to conduct a groundbreaking global cyber risk study (including almost 550 interviews with Europe, Middle East and Africa (EMEA) business leaders). We sought to understand how organisations qualify and quantify the financial statement exposures of their intangible (cyber) assets, relative to tangible assets like property, plant and equipment. The research found that in EMEA, only 11% of potential loss to intangible assets was covered by insurance, compared with 49% for tangible assets. This is despite almost four in ten companies having experienced a cyber breach in the past 24 months. This bias means information and system assets are too often exposed without appropriate coverage, which has significant implications for increasingly connected global businesses. Our intention is that this cyber risk study will assist risk managers, finance, IT and legal in taking a broader look at their organisation’s overall risk profile and ensuring sufficient insurance coverage is in place for the relative financial impact of all risks – not only the traditional, tangible ones. Bill Peck CCO EMEA, Aon Risk Solutions Karl Hennessy CBO EMEA & CEO Global Broking Centre, Aon Risk Solutions Aon Foreword Research independently conducted by Ponemon Institute LLC and commissioned by Aon Risk Solutions 3
  • 4. This research was commissioned by Aon and independently conducted by Ponemon Institute LLC. This report focuses on the research findings for EMEA only, based on the perceptions of 545 EMEA business leaders, largely in finance, risk, information security and compliance. Further information on the research methodology is provided on page 8. Tangible versus intangible assets – a story of unequal risk The survey reveals that the perceived value of both tangible and intangible assets is relatively similar, with just 3% difference. On average, the total value of tangible assets reported was USD872 million, compared to USD845 million for intangible assets. When asked to estimate an average figure for the loss or destruction of all their intangible assets (or probable maximum loss / PML), again the estimation was similar (USD638 million for intangible assets, compared to USD615 million for their tangible assets). In contrast, both the impact of business disruption to intangible assets and the likelihood of an intangible asset or data breach occurring is seen as significantly greater than for tangible assets. The estimated impact of a business interruption to intangible assets is USD168 million, 63% higher than USD103 million for tangible assets; while the likelihood of experiencing a loss is 4.7%, compared to 1.5% for tangible assets (for losses totalling no more than 50% of PML over the next 12 months). Aon Expert Perspective “The preparedness and protection mechanisms of companies against a tangible assets disruption is greater; there are more contingency/ emergency plans in place as risks are better known and understood, while tangible assets can also be more easily replaced. Conversely, disruption against intangible assets such as know-how, and intellectual property which, once lost, are lost forever, is harder to plan for and protect against.” Claudia Beatriz Gomez Financial Lines Director, Aon Risk Solutions, Spain Incident impact and loss likelihood Tangible assets Intangible assets Impact: estimated loss to assets (USD) following business disruption Likelihood: of loss totalling ≤50% of PML in next 12 months 4.7% +313% Difference between tangible and intangible assets 1.5% $168m +163% $103m Ponemon Institute Cyber Impact Research 4 2015 EMEA Cyber Impact Report
  • 5. Data and security breaches – more common than you think While some risk professionals may feel a cyber incident is unlikely in their business or industry, the reality is quite different, with the survey revealing that almost four in ten (38%) have experienced a material or significantly disruptive loss relating to a data breach or security exploit (vulnerability) in the past 24 months. The average financial impact of these EMEA incidents was USD1.1 million, with the most common involving a cyber attack disrupting business and IT operations (84%). Cyber is clearly on the corporate risk agenda for four in ten businesses, with 38% placing cyber as a top five business risk. Further, just under half (46%) expect cyber risk exposures to increase in the next two years, while 40% think the level of risk will stay the same. Data and security breaches Not experienced a breach Experienced a breach* 9% 15% 16% 16% 21% 84% Cyber attack that caused disruption to business and IT operations System or business process failures that caused disruption to business operations Negligence or mistakes that resulted in the loss of business confidential information Cyber attack that resulted in the misuse or theft of business confidential information Cyber attack that resulted in the theft of business confidential information, thus requiring notification to victims Other 62% 38% *Breach is a material or significantly disruptive security exploit or data breach one or more times in past 24 months Aon Expert Perspective “Cyber incidents have complex implications and are becoming increasingly common. For example, in late 2014 a European steel mill suffered huge damage resulting from hackers gaining entry to the plant’s network and causing an unscheduled furnace shutdown. Here we saw an intangible asset incident having very real implications on physical assets and business interruption. As mobile devices, cloud computing, data and analytics and ‘the internet of things’ continue to grow and become even more integral to business operations, the opportunities for cyber incidents increase at a similar pace.” Mark Buningh Cyber Risk Practice Leader, Aon Risk Solutions, Netherlands Research independently conducted by Ponemon Institute LLC and commissioned by Aon Risk Solutions 5
  • 6. Expect to be included External attacks by cyber criminals Malicious or criminal insiders Forensic and investigative costs 3rd party liability Legal defence costs Replacement of lost or damaged equipment Access to cyber security forensic experts Access to legal and regulatory experts Assistance in remediation of the incident Don’t expect to be included Human error, mistakes and negligence Incidents affecting business partners, vendors or other 3rd parties that have access to your company’s information assets System or business process failures Brand damages Revenue losses Communications costs to regulators Regulatory penalties and fines Notification costs to data breach victims Identity protection for breach victims Credit monitoring for breach victims Assistance in the notification of breach victims Advanced warnings about ongoing threats Access to specialised technology and tools Aon Expert Perspective “Some organisations think cyber insurance will have too many exclusions, or is too new, unproven or specialist. There is also a perception that quotations require a lot of time, so these perceptions are rarely challenged and organisations continue to rely on self insurance. However, cyber cover has been available for more than 15 years and getting an indication of price and exactly what is covered is relatively easy these days. Further, many aspects that EMEA organisations don’t expect to be covered (e.g. human error, third party incidents, system failures and notification costs to victims) are often included in cyber insurance policies, or can certainly be negotiated with insurers. And with a tangible proposal that can be discussed at board level, organisations can make more deliberate and informed decisions about cyber insurance, rather than leaving it ‘out of sight, out of mind’.” Jonathan Case Chief Broking Officer, Aon Risk Solutions, Finland Management versus mitigation – the role and take-up of insurance Despite this growing awareness of cyber risk, there is a huge insurance gap. When comparing intangible assets to tangible assets, EMEA business leaders indicated that intangible assets are 38% more exposed than tangible assets on a relative value to insurance protection basis. Nearly half the potential loss (49%) to tangible assets is covered by insurance, but only 11% for intangible assets. In contrast, self insurance – retaining the risk on their own balance sheets rather than buying an insurance policy – is far more common for intangible assets. Percentage of assets covered by insurance Potential loss self insured Potential loss covered by insurance Intangible assets Tangible assets 59% 11% 26% 49% Perceptions of cyber insurance in EMEA Respondents considered what incidents, coverages and services are included in cyber insurance • “Expect to be included” is aspects of cyber cover 70% or more agree with • “Don’t expect to be included” is aspects of cyber cover 30% or less agree with Focusing specifically on cyber insurance cover, 79% of businesses surveyed don’t currently have cyber insurance in place. And on average, there seems to be a stronger perception of exclusions than inclusions. Less than 3 in 10 EMEA businesses surveyed believe incidents involving human error or affecting third parties are covered, nor the costs to notify data breach victims. In contrast, most perceive external cyber criminal and internal malicious attacks would be covered. ServicesCoveragesIncidents ServicesCoveragesIncidents 6 2015 EMEA Cyber Impact Report
  • 7. Financial statment disclosure of material losses Tangible assets Intangible assets No material loss disclosure 37% 9% An industry challenge – limited experience with an evolving risk Reflecting the relatively low take-up of cyber insurance, there is also a clear lack of formal risk assessment around cyber risk with 44% determining their business’s level of cyber risk based on intuition, informal internal assessment, or without any assessment at all. The research also revealed a low level of awareness and understanding of the consequences of cyber risk. For example, only 23% of respondents said they were fully aware of the legal and economic consequences that could result from a data breach or security exploit in other countries in which their business operates. In addition, 37% of businesses would not disclose a material loss to their intangible assets in their financial statements, whereas only 9% would not disclose a material loss to tangible assets. This under reporting for intangible assets (driven by different regulatory requirements) results in the frequency and magnitude of cyber risk being under- represented in the public realm. Aon Expert Perspective “Almost all organisations recognise cyber as a growing concern, but many still perceive it to be a ‘new’ or unfamiliar risk. Depending on an organisation’s risk maturity, some don’t have the experience to both assess and quantify the risk effectively, nor risk manage it within their organisations. But once the risks are better understood and valued, then organisations can intelligently consider cyber solutions, risk management procedures and what an insurance policy can bring to the table.” Jonathan Upshall Cyber Insurance Broking Director, London Global Broking Centre, Aon Risk Solutions, UK Research independently conducted by Ponemon Institute LLC and commissioned by Aon Risk Solutions 7
  • 8. Employees (worldwide) 27% 20% 20% 15% 8%10% Less than 500 500 to 1,000 1,001 to 5,000 5,001 to 25,000 25,001 to 75,000 More than 75,000 Industry 10% 10% 20% 9% 6% 6% 6% 7% 6% 4% Financial services Health & pharmaceuticals Retail Industrial Services Consumer products Public sector Technology & software Education & research Energy & utilities Country 18% 22% 12%9% 8% 7% 5% 4% 4% UK Germany France Spain Italy Netherlands Saudi Arabia Russian Fed Turkey Less than 4% not annotated in chart Less than 4% not annotated in chart Methodology This global cyber impact research was independently conducted by Ponemon Institute LLC, and commissioned by Aon. The research was conducted in March 2015 and included 2,243 companies in 37 countries across Europe, Middle East, Africa (EMEA), North America, Asia, Pacific, Japan and Latin America. This report focuses on the research findings for EMEA only, based on surveys with 545 companies in 15 countries throughout EMEA. The profile of the survey sample is summarised in these charts. 8 2015 EMEA Cyber Impact Report
  • 9. Key definitions In the context of this research: • Cyber risk means any risk of financial loss, disruption or damage to the reputation of an organisation from some sort of failure of its information technology systems. • Intangible (cyber) assets includes customer records, employee records, financial reports, analytical data, source code, models methods and other intellectual properties. • Tangible (property, plant and equipment) assets includes all a company’s fixed assets plus supervisory control and data acquisition systems, and industrial control systems. • Probable maximum loss (PML) relates to the maximum loss a business can suffer following an incident. • For tangible assets this assumes the normal functioning of passive protective features – such as firewalls, non-flammable materials, proper functioning of active suppression systems, fire sprinklers, raised flooring and more. • For intangible assets this assumes the normal functioning of passive protective cybersecurity features – such as perimeter controls, data loss prevention tools, data encryption, identity and access management systems and more. • Total Value is an estimate of the value based on full replacement cost (not historic cost). • Average financial impact of security exploits or data breaches includes all costs, including out-of-pocket expenditures such as consultant and legal fees, indirect business costs such as productivity losses, diminished revenues, legal actions, customer turnover and reputation damages. Research independently conducted by Ponemon Institute LLC and commissioned by Aon Risk Solutions 9
  • 10. The Ponemon Institute 2015 Cyber Impact Report research has revealed a troublingly low level of understanding and insurance risk transfer for intangible assets, particularly when contrasted with EMEA businesses’ approach to tangible assets. Specific highlights from the Ponemon Institute 2015 Cyber Risk Study research include: • Information technology assets are 38% more exposed than property assets, with 11% of potential loss to intangible assets covered by insurance, compared with 49% for tangible assets. • This is despite the fact that estimated value and maximum loss is on a par for intangible and tangible assets (e.g. probable maximum loss of USD638 million and USD615 million respectively). • Almost four in ten (38%) of businesses surveyed experienced a material or significantly disruptive loss relating to a security or data breach in the past 24 months. The average financial impact of these incidents was USD1.1 million. • 37% of businesses would not disclose a material loss to their intangible assets in their financial statements, whereas only 9% would not disclose a material loss to tangible assets. • Four in ten (44%) determine their businesses’ level of cyber risk based on intuition, informal internal assessment, or without any assessment at all. Given the limited level of cyber risk assessment and cyber incident disclosure, it is unsurprising that cyber risks often remain misunderstood or unquantified. We would recommend companies take a proactive approach to assessing their cyber risk exposures and consider more closely the significance and business disruption impact of intangible asset incidents. Further, as cyber cuts across many areas of an organisation, cross functional engagement is key, including risk/compliance, IT, finance and legal. Aon Conclusion 10 2015 EMEA Cyber Impact Report
  • 11. Mark Buningh Cyber Risk Practice Leader Netherlands +31 (0)6 5134 6614 mark.buningh@aon.nl Jonathan Case Chief Broking Officer Finland +358 201 266 281 jonathan.case@aon.fi Claudia Beatriz Gomez Financial Lines Director Spain +34 91 340 5645 claudiabeatriz.gomez@aon.es Jonathan Upshall Cyber Insurance Broking Director United Kingdom +44 (0)20 7086 1897 jonathan.upshall@aon.co.uk Contacts Research independently conducted by Ponemon Institute LLC and commissioned by Aon Risk Solutions 11 Research independently conducted by Ponemon Institute LLC and commissioned by Aon Risk Solutions 11
  • 12. FP GBCXTEMEA0001 About Aon Aon plc (NYSE:AON) is a leading global provider of risk management, insurance brokerage and reinsurance brokerage, and human resources solutions and outsourcing services. Through its more than 69,000 colleagues worldwide, Aon unites to empower results for clients in over 120 countries via innovative risk and people solutions. For further information on our capabilities and to learn how we empower results for clients, please visit: http://aon.mediaroom.com. Follow Aon on Twitter: twitter.com/Aon_plc Sign up for News Alerts: aon.mediaroom.com/index.php?s=58 © Aon plc 2015. All rights reserved. The information contained herein and the statements expressed are of a general nature and are not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information and use sources we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. Ponemon Institute Advancing Responsible Information Management Ponemon Institute is dedicated to independent research and education that advances responsible information and privacy management practices within business and government. Our mission is to conduct high quality, empirical studies on critical issues affecting the management and security of sensitive information about people and organizations. As a member of the Council of American Survey Research Organizations (CASRO),we uphold strict data confidentiality, privacy and ethical research standards. We do not collect any personally identifiable information from individuals (or company identifiable information in our business research). Furthermore, we have strict quality standards to ensure that subjects are not asked extraneous, irrelevant or improper questions.