SlideShare a Scribd company logo

Is cyber security now too hard for enterprises?

Pierre Audoin Consultants
Pierre Audoin Consultants

Cyber security trends in the UK Enterprises today are faced with three key challenges: - Implementing new SMAC technologies to support the business, as part of their digital transformation programs, but while keeping it secure; - Responding to the increasing and changing threat landscape of targeted attacks; - Achieving and retaining compliance with an increasing number of rules and regulations. How do enterprises respond, in the context of a nationwide shortage in cyber security skills? Our hypothesis for this study was that enterprises are struggling to cope with the increase in workload, and are increasingly offloading (some of) their security provision to outsourcing providers as Managed Security Services (MSS). We surveyed 230 decision makers in large companies (1000+ employees) in the UK, to understand their motivations and drivers with regard to cyber security provision. This study deals with the following questions: - What do companies understand about the growing cyber threat landscape? - How are companies meeting their resource challenges in cyber security? - How are they using external providers to meet resource challenges? - What are the drivers and inhibitors for using external cyber security providers? - What alternative approaches to external cyber security provision being considered? - Which services do companies expect from a cyber security provider? - What are the capabilities and attributes of a credible cyber security provider?

Technology
1 of 16
Download to read offline
© PAC Is cyber security now too hard for enterprises? Cyber security trends in the UK 2015 Executive Summary
© PAC Sponsors 2015Cyber security trends in the UK2 The creation and distribution of this study was supported by CGI, cybX and Fujitsu/Symantec. Premium sponsors: Gold sponsor:
© PAC Core statements I.  Cyber security is now too hard for enterprises ●  The threat is increasing ●  Board level concern is increasing ●  Yet budget are static II.  Enterprises would prefer to: ●  Hire more staff and retrain existing internal staff ●  Use external resources on a project basis only ●  And yet, 70% of enterprises outsource at least some of their security III.  Enterprises are more willing to consider outsourced security ●  There’s an inherent reluctance to outsource ●  But it fixes some immediate issues, such as skills and compliance IV.  BDMs are: ●  Less likely to support Cloud-based security ●  More concerned at the prospect of outsourcing Governance and Security Management 2015Cyber security trends in the UK3
© PAC Introduction Enterprises today are faced with three key challenges: ●  Implementing new SMAC technologies to support the business, as part of their digital transformation programs, but while keeping it secure; ●  Responding to the increasing and changing threat landscape of targeted attacks; ●  Achieving and retaining compliance with an increasing number of rules and regulations. Our hypothesis for this study was that enterprises are struggling to cope with the increase in workload, and are increasingly offloading (some of) their security provision to outsourcing providers as Managed Security Services (MSS). We surveyed 230 decision makers in large companies in the UK, to understand their motivations and drivers with regard to cyber security provision. 2015 This study deals with the following questions: ●  What do companies understand about the growing cyber threat landscape? ●  How are companies meeting their resource challenges in cyber security? ●  How are they using external providers to meet resource challenges? ●  What are the drivers and inhibitors for using external cyber security providers? ●  What alternative approaches to external cyber security provision being considered? ●  Which services do companies expect from a cyber security provider? ●  What are the capabilities and attributes of a credible cyber security provider? 53% CxO IT Decision Makers 21% Business Decision Makers 47% Critical National Infrastructure 16% Manufacturing15% Financial Services16% Sample Cyber security trends in the UK4
© PAC Executive summary I The overall picture of cyber security provision in large organisations is that the threat landscape is getting worse, board attention and focus is increasing, but there is a funding shortfall in many organisations. An overwhelming majority of enterprises see the cyber threat getting worse. This is not a surprise, but it does enable us to quantify the scale and extent of enterprises’ perception regarding the cyber landscape. As our figure shows, 70% of respondents believe that the situation is getting worse. We believe that this is caused in part by respondents’ own experience within their firms and partly by the greater exposure to cyber security breaches in the national and trade press. Firms’ preferred approach to this is to increase the amount of security automation, followed by training of internal staff. There is a clear reluctance (or inability) to hire external staff and a tangible antipathy towards outsourcing. However, organisational reluctance to outsourcing does not necessarily translate into practice, with more organisations admitting to using external resources than would prefer to do so. 2015Cyber security trends in the UK5 Cyber security is increasing in importance as the threat landscape worsens. But budgets are not rising in line. 70% The cyber threat landscape is getting worse, in terms of the number and type of threats and threat sources 53% There has been no increase in cyber security budget
© PAC Executive summary II 2015Cyber security trends in the UK6 Firms are suspicious of outsourcing as they dislike loss of visibility & control. But they do use 3rd parties selectively. Our research shows that organisations have an innate reluctance to outsource, and this even extends to admitting that outsourcing goes on. But by drilling down into actual practice we discover that there is a high degree of use of external provision, including outsourcing. The prevalent method of using external provision is by buying in expertise on a project-by-project basis. The overall motivation for using external provision, including outsourcing, is a combination of a lack of funds and expertise, echoing our earlier findings which identified a funding gap. The double whammy of insufficient funds and a scarcity of skills appears to be driving organisations towards external resources, including outsourcing, even though there is a clear reluctance to do this. This represents an entirely pragmatic approach, according to PAC. Organisations dislike losing visibility and control of processes, especially those that have a high risk profile such as cyber security. But the pressures on budgets and expertise are such that companies have little option but to use external providers. 26% 74% Outsourcing part or all of security provision Other approaches Preferred approach to increased security workload Possible parts of security you could outsource in the future 74% 26% A broad range of outsourcing targets Would not consider outsourcing
© PAC Executive summary III 2015Cyber security trends in the UK7 The importance of cyber security to enterprises drives a detailed examination of suppliers’ credentials & experience Cyber security is critical to organisations. And although they currently use external providers, they are clear that when they do such providers must come with robust credentials. Of those organisations that currently outsource or use external support for security provision, a majority target risk management (combined 75%) and audit & penetration tests (76%). 68% of firms that use some external provision do so in the management of security solutions, a oft-reported headache for CISOs. Enterprises are clear when asked to report the key attributes of a potential cyber security services provider. They value evidence, in the form of a strong track record and security expertise and skills. Industry knowledge is also important, as is a trusted and well-known brand. Cyber security is too important to businesses for them to adopt additional risks with their suppliers. It is important then for suppliers to communicate their track records, and strong industry knowledge is also extremely useful. 73% Strong track record in cyber security 71%Security expertise and skills
© PAC Premium Sponsors – Profiles
© PAC Company profile: cybX About cybX cybX is a cutting edge cyber training and exercising capability that builds your organisation’s confidence in exploiting the growth opportunities of digital innovation in the global economy and to develop resilience against the ever-evolving threat of cyber attacks. cybX is delivered by Serco Ltd from the Cabinet Office’s Emergency Planning College (EPC). Using simulated corporate networks, cybX can apply a range of real world cyber attacks to an organisation’s current or future operating model. This enables organisations to manage the sophisticated challenge of cyber-attacks by placing people at the heart of the solution and taking a business driven, cross-functional approach to cyber resilience, cybX aims to integrate your cyber security team with your crisis management, communications, business continuity and risk management functions. By taking a ‘board room’ to ‘server room’ approach, we help organisations to: • Integrate cyber-resilience into wider enterprise risk management and governance. • Have objective assessment of business risks resulting from different cyber attacks • Develop and deliver a road map for a business driven cyber resilience capability The cybX training and exercising ethos is to establish long-term relationships, and work in partnership with our clients and supporting partners. We believe cybX offers the potential for a ‘step change’ in training, testing and developing cyber resilience and ensuring it’s coherent with wider resilience best practice. To find out more please visit www.cybX.org' 2015Cyber security trends in the UK9
© PAC Company profile Fujitsu Technology Solutions GmbH About Fujitsu Fujitsu is a Japanese IT company offering a complete range of products, services and solutions. From looking after applications and protecting data, to managing supercomputers around the world, Fujitsu helps businesses everywhere to become more innovative and efficient. Fujitsu employs 162,000 people worldwide with 14,000 people based in the UK and Ireland. For the fiscal year ending March 31, 2014, Fujitsu reported revenues of US$46 billion globally, with the UK & Ireland’s annual revenue reaching £1.8 billion. Fujitsu is committed to being a responsible business and recently achieved a 4 star rating in Business in the Community’s 2014 Corporate Responsibility Index, as well as being ranked number 17 in the in Newsweek’s Global Top 500 Green companies. Over the last five decades Fujitsu has played a vital role in building and maintaining many of the services that keep the UK and Ireland working. Today, Fujitsu ICT solutions are behind many of the daily services that touch the lives of millions of people every single day. Every day, Fujitsu technology is touching lives: •  Enabling the processing of 2.8 million UK passports every year •  Helping hospitality companies serve over 570 million drinks and over 130 million meals every year •  Helping to supply energy to 12 million homes and 1 million businesses •  Providing the infrastructure for over 40% of the UK’s broadband network •  Helping financial services providers to serve over 40 million customers and operate over 20,000 local branches •  Connecting 300,000 defence users in over 2,000 locations worldwide •  Helping businesses everywhere to become safer (more secure), more innovative and more efficient. Fujitsu see’s information technology as part of the bigger picture and as one of the world’s largest ICT providers, it works towards bringing a prosperous future that fulfils the dreams of people throughout the world. 2015Cyber security trends in the UK10
© PAC Company profile: Symantec About Fujitsu Symantec Corporation (NASDAQ: SYMC) is an information protection expert that helps people, businesses and governments seeking the freedom to unlock the opportunities technology brings -- anytime, anywhere. Founded in April 1982, Symantec, a Fortune 500 company, operating one of the largest global data-intelligence networks, has provided leading security, backup and availability solutions for where vital information is stored, accessed and shared. The company's more than 20,000 employees reside in more than 50 countries. Ninety-nine percent of Fortune 500 companies are Symantec customers. In fiscal 2014, it recorded revenues of $6.7 billion. To learn more go to www.symantec.com or connect with Symantec at: go.symantec.com/socialmedia. 2015Cyber security trends in the UK11
© PAC Gold Sponsor – Profile
© PAC Company profile: CGI About CGI Founded in 1976, CGI Group Inc. is the fifth largest independent information technology and business process services firm in the world. Approximately 68,000 professionals serve thousands of global clients from offices and delivery centres across the Americas, Europe and Asia Pacific, leveraging a comprehensive portfolio of services including high-end business and IT consulting, systems integration, application development and maintenance, infrastructure management as well as a wide range of proprietary solutions. Cyber security is part of everything we do and for over 35 years, our government and commercial clients have regarded us as their cyber security expert of choice. Cyber-attacks are becoming more sophisticated and can cause financial loss, reputational damage, theft of business critical information or regulatory fines. We have helped our clients build cyber security into their corporate strategy so they can conduct business in a digital age with confidence, openly and globally, driving competitive advantage, efficiency and growth. We have invested heavily in establishing our credentials by working closely with international security associations and standards bodies and we have built a CGI UK Cyber Centre. Many of our experts are recognised as leaders in the industry, contributing to the development of standards such as ISO/IEC 27002. They are part of CGI’s 1,400 strong global cyber security team and they bring this shared expertise, research, knowledge and solutions to our client projects. We have received many accolades for our work and have supported our clients to achieve a 100% success rate when undertaking ISO 27001 accreditation. We provide the deep sector and cyber expertise needed to keep ahead of the attackers and protect an organisation. 2015Cyber security trends in the UK13
© PAC Company profile: CGI About CGI (continued) Our cyber security technical experts have helped our clients design, develop and deliver some of the world’s most complex, secure technology projects and services. We have also been trusted by hundreds of government and commercial clients to help them operate securely. CGI has ten Security Operating Centres (including one in the UK) providing Protective Monitoring and Advanced Threat Investigation services - handling more than 74 million cyber events every day. For 27 years we have operated a commercial evaluation facility and regularly test the products and services of over 25 global technology suppliers. We offer the full range of cyber security services needed by clients to: •  assess their cyber security risk including risk and vulnerability assessments, governance, awareness, supply chain review and compliance •  protect their business including new technologies such as mobile and cloud, secure systems engineering, identity and access management, testing, certification •  operate with confidence including protective monitoring, advanced threat investigation, penetration testing and incident response Our deep and broad experience helps our clients be agile, adopt new technologies and ways of working, develop a global supply chain and open new channels to their customers – whilst remaining confident that they are secure. We believe that if you want your organisation to be considered as a top employer, one that customers love, that suppliers want to be working with and which takes advantage of the latest technologies - cyber security should be part of that vision. Find our more at cgi-group.co.uk/cybersecurity or contact us on cybersecurity@cgi.com 2015Cyber security trends in the UK14
© PAC Disclaimer, usage rights, independence and data protection This study was compiled in multi-client mode under the sponsorship of CGI, cybX and Fujitsu/Symantec. For further information, please visit www.pac-online.com. Disclaimer The contents of this study were compiled with the greatest possible care. However, no liability for their accuracy can be assumed. Analyses and evaluations reflect the state of our knowledge in January 2015 and may change at any time. This applies in particular, but not exclusively, to statements made about the future. Names and designations that appear in this study may be registered trademarks. Usage rights This study is protected by copyright. Any reproduction or dissemination to third parties, including in part, requires the prior explicit authorization of the sponsors. The publication or dissemination of tables, graphics etc. in other publications also requires prior authorization. Independence and data protection This study was produced solely by Pierre Audoin Consultants (PAC). The sponsors had no influence over the analysis of the data and the production of the study. The participants in the study were assured that the information they provided would be treated confidentially. No statement enables conclusions to be drawn about individual companies, and no individual survey data was passed to the sponsors or other third parties. All participants in the study were selected at random. There is no connection between the production of the study and any commercial relationship between the respondents and the sponsors of this study. 2015Cyber security trends in the UK15
© PAC From strategy to execution, PAC delivers focused and objective responses to the growth challenges of Information and Communication Technology (ICT) players. PAC helps ICT vendors to optimize their strategies by providing quantitative and qualitative market analysis as well as operational and strategic consulting. We advise CIOs and financial investors in evaluating ICT vendors and solutions and support their investment decisions. Public institutions and organizations also rely on our key analyses to develop and shape their ICT policies. Founded in 1976 and headquartered in Paris, France, PAC is part of the CXP Group, the leading European research & advisory firm in the field of software and IT services. For more information, please visit: www.pac-online.com PAC’s latest news: www.pac-online.com/blog About us" 2015 Duncan Brown Research Director, Cyber Security +44 (0) 20 7553 3966 d.brown@pac-online.com

Recommended

Cybersecurity through the Deloitte lens
Cybersecurity through the Deloitte lensCybersecurity through the Deloitte lens
Cybersecurity through the Deloitte lens
aakash malhotra
 
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Hewlett Packard Enterprise Business Value Exchange
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the InternetSecuring the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
accenture
 
Decoding Organizational DNA
Decoding Organizational DNADecoding Organizational DNA
Decoding Organizational DNA
accenture
 
Securing the Digital Economy: Reinventing the Internet for Trust
Securing the Digital Economy: Reinventing the Internet for TrustSecuring the Digital Economy: Reinventing the Internet for Trust
Securing the Digital Economy: Reinventing the Internet for Trust
Accenture Insurance
 
Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise
Mourad Khalil
 
Marlink IMO 2021 Guide to Cyber Risk Management
Marlink IMO 2021 Guide to Cyber Risk ManagementMarlink IMO 2021 Guide to Cyber Risk Management
Marlink IMO 2021 Guide to Cyber Risk Management
CHRIS CLIFFORD
 
2018 State of Cyber Reslience in Healthcare
2018 State of Cyber Reslience in Healthcare2018 State of Cyber Reslience in Healthcare
2018 State of Cyber Reslience in Healthcare
accenture
 

Recommended

Cybersecurity through the Deloitte lens
Cybersecurity through the Deloitte lensCybersecurity through the Deloitte lens
Cybersecurity through the Deloitte lens
aakash malhotra
 
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Hewlett Packard Enterprise Business Value Exchange
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the InternetSecuring the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
accenture
 
Decoding Organizational DNA
Decoding Organizational DNADecoding Organizational DNA
Decoding Organizational DNA
accenture
 
Securing the Digital Economy: Reinventing the Internet for Trust
Securing the Digital Economy: Reinventing the Internet for TrustSecuring the Digital Economy: Reinventing the Internet for Trust
Securing the Digital Economy: Reinventing the Internet for Trust
Accenture Insurance
 
Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise
Mourad Khalil
 
Marlink IMO 2021 Guide to Cyber Risk Management
Marlink IMO 2021 Guide to Cyber Risk ManagementMarlink IMO 2021 Guide to Cyber Risk Management
Marlink IMO 2021 Guide to Cyber Risk Management
CHRIS CLIFFORD
 
2018 State of Cyber Reslience in Healthcare
2018 State of Cyber Reslience in Healthcare2018 State of Cyber Reslience in Healthcare
2018 State of Cyber Reslience in Healthcare
accenture
 
IREC165473PR RP 2017 Security Outlook
IREC165473PR RP 2017 Security OutlookIREC165473PR RP 2017 Security Outlook
IREC165473PR RP 2017 Security Outlook
Chris Cornillie
 
Capgemini Consulting Information Security Benchmarking 2017
Capgemini Consulting Information Security Benchmarking 2017Capgemini Consulting Information Security Benchmarking 2017
Capgemini Consulting Information Security Benchmarking 2017
Capgemini
 
ACCA Smart Finance Series - Trust in the Digital Age Presented by PwC
ACCA Smart Finance Series - Trust in the Digital Age Presented by PwCACCA Smart Finance Series - Trust in the Digital Age Presented by PwC
ACCA Smart Finance Series - Trust in the Digital Age Presented by PwC
ACCASG Community Manager
 
Unfolding the next growth chapter in the Middle East
Unfolding the next growth chapter in the Middle East Unfolding the next growth chapter in the Middle East
Unfolding the next growth chapter in the Middle East
Accenture Middle East
 
Under cyber attack: EY's Global information security survey 2013
Under cyber attack: EY's Global information security survey 2013Under cyber attack: EY's Global information security survey 2013
Under cyber attack: EY's Global information security survey 2013
EY
 
Digital economy and its effect on cyber risk
Digital economy and its effect on cyber riskDigital economy and its effect on cyber risk
Digital economy and its effect on cyber risk
aakash malhotra
 
OT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security SuccessOT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security Success
accenture
 
Safeguarding the Supply Chain: How to Survive and Succeed during COVID-19
Safeguarding the Supply Chain: How to Survive and Succeed during COVID-19Safeguarding the Supply Chain: How to Survive and Succeed during COVID-19
Safeguarding the Supply Chain: How to Survive and Succeed during COVID-19
SirionLabs
 
Supply Chain and Third-Party Risks During COVID-19
Supply Chain and Third-Party Risks During COVID-19Supply Chain and Third-Party Risks During COVID-19
Supply Chain and Third-Party Risks During COVID-19
Sophia Price
 
Executive Perspective Building an OT Security Program from the Top Down
Executive Perspective Building an OT Security Program from the Top DownExecutive Perspective Building an OT Security Program from the Top Down
Executive Perspective Building an OT Security Program from the Top Down
accenture
 
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
DVV Solutions Third Party Risk Management
 
The State of TPRM in the UK - DVV Solutions Breakfast Briefing March 2019
The State of TPRM in the UK - DVV Solutions Breakfast Briefing March 2019The State of TPRM in the UK - DVV Solutions Breakfast Briefing March 2019
The State of TPRM in the UK - DVV Solutions Breakfast Briefing March 2019
DVV Solutions Third Party Risk Management
 
Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014
Silvia Cardona
 
The top cybersecurity challenges post-lockdow
The top cybersecurity challenges post-lockdowThe top cybersecurity challenges post-lockdow
The top cybersecurity challenges post-lockdow
Dharmendra Rama
 
Isbs Survey 2010 Technical Report
Isbs Survey 2010 Technical ReportIsbs Survey 2010 Technical Report
Isbs Survey 2010 Technical Report
laurenfortune
 
Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)
Ray Bugg
 
6 Steps to Bringing a Security Offering to Market
6 Steps to Bringing a Security Offering to Market6 Steps to Bringing a Security Offering to Market
6 Steps to Bringing a Security Offering to Market
Continuum
 
Mobile, Cloud, Security, Cognitive and Analytics
Mobile, Cloud, Security, Cognitive and AnalyticsMobile, Cloud, Security, Cognitive and Analytics
Mobile, Cloud, Security, Cognitive and Analytics
Kate Morphett
 
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterpriseData security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
The Economist Media Businesses
 
The Unpleasant Truths of Modern Business Cybersecurity
The Unpleasant Truths of Modern Business CybersecurityThe Unpleasant Truths of Modern Business Cybersecurity
The Unpleasant Truths of Modern Business Cybersecurity
Global Knowledge Training
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
International Federation of Accountants
 
Securing Consumer Trust
Securing Consumer TrustSecuring Consumer Trust
Securing Consumer Trust
accenture
 

More Related Content

What's hot

IREC165473PR RP 2017 Security Outlook
IREC165473PR RP 2017 Security OutlookIREC165473PR RP 2017 Security Outlook
IREC165473PR RP 2017 Security Outlook
Chris Cornillie
 
Safeguarding the Supply Chain: How to Survive and Succeed during COVID-19
Safeguarding the Supply Chain: How to Survive and Succeed during COVID-19Safeguarding the Supply Chain: How to Survive and Succeed during COVID-19
Safeguarding the Supply Chain: How to Survive and Succeed during COVID-19
SirionLabs
 
Supply Chain and Third-Party Risks During COVID-19
Supply Chain and Third-Party Risks During COVID-19Supply Chain and Third-Party Risks During COVID-19
Supply Chain and Third-Party Risks During COVID-19
Sophia Price
 
Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014
Silvia Cardona
 
The Unpleasant Truths of Modern Business Cybersecurity
The Unpleasant Truths of Modern Business CybersecurityThe Unpleasant Truths of Modern Business Cybersecurity
The Unpleasant Truths of Modern Business Cybersecurity
Global Knowledge Training
 

What's hot (20)

IREC165473PR RP 2017 Security Outlook
IREC165473PR RP 2017 Security OutlookIREC165473PR RP 2017 Security Outlook
IREC165473PR RP 2017 Security Outlook
 
Capgemini Consulting Information Security Benchmarking 2017
Capgemini Consulting Information Security Benchmarking 2017Capgemini Consulting Information Security Benchmarking 2017
Capgemini Consulting Information Security Benchmarking 2017
 
ACCA Smart Finance Series - Trust in the Digital Age Presented by PwC
ACCA Smart Finance Series - Trust in the Digital Age Presented by PwCACCA Smart Finance Series - Trust in the Digital Age Presented by PwC
ACCA Smart Finance Series - Trust in the Digital Age Presented by PwC
 
Unfolding the next growth chapter in the Middle East
Unfolding the next growth chapter in the Middle East Unfolding the next growth chapter in the Middle East
Unfolding the next growth chapter in the Middle East
 
Under cyber attack: EY's Global information security survey 2013
Under cyber attack: EY's Global information security survey 2013Under cyber attack: EY's Global information security survey 2013
Under cyber attack: EY's Global information security survey 2013
 
Digital economy and its effect on cyber risk
Digital economy and its effect on cyber riskDigital economy and its effect on cyber risk
Digital economy and its effect on cyber risk
 
OT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security SuccessOT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security Success
 
Safeguarding the Supply Chain: How to Survive and Succeed during COVID-19
Safeguarding the Supply Chain: How to Survive and Succeed during COVID-19Safeguarding the Supply Chain: How to Survive and Succeed during COVID-19
Safeguarding the Supply Chain: How to Survive and Succeed during COVID-19
 
Supply Chain and Third-Party Risks During COVID-19
Supply Chain and Third-Party Risks During COVID-19Supply Chain and Third-Party Risks During COVID-19
Supply Chain and Third-Party Risks During COVID-19
 
Executive Perspective Building an OT Security Program from the Top Down
Executive Perspective Building an OT Security Program from the Top DownExecutive Perspective Building an OT Security Program from the Top Down
Executive Perspective Building an OT Security Program from the Top Down
 
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
 
The State of TPRM in the UK - DVV Solutions Breakfast Briefing March 2019
The State of TPRM in the UK - DVV Solutions Breakfast Briefing March 2019The State of TPRM in the UK - DVV Solutions Breakfast Briefing March 2019
The State of TPRM in the UK - DVV Solutions Breakfast Briefing March 2019
 
Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014
 
The top cybersecurity challenges post-lockdow
The top cybersecurity challenges post-lockdowThe top cybersecurity challenges post-lockdow
The top cybersecurity challenges post-lockdow
 
Isbs Survey 2010 Technical Report
Isbs Survey 2010 Technical ReportIsbs Survey 2010 Technical Report
Isbs Survey 2010 Technical Report
 
Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)
 
6 Steps to Bringing a Security Offering to Market
6 Steps to Bringing a Security Offering to Market6 Steps to Bringing a Security Offering to Market
6 Steps to Bringing a Security Offering to Market
 
Mobile, Cloud, Security, Cognitive and Analytics
Mobile, Cloud, Security, Cognitive and AnalyticsMobile, Cloud, Security, Cognitive and Analytics
Mobile, Cloud, Security, Cognitive and Analytics
 
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterpriseData security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
 
The Unpleasant Truths of Modern Business Cybersecurity
The Unpleasant Truths of Modern Business CybersecurityThe Unpleasant Truths of Modern Business Cybersecurity
The Unpleasant Truths of Modern Business Cybersecurity
 

Similar to Is cyber security now too hard for enterprises?

The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services Offered
Rachel Anne Carter
 

Similar to Is cyber security now too hard for enterprises? (20)

Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
Securing Consumer Trust
Securing Consumer TrustSecuring Consumer Trust
Securing Consumer Trust
 
Accenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber ResilienceAccenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber Resilience
 
Accenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber ResilienceAccenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber Resilience
 
Digital Readiness and the Pandemic: Assessing the Impact
Digital Readiness and the Pandemic: Assessing the ImpactDigital Readiness and the Pandemic: Assessing the Impact
Digital Readiness and the Pandemic: Assessing the Impact
 
World's Most Innovative Tech Companies 2023.pdf
World's Most Innovative Tech Companies 2023.pdfWorld's Most Innovative Tech Companies 2023.pdf
World's Most Innovative Tech Companies 2023.pdf
 
Digital disruption – dive in to thrive
Digital disruption – dive in to thriveDigital disruption – dive in to thrive
Digital disruption – dive in to thrive
 
Top 5 Cybersecurity Trends in 2021 and Beyond
Top 5 Cybersecurity Trends in 2021 and BeyondTop 5 Cybersecurity Trends in 2021 and Beyond
Top 5 Cybersecurity Trends in 2021 and Beyond
 
The cyber security leap: From laggard to leader
The cyber security leap: From laggard to leaderThe cyber security leap: From laggard to leader
The cyber security leap: From laggard to leader
 
The Cyber Security Leap
The Cyber Security LeapThe Cyber Security Leap
The Cyber Security Leap
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services Offered
 
The Cyber Security Leap: From Laggard to Leader
The Cyber Security Leap: From Laggard to LeaderThe Cyber Security Leap: From Laggard to Leader
The Cyber Security Leap: From Laggard to Leader
 
Healthcare Providers: 2018 State of Cyber Resilience
Healthcare Providers: 2018 State of Cyber ResilienceHealthcare Providers: 2018 State of Cyber Resilience
Healthcare Providers: 2018 State of Cyber Resilience
 
2018 State of Cyber Resilience
2018 State of Cyber Resilience2018 State of Cyber Resilience
2018 State of Cyber Resilience
 
Digital Strategy In A Time Of Crisis
Digital Strategy In A Time Of CrisisDigital Strategy In A Time Of Crisis
Digital Strategy In A Time Of Crisis
 
Evolution of IT outsourcing.pdf
Evolution of IT outsourcing.pdfEvolution of IT outsourcing.pdf
Evolution of IT outsourcing.pdf
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
 
Healthcare Payers: 2018 State of Cyber Resilience
Healthcare Payers: 2018 State of Cyber ResilienceHealthcare Payers: 2018 State of Cyber Resilience
Healthcare Payers: 2018 State of Cyber Resilience
 
Navigating COVID's Impact on the Financial Services Industry
Navigating COVID's Impact on the Financial Services IndustryNavigating COVID's Impact on the Financial Services Industry
Navigating COVID's Impact on the Financial Services Industry
 

More from Pierre Audoin Consultants

Connected car solutions: one of the major business drivers for the automotive...
Connected car solutions: one of the major business drivers for the automotive...Connected car solutions: one of the major business drivers for the automotive...
Connected car solutions: one of the major business drivers for the automotive...
Pierre Audoin Consultants
 
Connected Car in Europe – Strategies and Technologies for Connected Driving
Connected Car in Europe – Strategies and Technologies for Connected DrivingConnected Car in Europe – Strategies and Technologies for Connected Driving
Connected Car in Europe – Strategies and Technologies for Connected Driving
Pierre Audoin Consultants
 
Firms flock to Managed Security Services as cyber security pains increase
Firms flock to Managed Security Services as cyber security pains increaseFirms flock to Managed Security Services as cyber security pains increase
Firms flock to Managed Security Services as cyber security pains increase
Pierre Audoin Consultants
 
Digital Transformation in Deutschland - Marketing und IT-Strategien im Wandel
Digital Transformation in Deutschland - Marketing und IT-Strategien im WandelDigital Transformation in Deutschland - Marketing und IT-Strategien im Wandel
Digital Transformation in Deutschland - Marketing und IT-Strategien im Wandel
Pierre Audoin Consultants
 
IT-Trends in der Automobilindustrie – Spezifische IT-Anforderungen und Invest...
IT-Trends in der Automobilindustrie – Spezifische IT-Anforderungen und Invest...IT-Trends in der Automobilindustrie – Spezifische IT-Anforderungen und Invest...
IT-Trends in der Automobilindustrie – Spezifische IT-Anforderungen und Invest...
Pierre Audoin Consultants
 
La ‘Social Collaboration’ en 2013 en Allemagne, en France et au Royaume-Uni
La ‘Social Collaboration’ en 2013 en Allemagne, en France et au Royaume-UniLa ‘Social Collaboration’ en 2013 en Allemagne, en France et au Royaume-Uni
La ‘Social Collaboration’ en 2013 en Allemagne, en France et au Royaume-Uni
Pierre Audoin Consultants
 
Social Collaboration in Deutschland, Frankreich und Großbritannien 2013
Social Collaboration in Deutschland, Frankreich und Großbritannien 2013Social Collaboration in Deutschland, Frankreich und Großbritannien 2013
Social Collaboration in Deutschland, Frankreich und Großbritannien 2013
Pierre Audoin Consultants
 

More from Pierre Audoin Consultants (10)

Connected car solutions: one of the major business drivers for the automotive...
Connected car solutions: one of the major business drivers for the automotive...Connected car solutions: one of the major business drivers for the automotive...
Connected car solutions: one of the major business drivers for the automotive...
 
Connected Car in Europe – Strategies and Technologies for Connected Driving
Connected Car in Europe – Strategies and Technologies for Connected DrivingConnected Car in Europe – Strategies and Technologies for Connected Driving
Connected Car in Europe – Strategies and Technologies for Connected Driving
 
Firms flock to Managed Security Services as cyber security pains increase
Firms flock to Managed Security Services as cyber security pains increaseFirms flock to Managed Security Services as cyber security pains increase
Firms flock to Managed Security Services as cyber security pains increase
 
Digital Transformation in Deutschland - Marketing und IT-Strategien im Wandel
Digital Transformation in Deutschland - Marketing und IT-Strategien im WandelDigital Transformation in Deutschland - Marketing und IT-Strategien im Wandel
Digital Transformation in Deutschland - Marketing und IT-Strategien im Wandel
 
Workplaces in der Cloud - Status quo und Investitionspläne in Deutschland
Workplaces in der Cloud - Status quo und Investitionspläne in DeutschlandWorkplaces in der Cloud - Status quo und Investitionspläne in Deutschland
Workplaces in der Cloud - Status quo und Investitionspläne in Deutschland
 
SAP goes Cloud - Plans, strategies and investment plans of German companies
SAP goes Cloud - Plans, strategies and investment plans of German companiesSAP goes Cloud - Plans, strategies and investment plans of German companies
SAP goes Cloud - Plans, strategies and investment plans of German companies
 
IT-Trends in der Automobilindustrie – Spezifische IT-Anforderungen und Invest...
IT-Trends in der Automobilindustrie – Spezifische IT-Anforderungen und Invest...IT-Trends in der Automobilindustrie – Spezifische IT-Anforderungen und Invest...
IT-Trends in der Automobilindustrie – Spezifische IT-Anforderungen und Invest...
 
La ‘Social Collaboration’ en 2013 en Allemagne, en France et au Royaume-Uni
La ‘Social Collaboration’ en 2013 en Allemagne, en France et au Royaume-UniLa ‘Social Collaboration’ en 2013 en Allemagne, en France et au Royaume-Uni
La ‘Social Collaboration’ en 2013 en Allemagne, en France et au Royaume-Uni
 
Social Collaboration in Germany, France, and the UK 2013
Social Collaboration in Germany, France, and the UK 2013Social Collaboration in Germany, France, and the UK 2013
Social Collaboration in Germany, France, and the UK 2013
 
Social Collaboration in Deutschland, Frankreich und Großbritannien 2013
Social Collaboration in Deutschland, Frankreich und Großbritannien 2013Social Collaboration in Deutschland, Frankreich und Großbritannien 2013
Social Collaboration in Deutschland, Frankreich und Großbritannien 2013
 

Recently uploaded

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 

Recently uploaded (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 

Is cyber security now too hard for enterprises?

  • 1. © PAC Is cyber security now too hard for enterprises? Cyber security trends in the UK 2015 Executive Summary
  • 2. © PAC Sponsors 2015Cyber security trends in the UK2 The creation and distribution of this study was supported by CGI, cybX and Fujitsu/Symantec. Premium sponsors: Gold sponsor:
  • 3. © PAC Core statements I.  Cyber security is now too hard for enterprises ●  The threat is increasing ●  Board level concern is increasing ●  Yet budget are static II.  Enterprises would prefer to: ●  Hire more staff and retrain existing internal staff ●  Use external resources on a project basis only ●  And yet, 70% of enterprises outsource at least some of their security III.  Enterprises are more willing to consider outsourced security ●  There’s an inherent reluctance to outsource ●  But it fixes some immediate issues, such as skills and compliance IV.  BDMs are: ●  Less likely to support Cloud-based security ●  More concerned at the prospect of outsourcing Governance and Security Management 2015Cyber security trends in the UK3
  • 4. © PAC Introduction Enterprises today are faced with three key challenges: ●  Implementing new SMAC technologies to support the business, as part of their digital transformation programs, but while keeping it secure; ●  Responding to the increasing and changing threat landscape of targeted attacks; ●  Achieving and retaining compliance with an increasing number of rules and regulations. Our hypothesis for this study was that enterprises are struggling to cope with the increase in workload, and are increasingly offloading (some of) their security provision to outsourcing providers as Managed Security Services (MSS). We surveyed 230 decision makers in large companies in the UK, to understand their motivations and drivers with regard to cyber security provision. 2015 This study deals with the following questions: ●  What do companies understand about the growing cyber threat landscape? ●  How are companies meeting their resource challenges in cyber security? ●  How are they using external providers to meet resource challenges? ●  What are the drivers and inhibitors for using external cyber security providers? ●  What alternative approaches to external cyber security provision being considered? ●  Which services do companies expect from a cyber security provider? ●  What are the capabilities and attributes of a credible cyber security provider? 53% CxO IT Decision Makers 21% Business Decision Makers 47% Critical National Infrastructure 16% Manufacturing15% Financial Services16% Sample Cyber security trends in the UK4
  • 5. © PAC Executive summary I The overall picture of cyber security provision in large organisations is that the threat landscape is getting worse, board attention and focus is increasing, but there is a funding shortfall in many organisations. An overwhelming majority of enterprises see the cyber threat getting worse. This is not a surprise, but it does enable us to quantify the scale and extent of enterprises’ perception regarding the cyber landscape. As our figure shows, 70% of respondents believe that the situation is getting worse. We believe that this is caused in part by respondents’ own experience within their firms and partly by the greater exposure to cyber security breaches in the national and trade press. Firms’ preferred approach to this is to increase the amount of security automation, followed by training of internal staff. There is a clear reluctance (or inability) to hire external staff and a tangible antipathy towards outsourcing. However, organisational reluctance to outsourcing does not necessarily translate into practice, with more organisations admitting to using external resources than would prefer to do so. 2015Cyber security trends in the UK5 Cyber security is increasing in importance as the threat landscape worsens. But budgets are not rising in line. 70% The cyber threat landscape is getting worse, in terms of the number and type of threats and threat sources 53% There has been no increase in cyber security budget
  • 6. © PAC Executive summary II 2015Cyber security trends in the UK6 Firms are suspicious of outsourcing as they dislike loss of visibility & control. But they do use 3rd parties selectively. Our research shows that organisations have an innate reluctance to outsource, and this even extends to admitting that outsourcing goes on. But by drilling down into actual practice we discover that there is a high degree of use of external provision, including outsourcing. The prevalent method of using external provision is by buying in expertise on a project-by-project basis. The overall motivation for using external provision, including outsourcing, is a combination of a lack of funds and expertise, echoing our earlier findings which identified a funding gap. The double whammy of insufficient funds and a scarcity of skills appears to be driving organisations towards external resources, including outsourcing, even though there is a clear reluctance to do this. This represents an entirely pragmatic approach, according to PAC. Organisations dislike losing visibility and control of processes, especially those that have a high risk profile such as cyber security. But the pressures on budgets and expertise are such that companies have little option but to use external providers. 26% 74% Outsourcing part or all of security provision Other approaches Preferred approach to increased security workload Possible parts of security you could outsource in the future 74% 26% A broad range of outsourcing targets Would not consider outsourcing
  • 7. © PAC Executive summary III 2015Cyber security trends in the UK7 The importance of cyber security to enterprises drives a detailed examination of suppliers’ credentials & experience Cyber security is critical to organisations. And although they currently use external providers, they are clear that when they do such providers must come with robust credentials. Of those organisations that currently outsource or use external support for security provision, a majority target risk management (combined 75%) and audit & penetration tests (76%). 68% of firms that use some external provision do so in the management of security solutions, a oft-reported headache for CISOs. Enterprises are clear when asked to report the key attributes of a potential cyber security services provider. They value evidence, in the form of a strong track record and security expertise and skills. Industry knowledge is also important, as is a trusted and well-known brand. Cyber security is too important to businesses for them to adopt additional risks with their suppliers. It is important then for suppliers to communicate their track records, and strong industry knowledge is also extremely useful. 73% Strong track record in cyber security 71%Security expertise and skills
  • 8. © PAC Premium Sponsors – Profiles
  • 9. © PAC Company profile: cybX About cybX cybX is a cutting edge cyber training and exercising capability that builds your organisation’s confidence in exploiting the growth opportunities of digital innovation in the global economy and to develop resilience against the ever-evolving threat of cyber attacks. cybX is delivered by Serco Ltd from the Cabinet Office’s Emergency Planning College (EPC). Using simulated corporate networks, cybX can apply a range of real world cyber attacks to an organisation’s current or future operating model. This enables organisations to manage the sophisticated challenge of cyber-attacks by placing people at the heart of the solution and taking a business driven, cross-functional approach to cyber resilience, cybX aims to integrate your cyber security team with your crisis management, communications, business continuity and risk management functions. By taking a ‘board room’ to ‘server room’ approach, we help organisations to: • Integrate cyber-resilience into wider enterprise risk management and governance. • Have objective assessment of business risks resulting from different cyber attacks • Develop and deliver a road map for a business driven cyber resilience capability The cybX training and exercising ethos is to establish long-term relationships, and work in partnership with our clients and supporting partners. We believe cybX offers the potential for a ‘step change’ in training, testing and developing cyber resilience and ensuring it’s coherent with wider resilience best practice. To find out more please visit www.cybX.org' 2015Cyber security trends in the UK9
  • 10. © PAC Company profile Fujitsu Technology Solutions GmbH About Fujitsu Fujitsu is a Japanese IT company offering a complete range of products, services and solutions. From looking after applications and protecting data, to managing supercomputers around the world, Fujitsu helps businesses everywhere to become more innovative and efficient. Fujitsu employs 162,000 people worldwide with 14,000 people based in the UK and Ireland. For the fiscal year ending March 31, 2014, Fujitsu reported revenues of US$46 billion globally, with the UK & Ireland’s annual revenue reaching £1.8 billion. Fujitsu is committed to being a responsible business and recently achieved a 4 star rating in Business in the Community’s 2014 Corporate Responsibility Index, as well as being ranked number 17 in the in Newsweek’s Global Top 500 Green companies. Over the last five decades Fujitsu has played a vital role in building and maintaining many of the services that keep the UK and Ireland working. Today, Fujitsu ICT solutions are behind many of the daily services that touch the lives of millions of people every single day. Every day, Fujitsu technology is touching lives: •  Enabling the processing of 2.8 million UK passports every year •  Helping hospitality companies serve over 570 million drinks and over 130 million meals every year •  Helping to supply energy to 12 million homes and 1 million businesses •  Providing the infrastructure for over 40% of the UK’s broadband network •  Helping financial services providers to serve over 40 million customers and operate over 20,000 local branches •  Connecting 300,000 defence users in over 2,000 locations worldwide •  Helping businesses everywhere to become safer (more secure), more innovative and more efficient. Fujitsu see’s information technology as part of the bigger picture and as one of the world’s largest ICT providers, it works towards bringing a prosperous future that fulfils the dreams of people throughout the world. 2015Cyber security trends in the UK10
  • 11. © PAC Company profile: Symantec About Fujitsu Symantec Corporation (NASDAQ: SYMC) is an information protection expert that helps people, businesses and governments seeking the freedom to unlock the opportunities technology brings -- anytime, anywhere. Founded in April 1982, Symantec, a Fortune 500 company, operating one of the largest global data-intelligence networks, has provided leading security, backup and availability solutions for where vital information is stored, accessed and shared. The company's more than 20,000 employees reside in more than 50 countries. Ninety-nine percent of Fortune 500 companies are Symantec customers. In fiscal 2014, it recorded revenues of $6.7 billion. To learn more go to www.symantec.com or connect with Symantec at: go.symantec.com/socialmedia. 2015Cyber security trends in the UK11
  • 12. © PAC Gold Sponsor – Profile
  • 13. © PAC Company profile: CGI About CGI Founded in 1976, CGI Group Inc. is the fifth largest independent information technology and business process services firm in the world. Approximately 68,000 professionals serve thousands of global clients from offices and delivery centres across the Americas, Europe and Asia Pacific, leveraging a comprehensive portfolio of services including high-end business and IT consulting, systems integration, application development and maintenance, infrastructure management as well as a wide range of proprietary solutions. Cyber security is part of everything we do and for over 35 years, our government and commercial clients have regarded us as their cyber security expert of choice. Cyber-attacks are becoming more sophisticated and can cause financial loss, reputational damage, theft of business critical information or regulatory fines. We have helped our clients build cyber security into their corporate strategy so they can conduct business in a digital age with confidence, openly and globally, driving competitive advantage, efficiency and growth. We have invested heavily in establishing our credentials by working closely with international security associations and standards bodies and we have built a CGI UK Cyber Centre. Many of our experts are recognised as leaders in the industry, contributing to the development of standards such as ISO/IEC 27002. They are part of CGI’s 1,400 strong global cyber security team and they bring this shared expertise, research, knowledge and solutions to our client projects. We have received many accolades for our work and have supported our clients to achieve a 100% success rate when undertaking ISO 27001 accreditation. We provide the deep sector and cyber expertise needed to keep ahead of the attackers and protect an organisation. 2015Cyber security trends in the UK13
  • 14. © PAC Company profile: CGI About CGI (continued) Our cyber security technical experts have helped our clients design, develop and deliver some of the world’s most complex, secure technology projects and services. We have also been trusted by hundreds of government and commercial clients to help them operate securely. CGI has ten Security Operating Centres (including one in the UK) providing Protective Monitoring and Advanced Threat Investigation services - handling more than 74 million cyber events every day. For 27 years we have operated a commercial evaluation facility and regularly test the products and services of over 25 global technology suppliers. We offer the full range of cyber security services needed by clients to: •  assess their cyber security risk including risk and vulnerability assessments, governance, awareness, supply chain review and compliance •  protect their business including new technologies such as mobile and cloud, secure systems engineering, identity and access management, testing, certification •  operate with confidence including protective monitoring, advanced threat investigation, penetration testing and incident response Our deep and broad experience helps our clients be agile, adopt new technologies and ways of working, develop a global supply chain and open new channels to their customers – whilst remaining confident that they are secure. We believe that if you want your organisation to be considered as a top employer, one that customers love, that suppliers want to be working with and which takes advantage of the latest technologies - cyber security should be part of that vision. Find our more at cgi-group.co.uk/cybersecurity or contact us on cybersecurity@cgi.com 2015Cyber security trends in the UK14
  • 15. © PAC Disclaimer, usage rights, independence and data protection This study was compiled in multi-client mode under the sponsorship of CGI, cybX and Fujitsu/Symantec. For further information, please visit www.pac-online.com. Disclaimer The contents of this study were compiled with the greatest possible care. However, no liability for their accuracy can be assumed. Analyses and evaluations reflect the state of our knowledge in January 2015 and may change at any time. This applies in particular, but not exclusively, to statements made about the future. Names and designations that appear in this study may be registered trademarks. Usage rights This study is protected by copyright. Any reproduction or dissemination to third parties, including in part, requires the prior explicit authorization of the sponsors. The publication or dissemination of tables, graphics etc. in other publications also requires prior authorization. Independence and data protection This study was produced solely by Pierre Audoin Consultants (PAC). The sponsors had no influence over the analysis of the data and the production of the study. The participants in the study were assured that the information they provided would be treated confidentially. No statement enables conclusions to be drawn about individual companies, and no individual survey data was passed to the sponsors or other third parties. All participants in the study were selected at random. There is no connection between the production of the study and any commercial relationship between the respondents and the sponsors of this study. 2015Cyber security trends in the UK15
  • 16. © PAC From strategy to execution, PAC delivers focused and objective responses to the growth challenges of Information and Communication Technology (ICT) players. PAC helps ICT vendors to optimize their strategies by providing quantitative and qualitative market analysis as well as operational and strategic consulting. We advise CIOs and financial investors in evaluating ICT vendors and solutions and support their investment decisions. Public institutions and organizations also rely on our key analyses to develop and shape their ICT policies. Founded in 1976 and headquartered in Paris, France, PAC is part of the CXP Group, the leading European research & advisory firm in the field of software and IT services. For more information, please visit: www.pac-online.com PAC’s latest news: www.pac-online.com/blog About us" 2015 Duncan Brown Research Director, Cyber Security +44 (0) 20 7553 3966 d.brown@pac-online.com