SlideShare a Scribd company logo
© The Economist Intelligence Unit Limited 20161
A report from The Economist Intelligence Unit
Data security: How a proactive C-suite
can reduce cyber-risk for the enterprise
The number one technology issue in the C-suite today is cyber-security.1
And there’s no wonder—attacks are becoming more numerous and more
sophisticated than ever. The cost of cyber-crime to the global economy has topped
more than $445 billion2
– equivalent to 1% of global GDP. Sometimes cyber-crime can
seem unstoppable – while firms spent more than $75 billion on cyber-defences in 20153
,
cyber-crime grew by 38% that year.4
That’s why C-suite executives everywhere are asking: What can we do to make a
difference in defending against hackers, cyber-criminals and digital spies?
Research conducted by The Economist Intelligence Unit (EIU), sponsored by Oracle,
provides answers. The results show that a proactive security strategy backed by a fully
engaged C-suite and board of directors reduced the growth of cyber-attacks and
breaches by 53% over comparable firms. These findings were compiled from responses
by 300 firms, across multiple industries, against a range of attack modes and over a
two-year period from February 2014 to January 2016.
The lessons are clear. As cyber-attackers elevate their game, the response must be an
enterprise solution. Only C-suites and boards of directors marshal the authority and
resources to support a truly enterprise-wide approach. In sum, proactive cyber-security
strategies, supported by senior management, can cut vulnerability to cyber-attack in half.
Sponsored by
© The Economist Intelligence Unit Limited 20162
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
The payoff for being proactive
The EIU survey respondents were all members of the C-suites or boards of directors of
their respective companies. They represented medium to large businesses in over 20
verticals, with equal representation from Europe and the Middle East, the Americas
and the Asia-Pacific region. (See the appendix for more demographic details.)
The collective responses show the factors that differentiate enterprises with a high
degree of success in cyber-security from those that continue to struggle. First, successful
firms rely on proactive security strategies. Executives at companies with a high degree
of confidence in their defences describe themselves as having a proactive data
security strategy that goes beyond traditional approaches that rely primarily on
reactive perimeter defences managed by IT departments. Instead, proactive
strategies actively monitor external threats and mobilise the entire workforce to stave
off attacks. In short, these approaches combine both the latest security technology
and new business processes.
“Proactive security determines the impact of a breach, what data was actually disclosed,
and the cost associated with it. It’s more thoughtful and less emotional than traditional
approaches,” says Ron Woerner, director of cybersecurity studies at Bellevue University.
Second, successful security hinges on proactive C-suites and boards of directors. Why is
the involvement of the C-suite and board so important?
How confident are you that your company
has an acceptable level of data security?
(% respondents)
What is the most important thing the
C-suite/board can do to support data security?
(% respondents)
 Very confident
 Somewhat
confident
 Not very
confident
 Not at all
confident
 Don’t know
Source: Economist Intelligence Unit survey, 2016
30
3
1
22
43
How do you rate yourself against your
peers in data security?
(% respondents)
 Pioneer
 Leader
 Middle of pack
 Follower
 Laggard
30
6 7
31
29
Supporting a
proactive security
strategy
Building a security
culture
Security programme
oversight
Recruit security
personnel
Ensure financial
support
Balance security
with productivity
Collaborate with
external entities
Support security
across silos
Security crisis
management
32
17
11
9
9
8
6
4
4
© The Economist Intelligence Unit Limited 20163
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
Part of the answer stems from the new kinds of threats
organisations are facing today. Criminals attack all parts of the
enterprise and frequently include penetrations launched
through third-party suppliers and customers. These broader,
more complex threat parameters require action from executives
with oversight into the entire enterprise.
That demands a C-suite-level response. These leaders have the
authority to mobilise all parts of the organisation, including
appropriate responses from suppliers and partners. Just as
importantly, senior executives provide budgetary and other
resources to help ensure the success of proactive strategies.
“Boards become actively involved in security when they realise
that security drives revenues and customer loyalty,” says Jeffrey
Ritter, external lecturer at the University of Oxford and author of the
book Achieving Digital Trust. “If partners or customers are not
confident about how secure your business is, they will decide to
not do business with you.”
For reasons like these, senior-level involvement is a clear indicator of cyber-security
success, as the research data shows.
The payoff isn’t confined to just responding more effectively to an attack—the
influence of proactive C-suites also contributes to a significant reduction in the growth
of cyber-attacks themselves.
Comparative engagement of the
C-suite/board in security activities
(% respondents)
Source: Economist Intelligence Unit survey, 2016
C-suite/board feels it gets
sufficient information
Standing board committee
on data security
Regular “state of
security” reports
Standing board
agenda item
Security factored into
board strategic decisions
C-suite/board has
necessary expertise in
data security
Firms with higher growth in cyber-attacks (+21.1%)
Firms with lower growth in cyber-attacks (+9.8%)
22
46
21
33
17
31
17
24
14
27
13
45
In an environment of rapid growth in cyber-risk, companies with proactive C-suites/boards have experienced much
lower growth rates—across virtually all major attack modes.
Growth of attacks over past 2 years
(% respondents)
Growth of attacks over the
past 24 months—average
across all forms of attack
(% respondents)Hacking
Source: Economist Intelligence Unit survey, 2016
Lower growth
in cyber-attacks
Government espionage
Corporate espionage
Malware
Theft of financial assets
Public disclosure of sensitive documents
Ransomware
Theft of customer data
Less successful
firms
More successful
firms
42
17
23
6
18
18
21
10
-53%
18
9
10
6
39
24
30
2
6
4
Less successful: Firms with higher growth in cyber-attacks (+21.1%)
More successful: Firms with lower growth in cyber-attacks (+9.8%)
© The Economist Intelligence Unit Limited 20164
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
Overall, companies with proactive strategies and highly engaged senior executives
are cutting the rate of growth of cyber-attacks in half, which significantly reduces
exposure to cyber-attack risks, according to the EIU research.
Six steps to a more effective cyber-security strategy
The benefits of proactive, C-suite-driven security are clear, but what are the essential
elements to focus on when creating a plan? The following six steps correlate with high
rates of deterrence of cyber-attacks and, tellingly, all are within the responsibilities of
the C-suite and board of directors.
1. Align the organisation to support security
Key drivers of cyber-deterrence include reducing organisational barriers to security
implementation and ensuring common standards across the enterprise. The process
starts with breaking down silos. This addresses leading causes of security breakdowns,
including fragmented security solutions. Silos also create gaps in coverage and force
organisations to set protection at the level of the lowest participant.
The next step in organisational alignment is implementing common standards across
the organisation. This enables an integrated defence, makes security easier to manage
and measure, and encourages organisations to adopt the highest shared standards for
all departments.
2. Ensure employee buy-in and
compliance with corporate security
practices
Companies that have been more
successful in deterring attacks have a
stronger track record in these two
important areas.
Employee compliance is essential for
cyber-security success since this group
continues to be the largest single cause of
breaches, according to multiple industry
studies. But tough compliance mandates
alone aren’t enough. Organisations must
understand any road blocks that are
keeping employees from strictly following
How successful has your firm been in
ensuring support for security across silos?
(% respondents)
How successful has your firm been in extending
common standards across the organisation?
(% respondents)
Source: Economist Intelligence Unit survey, 2016
36
72
56
67
Less successful firms
More successful firms
Less successful firms
More successful firms
Percentage of respondents who agree and
strongly agree with the following
statements
Source: Economist Intelligence Unit survey, 2016
We need to spend more
time and money on
employee security
Our employees support our
security programmes
We have the right balance
between security and
productivity
Our employees comply
with our security policies
Our employees receive
sufficient security training
55
66
54
73
44
50
42
62
28
51
Less successful: Firms with higher growth in cyber-attacks (+21.1%)
More successful: Firms with lower growth in cyber-attacks (+9.8%)
© The Economist Intelligence Unit Limited 20165
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
policies. In particular, focus on whether employees are impatient with security procedures
because they’re seen as hampering productivity. Also, many organisations will benefit
from additional employee training to ensure people understand the importance of
security policies and have the knowledge to follow them completely.
3. Create a strong centralised management structure for security
Companies that have been more successful in deterring cyber-attacks place a
stronger reliance on centralised control over security programmes.
The reasons for centralised security are clear. Organisations can implement integrated
systems that reduce the chance of security gaps that provide entry points for hackers.
In addition, centralisation makes it easier to adopt common standards and enterprise-
wide detection and monitoring of intrusions. Other benefits include simplified training
and policy management, as well as cost efficiencies that come with not procuring and
maintaining multiple security systems.
4. Meet skills shortages by retraining in-house personnel
Attracting and retaining skilled security talent is a challenge for any organisation. But
successful firms are taking steps to address this long-time problem.
Notably, successful firms are meeting the challenge of recruiting data security experts
by elevating the security skills of existing employees. These staff members have strong
incentives to hone their security skills. Not only will it make them more effective for their
current employers, but it’s a smart career move. One study found that by 2019, a skills
gap will leave 1.5 million cyber-security jobs unfilled5
. “Over time, effective security has
become less about just technology and more about integrating security into the
processes of the firm,” says Mr Woerner.
Which of the following best describes your
organisational approach to data security?
(% respondents)
Do you use centralised policies to identify
and protect sensitive information?
(% respondents who answered yes)
Source: Economist Intelligence Unit survey, 2016
Less successful
firms
More successful
firms
Control within the line
of business
Hybrid control
Centralised control
Less successful firms
More successful firms
65
75
38
22
39
17
33
48
Percentage of respondents who answered yes to the following statements
Source: Economist Intelligence Unit survey, 2016
We have difficulty recruiting qualified security personnel
We have difficulty retaining qualified security personnel
We can train and repurpose our existing personnel in security
50
58
60
47
23
54
Less successful: Firms with higher growth in cyber-attacks (+21.1%)
More successful: Firms with lower growth in cyber-attacks (+9.8%)
© The Economist Intelligence Unit Limited 20166
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
5. Tap the expertise of third-party security firms
Given the size and complexity of the cyber-security challenge, internal resources alone
may not be enough to fully defend against cyber-criminals. Successful firms
supplement their internal security resources with third-party vendors. These providers
offer an independent view for monitoring the effectiveness of a client’s defences. Just
as importantly, because third-parties engage with a range of customers, they bring a
broad perspective on trending threats, as well as the latest best practices for keeping
organisations protected.
“If I’m an independent threat-intelligence service with 5,000 clients, I have an
opportunity to see new patterns of behavior before they become widely known by
others,” says Mr Ritter. “I know of one service that updates its black list every 30
seconds, and to do that, they’re looking at over 275,000 nodes, including 50,000 honey
pots, or decoy systems, that they manage to monitor the activities of hackers.”
6. Invest sufficient resources—in particular, security funding—to meet today’s complex
data-security requirements
Despite cyber-attacks increasing by nearly 40% in 2015, budget increases remain
modest. On average, enterprises are increasing spending by less than 10%.
It’s no wonder that IT staff at many firms feel outgunned and outspent by cyber-
criminals.
The EIU study found a significant correlation between low levels of funding and a lack
of success which, as shown in earlier charts, also correlates with higher growth rates of
attacks.
How successful have you been in engaging
security vendors?
(% respondents who answered successful
plus very successful)
How important are third-party vendors in
providing the following security services?
(% respondents who answered important and
very important)
Source: Economist Intelligence Unit survey, 2016
Conducting independent
security audits
Conducting independent
probes and tests
Providing early
warning/alerts
Less successful firms
More successful firms
37
71
39
69
20
53
19
48
Would you describe your data security
budget as sufficient?
(% respondents answering agree plus strongly agree)
Projected growth of data security budget
(increase over the next fiscal year)
(% respondents)
Source: Economist Intelligence Unit survey, 2016
Less successful
firms
More successful
firms
Increase > 25%
Increase of 11-25%
Increase of 1-10%
1
15
51
1
27
55
25
67
Less successful firms
More successful firms
Less successful: Firms with higher growth in cyber-attacks (+21.1%)
More successful: Firms with lower growth in cyber-attacks (+9.8%)
© The Economist Intelligence Unit Limited 20167
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
A ray of hope
As cyber-crime evolves, the role of the C-suite and board of directors is becoming vital
for successful security efforts. Traditional static defences—characterised by “defending
the firewall”—are becoming less effective as the volume and sophistication of attacks
increase. The new era of cyber-crime prevention calls for a more elastic, proactive and
cross-enterprise set of defences.
This in turn calls for mobilising employees,
partners and external firms. Make no
mistake—the answer isn’t just another IT
initiative. An effective, proactive strategy
must mobilise almost the entire firm. Only
the C-suite/board has the authority to
support this level of engagement for the
long term. But as the EIU data shows, this
modern approach pays off in a significant decrease in the number of cyber-attacks on
the enterprise.
There’s one other benefit—greater peace of mind.
Firms that are pursuing proactive security strategies with strong C-suite backing are
more confident about the future—it’s a welcome contrast to the litany of discouraging
news that often surrounds cyber-security.
How confident are you in your firm’s ability
to meet future challenges in data security?
(% respondents answering confident or very confident)
Source: Economist Intelligence Unit survey, 2016
Less successful firms
More successful firms
41
67
Less successful: Firms with higher growth in cyber-attacks (+21.1%)
More successful: Firms with lower growth in cyber-attacks (+9.8%)
© The Economist Intelligence Unit Limited 20168
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
Appendix: summary of survey demographics
In February-March 2016, the EIU surveyed 300 executives identified as responsible for or
are knowledgeable of cyber-security in their companies. The following is a summary of
survey sample demographics.
Seniority and function
Company leadership, strong IT
representation
(% respondents)
Geography
Globally representative by region
(% respondents)
Size of company
Medium-large business—supports complex IT
(% respondents, US$bn)
 $100-500
 $500-1 bn
 $1-3 bn
 $3-15 bn
61
3
14
23
 Americas
 Europe & ME
 Asia-Pacific
 RoW
30
30
30
10CIO
CISO
Chief Strategy Officer
Chief Risk Officer
COO
Chief Data Officer
CEO
CFO
Industry
20 verticals, none more than 10%—
effectively represents all industries
(% respondents)
Consumer goods
Entertainment
Manufacturing
Chemicals
Financial services
Healthcare
Construction
Automotive
IT
Telecommunications
Transportation
Logistics
Agriculture
Energy
Education
Government
Aerospace
Non-IT (33%)
IT (67%)
45
17
12
9
7
5
2
2
10
10
9
8
8
8
7
6
6
6
6
5
4
3
2
2
1
1	 http://www.industryweek.com/strategic-planning-execution/10-questions-leading-boardroom-agendas-2016
2	 http:co//www.telegraph..uk/technology/internet-security/10886640/Cyber-crime-costs-global-economy-445-bn-annually.html
3	 http://www.gartner.com/newsroom/id/3135617
4	http://www.pwc.com/gx/en/issues/cyber-security/information-security-survey.html
5	 http://searchcio.techtarget.com/news/4500273059/Obamas-19B-cybersecurity-plan-takes-aim-at-cybercrime-
underscores-skills-gap

More Related Content

What's hot

Trends in Information Security
Trends in Information SecurityTrends in Information Security
Trends in Information Security
CompTIA
 
The state of incident response
The state of incident responseThe state of incident response
The state of incident response
Abhishek Sood
 
MCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability StatementMCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability Statement
William McBorrough
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworks
Andréanne Clarke
 
Evolving State of the Endpoint Webinar
Evolving State of the Endpoint WebinarEvolving State of the Endpoint Webinar
Evolving State of the Endpoint Webinar
Lumension
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks
- Mark - Fullbright
 
2018 U.S State of Cybercrime
2018 U.S State of Cybercrime2018 U.S State of Cybercrime
2018 U.S State of Cybercrime
IDG
 
Securing the Digital Future
Securing the Digital FutureSecuring the Digital Future
Securing the Digital Future
Cognizant
 
Cybersecurity report-vol-8
Cybersecurity report-vol-8Cybersecurity report-vol-8
Cybersecurity report-vol-8
Mohamed Abdelhakim
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance
Accenture Insurance
 
2015 IA survey - Protiviti
2015 IA survey - Protiviti2015 IA survey - Protiviti
2015 IA survey - Protiviti
Simone Luca Giargia
 
The State of IT Security for 2019
The State of IT Security for 2019The State of IT Security for 2019
The State of IT Security for 2019
Precisely
 
IREC165473PR RP 2017 Security Outlook
IREC165473PR RP 2017 Security OutlookIREC165473PR RP 2017 Security Outlook
IREC165473PR RP 2017 Security Outlook
Chris Cornillie
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the Boardroom
Marko Suswanto
 
SVB Cybersecurity Impact on Innovation Report - Overview
SVB Cybersecurity Impact on Innovation Report - OverviewSVB Cybersecurity Impact on Innovation Report - Overview
SVB Cybersecurity Impact on Innovation Report - Overview
Silicon Valley Bank
 
SVB Cybersecurity Impact on Innovation Report
SVB Cybersecurity Impact on Innovation ReportSVB Cybersecurity Impact on Innovation Report
SVB Cybersecurity Impact on Innovation Report
Silicon Valley Bank
 
Sans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionSans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business Mission
Tripwire
 
Metrics & Reporting - A Failure in Communication
Metrics & Reporting - A Failure in CommunicationMetrics & Reporting - A Failure in Communication
Metrics & Reporting - A Failure in Communication
Chris Ross
 
Executive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyExecutive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security Study
Scalar Decisions
 
EMA Megatrends in Cyber-Security
EMA Megatrends in Cyber-SecurityEMA Megatrends in Cyber-Security
EMA Megatrends in Cyber-Security
Enterprise Management Associates
 

What's hot (20)

Trends in Information Security
Trends in Information SecurityTrends in Information Security
Trends in Information Security
 
The state of incident response
The state of incident responseThe state of incident response
The state of incident response
 
MCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability StatementMCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability Statement
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworks
 
Evolving State of the Endpoint Webinar
Evolving State of the Endpoint WebinarEvolving State of the Endpoint Webinar
Evolving State of the Endpoint Webinar
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks
 
2018 U.S State of Cybercrime
2018 U.S State of Cybercrime2018 U.S State of Cybercrime
2018 U.S State of Cybercrime
 
Securing the Digital Future
Securing the Digital FutureSecuring the Digital Future
Securing the Digital Future
 
Cybersecurity report-vol-8
Cybersecurity report-vol-8Cybersecurity report-vol-8
Cybersecurity report-vol-8
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance
 
2015 IA survey - Protiviti
2015 IA survey - Protiviti2015 IA survey - Protiviti
2015 IA survey - Protiviti
 
The State of IT Security for 2019
The State of IT Security for 2019The State of IT Security for 2019
The State of IT Security for 2019
 
IREC165473PR RP 2017 Security Outlook
IREC165473PR RP 2017 Security OutlookIREC165473PR RP 2017 Security Outlook
IREC165473PR RP 2017 Security Outlook
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the Boardroom
 
SVB Cybersecurity Impact on Innovation Report - Overview
SVB Cybersecurity Impact on Innovation Report - OverviewSVB Cybersecurity Impact on Innovation Report - Overview
SVB Cybersecurity Impact on Innovation Report - Overview
 
SVB Cybersecurity Impact on Innovation Report
SVB Cybersecurity Impact on Innovation ReportSVB Cybersecurity Impact on Innovation Report
SVB Cybersecurity Impact on Innovation Report
 
Sans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionSans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business Mission
 
Metrics & Reporting - A Failure in Communication
Metrics & Reporting - A Failure in CommunicationMetrics & Reporting - A Failure in Communication
Metrics & Reporting - A Failure in Communication
 
Executive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyExecutive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security Study
 
EMA Megatrends in Cyber-Security
EMA Megatrends in Cyber-SecurityEMA Megatrends in Cyber-Security
EMA Megatrends in Cyber-Security
 

Viewers also liked

Engaging and integrating a global workforce
Engaging and integrating a global workforceEngaging and integrating a global workforce
Engaging and integrating a global workforce
The Economist Media Businesses
 
Courting China
Courting ChinaCourting China
How mobile is transforming insurance
How mobile is transforming insuranceHow mobile is transforming insurance
How mobile is transforming insurance
The Economist Media Businesses
 
The virtuous circle of data
The virtuous circle of dataThe virtuous circle of data
The virtuous circle of data
The Economist Media Businesses
 
Hyperconnected organisations: How businesses are adapting to the hyperconnect...
Hyperconnected organisations: How businesses are adapting to the hyperconnect...Hyperconnected organisations: How businesses are adapting to the hyperconnect...
Hyperconnected organisations: How businesses are adapting to the hyperconnect...
The Economist Media Businesses
 
Preparing for the digitisation of the workforce
Preparing for the digitisation of the workforcePreparing for the digitisation of the workforce
Preparing for the digitisation of the workforce
The Economist Media Businesses
 
Belgium Country Report: Struggling to break free from the past
Belgium Country Report: Struggling to break free from the pastBelgium Country Report: Struggling to break free from the past
Belgium Country Report: Struggling to break free from the past
The Economist Media Businesses
 
Hungary country report: The consequences of a policy void
Hungary country report: The consequences of a policy voidHungary country report: The consequences of a policy void
Hungary country report: The consequences of a policy void
The Economist Media Businesses
 
The C-suite, the Board and Cyber-defense
The C-suite, the Board and Cyber-defenseThe C-suite, the Board and Cyber-defense
The C-suite, the Board and Cyber-defense
The Economist Media Businesses
 
The ascent of real assets
The ascent of real assetsThe ascent of real assets
The ascent of real assets
The Economist Media Businesses
 
Confronting obesity in Europe
Confronting obesity in EuropeConfronting obesity in Europe
Confronting obesity in Europe
The Economist Media Businesses
 
Developing smart products
Developing smart products Developing smart products
Developing smart products
The Economist Media Businesses
 
Slideshow: Mastering the fundamental five
Slideshow: Mastering the fundamental fiveSlideshow: Mastering the fundamental five
Slideshow: Mastering the fundamental five
The Economist Media Businesses
 
2015 Quality of Death Index Infographic
2015 Quality of Death Index Infographic2015 Quality of Death Index Infographic
2015 Quality of Death Index Infographic
The Economist Media Businesses
 
Generation ¥ - RMB: the new global currency
Generation ¥ - RMB: the new global currencyGeneration ¥ - RMB: the new global currency
Generation ¥ - RMB: the new global currency
The Economist Media Businesses
 
Generation ¥ - RMB: the new global currency infographic
Generation ¥ - RMB: the new global currency infographicGeneration ¥ - RMB: the new global currency infographic
Generation ¥ - RMB: the new global currency infographic
The Economist Media Businesses
 
The Blue Economy
The Blue EconomyThe Blue Economy

Viewers also liked (17)

Engaging and integrating a global workforce
Engaging and integrating a global workforceEngaging and integrating a global workforce
Engaging and integrating a global workforce
 
Courting China
Courting ChinaCourting China
Courting China
 
How mobile is transforming insurance
How mobile is transforming insuranceHow mobile is transforming insurance
How mobile is transforming insurance
 
The virtuous circle of data
The virtuous circle of dataThe virtuous circle of data
The virtuous circle of data
 
Hyperconnected organisations: How businesses are adapting to the hyperconnect...
Hyperconnected organisations: How businesses are adapting to the hyperconnect...Hyperconnected organisations: How businesses are adapting to the hyperconnect...
Hyperconnected organisations: How businesses are adapting to the hyperconnect...
 
Preparing for the digitisation of the workforce
Preparing for the digitisation of the workforcePreparing for the digitisation of the workforce
Preparing for the digitisation of the workforce
 
Belgium Country Report: Struggling to break free from the past
Belgium Country Report: Struggling to break free from the pastBelgium Country Report: Struggling to break free from the past
Belgium Country Report: Struggling to break free from the past
 
Hungary country report: The consequences of a policy void
Hungary country report: The consequences of a policy voidHungary country report: The consequences of a policy void
Hungary country report: The consequences of a policy void
 
The C-suite, the Board and Cyber-defense
The C-suite, the Board and Cyber-defenseThe C-suite, the Board and Cyber-defense
The C-suite, the Board and Cyber-defense
 
The ascent of real assets
The ascent of real assetsThe ascent of real assets
The ascent of real assets
 
Confronting obesity in Europe
Confronting obesity in EuropeConfronting obesity in Europe
Confronting obesity in Europe
 
Developing smart products
Developing smart products Developing smart products
Developing smart products
 
Slideshow: Mastering the fundamental five
Slideshow: Mastering the fundamental fiveSlideshow: Mastering the fundamental five
Slideshow: Mastering the fundamental five
 
2015 Quality of Death Index Infographic
2015 Quality of Death Index Infographic2015 Quality of Death Index Infographic
2015 Quality of Death Index Infographic
 
Generation ¥ - RMB: the new global currency
Generation ¥ - RMB: the new global currencyGeneration ¥ - RMB: the new global currency
Generation ¥ - RMB: the new global currency
 
Generation ¥ - RMB: the new global currency infographic
Generation ¥ - RMB: the new global currency infographicGeneration ¥ - RMB: the new global currency infographic
Generation ¥ - RMB: the new global currency infographic
 
The Blue Economy
The Blue EconomyThe Blue Economy
The Blue Economy
 

Similar to Data security: How a proactive C-suite can reduce cyber-risk for the enterprise

Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber security
WGroup
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & Practices
Joseph DeFever
 
2013 Incident Response Survey
2013 Incident Response Survey2013 Incident Response Survey
2013 Incident Response Survey
FireEye, Inc.
 
eCrime-report-2011-accessible
eCrime-report-2011-accessibleeCrime-report-2011-accessible
eCrime-report-2011-accessible
Charmaine Servado
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe Security
Rahul Tyagi
 
Assessing and Managing IT Security Risks
Assessing and Managing IT Security RisksAssessing and Managing IT Security Risks
Assessing and Managing IT Security Risks
Chris Ross
 
2016 Scalar Security Study Executive Summary
2016 Scalar Security Study Executive Summary2016 Scalar Security Study Executive Summary
2016 Scalar Security Study Executive Summary
patmisasi
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey  Security Incident Response Readiness Survey
Security Incident Response Readiness Survey
Rahul Neel Mani
 
Insuring your future: Cybersecurity and the insurance industry
Insuring your future: Cybersecurity and the insurance industryInsuring your future: Cybersecurity and the insurance industry
Insuring your future: Cybersecurity and the insurance industry
Accenture Insurance
 
Ey giss-under-cyber-attack
Ey giss-under-cyber-attackEy giss-under-cyber-attack
Ey giss-under-cyber-attack
Комсс Файквэе
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
Sarah Jarvis
 
Under cyber attack: EY's Global information security survey 2013
Under cyber attack: EY's Global information security survey 2013Under cyber attack: EY's Global information security survey 2013
Under cyber attack: EY's Global information security survey 2013
EY
 
Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015
Kim Jensen
 
The State of Cybersecurity and Digital Trust 2016
The State of Cybersecurity and Digital Trust 2016The State of Cybersecurity and Digital Trust 2016
The State of Cybersecurity and Digital Trust 2016
Accenture Operations
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Accenture Technology
 
Module 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdfModule 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdf
Humphrey Humphrey
 
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
Mighty Guides, Inc.
 
Understanding the black hat hacker eco system
Understanding the black hat hacker eco systemUnderstanding the black hat hacker eco system
Understanding the black hat hacker eco system
David Sweigert
 
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
Marcello Marchesini
 
Guide to high volume data sources for SIEM
Guide to high volume data sources for SIEMGuide to high volume data sources for SIEM
Guide to high volume data sources for SIEM
Joseph DeFever
 

Similar to Data security: How a proactive C-suite can reduce cyber-risk for the enterprise (20)

Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber security
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & Practices
 
2013 Incident Response Survey
2013 Incident Response Survey2013 Incident Response Survey
2013 Incident Response Survey
 
eCrime-report-2011-accessible
eCrime-report-2011-accessibleeCrime-report-2011-accessible
eCrime-report-2011-accessible
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe Security
 
Assessing and Managing IT Security Risks
Assessing and Managing IT Security RisksAssessing and Managing IT Security Risks
Assessing and Managing IT Security Risks
 
2016 Scalar Security Study Executive Summary
2016 Scalar Security Study Executive Summary2016 Scalar Security Study Executive Summary
2016 Scalar Security Study Executive Summary
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey  Security Incident Response Readiness Survey
Security Incident Response Readiness Survey
 
Insuring your future: Cybersecurity and the insurance industry
Insuring your future: Cybersecurity and the insurance industryInsuring your future: Cybersecurity and the insurance industry
Insuring your future: Cybersecurity and the insurance industry
 
Ey giss-under-cyber-attack
Ey giss-under-cyber-attackEy giss-under-cyber-attack
Ey giss-under-cyber-attack
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
 
Under cyber attack: EY's Global information security survey 2013
Under cyber attack: EY's Global information security survey 2013Under cyber attack: EY's Global information security survey 2013
Under cyber attack: EY's Global information security survey 2013
 
Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015
 
The State of Cybersecurity and Digital Trust 2016
The State of Cybersecurity and Digital Trust 2016The State of Cybersecurity and Digital Trust 2016
The State of Cybersecurity and Digital Trust 2016
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
 
Module 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdfModule 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdf
 
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
 
Understanding the black hat hacker eco system
Understanding the black hat hacker eco systemUnderstanding the black hat hacker eco system
Understanding the black hat hacker eco system
 
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
 
Guide to high volume data sources for SIEM
Guide to high volume data sources for SIEMGuide to high volume data sources for SIEM
Guide to high volume data sources for SIEM
 

More from The Economist Media Businesses

Food for thought: Eating better
Food for thought: Eating betterFood for thought: Eating better
Food for thought: Eating better
The Economist Media Businesses
 
Digital platforms and services: A development opportunity for ASEAN
Digital platforms and services: A development opportunity for ASEANDigital platforms and services: A development opportunity for ASEAN
Digital platforms and services: A development opportunity for ASEAN
The Economist Media Businesses
 
Sustainable and actionable: A study of asset-owner priorities for ESG investi...
Sustainable and actionable: A study of asset-owner priorities for ESG investi...Sustainable and actionable: A study of asset-owner priorities for ESG investi...
Sustainable and actionable: A study of asset-owner priorities for ESG investi...
The Economist Media Businesses
 
Next-Generation Connectivity
Next-Generation ConnectivityNext-Generation Connectivity
Next-Generation Connectivity
The Economist Media Businesses
 
Lung cancer in Latin America: Time to stop looking away
Lung cancer in Latin America: Time to stop looking awayLung cancer in Latin America: Time to stop looking away
Lung cancer in Latin America: Time to stop looking away
The Economist Media Businesses
 
How boards can lead the cyber-resilient organisation
How boards can lead the cyber-resilient organisation How boards can lead the cyber-resilient organisation
How boards can lead the cyber-resilient organisation
The Economist Media Businesses
 
Intelligent Economies: AI's transformation of industries and society
Intelligent Economies: AI's transformation of industries and societyIntelligent Economies: AI's transformation of industries and society
Intelligent Economies: AI's transformation of industries and society
The Economist Media Businesses
 
Eiu collibra transforming data into action-the business outlook for data gove...
Eiu collibra transforming data into action-the business outlook for data gove...Eiu collibra transforming data into action-the business outlook for data gove...
Eiu collibra transforming data into action-the business outlook for data gove...
The Economist Media Businesses
 
Communication barriers in the modern workplace
Communication barriers in the modern workplaceCommunication barriers in the modern workplace
Communication barriers in the modern workplace
The Economist Media Businesses
 
An entrepreneur’s perspective: Today’s world through the eyes of the young in...
An entrepreneur’s perspective: Today’s world through the eyes of the young in...An entrepreneur’s perspective: Today’s world through the eyes of the young in...
An entrepreneur’s perspective: Today’s world through the eyes of the young in...
The Economist Media Businesses
 
EIU - Fostering exploration and excellence in 21st century schools
EIU - Fostering exploration and excellence in 21st century schoolsEIU - Fostering exploration and excellence in 21st century schools
EIU - Fostering exploration and excellence in 21st century schools
The Economist Media Businesses
 
Accountability in Marketing - Linking Tactics to Strategy, Customer Focus and...
Accountability in Marketing - Linking Tactics to Strategy, Customer Focus and...Accountability in Marketing - Linking Tactics to Strategy, Customer Focus and...
Accountability in Marketing - Linking Tactics to Strategy, Customer Focus and...
The Economist Media Businesses
 
M&A in a changing world: Opportunities amidst disruption
M&A in a changing world: Opportunities amidst disruptionM&A in a changing world: Opportunities amidst disruption
M&A in a changing world: Opportunities amidst disruption
The Economist Media Businesses
 
Infographic: Third-Party Risks: The cyber dimension
Infographic: Third-Party Risks: The cyber dimensionInfographic: Third-Party Risks: The cyber dimension
Infographic: Third-Party Risks: The cyber dimension
The Economist Media Businesses
 
Briefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimensionBriefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimension
The Economist Media Businesses
 
In Asia-Pacific, low-yields and regulations drive new asset allocations
In Asia-Pacific, low-yields and regulations drive new asset allocationsIn Asia-Pacific, low-yields and regulations drive new asset allocations
In Asia-Pacific, low-yields and regulations drive new asset allocations
The Economist Media Businesses
 
Asia-pacific Investors Seek Balance Between Risk and Responsibility
Asia-pacific Investors Seek Balance Between Risk and ResponsibilityAsia-pacific Investors Seek Balance Between Risk and Responsibility
Asia-pacific Investors Seek Balance Between Risk and Responsibility
The Economist Media Businesses
 
Risks Drive Noth American Investors to Equities, For Now
Risks Drive Noth American Investors to Equities, For NowRisks Drive Noth American Investors to Equities, For Now
Risks Drive Noth American Investors to Equities, For Now
The Economist Media Businesses
 
In North America, Risks Drive Reallocation to Equities
In North America, Risks Drive Reallocation to EquitiesIn North America, Risks Drive Reallocation to Equities
In North America, Risks Drive Reallocation to Equities
The Economist Media Businesses
 
Balancing Long-term Liabilities with Market Opportunities in EMEA
Balancing Long-term Liabilities with Market Opportunities in EMEABalancing Long-term Liabilities with Market Opportunities in EMEA
Balancing Long-term Liabilities with Market Opportunities in EMEA
The Economist Media Businesses
 

More from The Economist Media Businesses (20)

Food for thought: Eating better
Food for thought: Eating betterFood for thought: Eating better
Food for thought: Eating better
 
Digital platforms and services: A development opportunity for ASEAN
Digital platforms and services: A development opportunity for ASEANDigital platforms and services: A development opportunity for ASEAN
Digital platforms and services: A development opportunity for ASEAN
 
Sustainable and actionable: A study of asset-owner priorities for ESG investi...
Sustainable and actionable: A study of asset-owner priorities for ESG investi...Sustainable and actionable: A study of asset-owner priorities for ESG investi...
Sustainable and actionable: A study of asset-owner priorities for ESG investi...
 
Next-Generation Connectivity
Next-Generation ConnectivityNext-Generation Connectivity
Next-Generation Connectivity
 
Lung cancer in Latin America: Time to stop looking away
Lung cancer in Latin America: Time to stop looking awayLung cancer in Latin America: Time to stop looking away
Lung cancer in Latin America: Time to stop looking away
 
How boards can lead the cyber-resilient organisation
How boards can lead the cyber-resilient organisation How boards can lead the cyber-resilient organisation
How boards can lead the cyber-resilient organisation
 
Intelligent Economies: AI's transformation of industries and society
Intelligent Economies: AI's transformation of industries and societyIntelligent Economies: AI's transformation of industries and society
Intelligent Economies: AI's transformation of industries and society
 
Eiu collibra transforming data into action-the business outlook for data gove...
Eiu collibra transforming data into action-the business outlook for data gove...Eiu collibra transforming data into action-the business outlook for data gove...
Eiu collibra transforming data into action-the business outlook for data gove...
 
Communication barriers in the modern workplace
Communication barriers in the modern workplaceCommunication barriers in the modern workplace
Communication barriers in the modern workplace
 
An entrepreneur’s perspective: Today’s world through the eyes of the young in...
An entrepreneur’s perspective: Today’s world through the eyes of the young in...An entrepreneur’s perspective: Today’s world through the eyes of the young in...
An entrepreneur’s perspective: Today’s world through the eyes of the young in...
 
EIU - Fostering exploration and excellence in 21st century schools
EIU - Fostering exploration and excellence in 21st century schoolsEIU - Fostering exploration and excellence in 21st century schools
EIU - Fostering exploration and excellence in 21st century schools
 
Accountability in Marketing - Linking Tactics to Strategy, Customer Focus and...
Accountability in Marketing - Linking Tactics to Strategy, Customer Focus and...Accountability in Marketing - Linking Tactics to Strategy, Customer Focus and...
Accountability in Marketing - Linking Tactics to Strategy, Customer Focus and...
 
M&A in a changing world: Opportunities amidst disruption
M&A in a changing world: Opportunities amidst disruptionM&A in a changing world: Opportunities amidst disruption
M&A in a changing world: Opportunities amidst disruption
 
Infographic: Third-Party Risks: The cyber dimension
Infographic: Third-Party Risks: The cyber dimensionInfographic: Third-Party Risks: The cyber dimension
Infographic: Third-Party Risks: The cyber dimension
 
Briefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimensionBriefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimension
 
In Asia-Pacific, low-yields and regulations drive new asset allocations
In Asia-Pacific, low-yields and regulations drive new asset allocationsIn Asia-Pacific, low-yields and regulations drive new asset allocations
In Asia-Pacific, low-yields and regulations drive new asset allocations
 
Asia-pacific Investors Seek Balance Between Risk and Responsibility
Asia-pacific Investors Seek Balance Between Risk and ResponsibilityAsia-pacific Investors Seek Balance Between Risk and Responsibility
Asia-pacific Investors Seek Balance Between Risk and Responsibility
 
Risks Drive Noth American Investors to Equities, For Now
Risks Drive Noth American Investors to Equities, For NowRisks Drive Noth American Investors to Equities, For Now
Risks Drive Noth American Investors to Equities, For Now
 
In North America, Risks Drive Reallocation to Equities
In North America, Risks Drive Reallocation to EquitiesIn North America, Risks Drive Reallocation to Equities
In North America, Risks Drive Reallocation to Equities
 
Balancing Long-term Liabilities with Market Opportunities in EMEA
Balancing Long-term Liabilities with Market Opportunities in EMEABalancing Long-term Liabilities with Market Opportunities in EMEA
Balancing Long-term Liabilities with Market Opportunities in EMEA
 

Recently uploaded

Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
Alex Pruden
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
Data structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdfData structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdf
TIPNGVN2
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the  Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the  Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
ThomasParaiso2
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 

Recently uploaded (20)

Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
Data structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdfData structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdf
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the  Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the  Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 

Data security: How a proactive C-suite can reduce cyber-risk for the enterprise

  • 1. © The Economist Intelligence Unit Limited 20161 A report from The Economist Intelligence Unit Data security: How a proactive C-suite can reduce cyber-risk for the enterprise The number one technology issue in the C-suite today is cyber-security.1 And there’s no wonder—attacks are becoming more numerous and more sophisticated than ever. The cost of cyber-crime to the global economy has topped more than $445 billion2 – equivalent to 1% of global GDP. Sometimes cyber-crime can seem unstoppable – while firms spent more than $75 billion on cyber-defences in 20153 , cyber-crime grew by 38% that year.4 That’s why C-suite executives everywhere are asking: What can we do to make a difference in defending against hackers, cyber-criminals and digital spies? Research conducted by The Economist Intelligence Unit (EIU), sponsored by Oracle, provides answers. The results show that a proactive security strategy backed by a fully engaged C-suite and board of directors reduced the growth of cyber-attacks and breaches by 53% over comparable firms. These findings were compiled from responses by 300 firms, across multiple industries, against a range of attack modes and over a two-year period from February 2014 to January 2016. The lessons are clear. As cyber-attackers elevate their game, the response must be an enterprise solution. Only C-suites and boards of directors marshal the authority and resources to support a truly enterprise-wide approach. In sum, proactive cyber-security strategies, supported by senior management, can cut vulnerability to cyber-attack in half. Sponsored by
  • 2. © The Economist Intelligence Unit Limited 20162 Data security: How a proactive C-suite can reduce cyber-risk for the enterprise The payoff for being proactive The EIU survey respondents were all members of the C-suites or boards of directors of their respective companies. They represented medium to large businesses in over 20 verticals, with equal representation from Europe and the Middle East, the Americas and the Asia-Pacific region. (See the appendix for more demographic details.) The collective responses show the factors that differentiate enterprises with a high degree of success in cyber-security from those that continue to struggle. First, successful firms rely on proactive security strategies. Executives at companies with a high degree of confidence in their defences describe themselves as having a proactive data security strategy that goes beyond traditional approaches that rely primarily on reactive perimeter defences managed by IT departments. Instead, proactive strategies actively monitor external threats and mobilise the entire workforce to stave off attacks. In short, these approaches combine both the latest security technology and new business processes. “Proactive security determines the impact of a breach, what data was actually disclosed, and the cost associated with it. It’s more thoughtful and less emotional than traditional approaches,” says Ron Woerner, director of cybersecurity studies at Bellevue University. Second, successful security hinges on proactive C-suites and boards of directors. Why is the involvement of the C-suite and board so important? How confident are you that your company has an acceptable level of data security? (% respondents) What is the most important thing the C-suite/board can do to support data security? (% respondents)  Very confident  Somewhat confident  Not very confident  Not at all confident  Don’t know Source: Economist Intelligence Unit survey, 2016 30 3 1 22 43 How do you rate yourself against your peers in data security? (% respondents)  Pioneer  Leader  Middle of pack  Follower  Laggard 30 6 7 31 29 Supporting a proactive security strategy Building a security culture Security programme oversight Recruit security personnel Ensure financial support Balance security with productivity Collaborate with external entities Support security across silos Security crisis management 32 17 11 9 9 8 6 4 4
  • 3. © The Economist Intelligence Unit Limited 20163 Data security: How a proactive C-suite can reduce cyber-risk for the enterprise Part of the answer stems from the new kinds of threats organisations are facing today. Criminals attack all parts of the enterprise and frequently include penetrations launched through third-party suppliers and customers. These broader, more complex threat parameters require action from executives with oversight into the entire enterprise. That demands a C-suite-level response. These leaders have the authority to mobilise all parts of the organisation, including appropriate responses from suppliers and partners. Just as importantly, senior executives provide budgetary and other resources to help ensure the success of proactive strategies. “Boards become actively involved in security when they realise that security drives revenues and customer loyalty,” says Jeffrey Ritter, external lecturer at the University of Oxford and author of the book Achieving Digital Trust. “If partners or customers are not confident about how secure your business is, they will decide to not do business with you.” For reasons like these, senior-level involvement is a clear indicator of cyber-security success, as the research data shows. The payoff isn’t confined to just responding more effectively to an attack—the influence of proactive C-suites also contributes to a significant reduction in the growth of cyber-attacks themselves. Comparative engagement of the C-suite/board in security activities (% respondents) Source: Economist Intelligence Unit survey, 2016 C-suite/board feels it gets sufficient information Standing board committee on data security Regular “state of security” reports Standing board agenda item Security factored into board strategic decisions C-suite/board has necessary expertise in data security Firms with higher growth in cyber-attacks (+21.1%) Firms with lower growth in cyber-attacks (+9.8%) 22 46 21 33 17 31 17 24 14 27 13 45 In an environment of rapid growth in cyber-risk, companies with proactive C-suites/boards have experienced much lower growth rates—across virtually all major attack modes. Growth of attacks over past 2 years (% respondents) Growth of attacks over the past 24 months—average across all forms of attack (% respondents)Hacking Source: Economist Intelligence Unit survey, 2016 Lower growth in cyber-attacks Government espionage Corporate espionage Malware Theft of financial assets Public disclosure of sensitive documents Ransomware Theft of customer data Less successful firms More successful firms 42 17 23 6 18 18 21 10 -53% 18 9 10 6 39 24 30 2 6 4 Less successful: Firms with higher growth in cyber-attacks (+21.1%) More successful: Firms with lower growth in cyber-attacks (+9.8%)
  • 4. © The Economist Intelligence Unit Limited 20164 Data security: How a proactive C-suite can reduce cyber-risk for the enterprise Overall, companies with proactive strategies and highly engaged senior executives are cutting the rate of growth of cyber-attacks in half, which significantly reduces exposure to cyber-attack risks, according to the EIU research. Six steps to a more effective cyber-security strategy The benefits of proactive, C-suite-driven security are clear, but what are the essential elements to focus on when creating a plan? The following six steps correlate with high rates of deterrence of cyber-attacks and, tellingly, all are within the responsibilities of the C-suite and board of directors. 1. Align the organisation to support security Key drivers of cyber-deterrence include reducing organisational barriers to security implementation and ensuring common standards across the enterprise. The process starts with breaking down silos. This addresses leading causes of security breakdowns, including fragmented security solutions. Silos also create gaps in coverage and force organisations to set protection at the level of the lowest participant. The next step in organisational alignment is implementing common standards across the organisation. This enables an integrated defence, makes security easier to manage and measure, and encourages organisations to adopt the highest shared standards for all departments. 2. Ensure employee buy-in and compliance with corporate security practices Companies that have been more successful in deterring attacks have a stronger track record in these two important areas. Employee compliance is essential for cyber-security success since this group continues to be the largest single cause of breaches, according to multiple industry studies. But tough compliance mandates alone aren’t enough. Organisations must understand any road blocks that are keeping employees from strictly following How successful has your firm been in ensuring support for security across silos? (% respondents) How successful has your firm been in extending common standards across the organisation? (% respondents) Source: Economist Intelligence Unit survey, 2016 36 72 56 67 Less successful firms More successful firms Less successful firms More successful firms Percentage of respondents who agree and strongly agree with the following statements Source: Economist Intelligence Unit survey, 2016 We need to spend more time and money on employee security Our employees support our security programmes We have the right balance between security and productivity Our employees comply with our security policies Our employees receive sufficient security training 55 66 54 73 44 50 42 62 28 51 Less successful: Firms with higher growth in cyber-attacks (+21.1%) More successful: Firms with lower growth in cyber-attacks (+9.8%)
  • 5. © The Economist Intelligence Unit Limited 20165 Data security: How a proactive C-suite can reduce cyber-risk for the enterprise policies. In particular, focus on whether employees are impatient with security procedures because they’re seen as hampering productivity. Also, many organisations will benefit from additional employee training to ensure people understand the importance of security policies and have the knowledge to follow them completely. 3. Create a strong centralised management structure for security Companies that have been more successful in deterring cyber-attacks place a stronger reliance on centralised control over security programmes. The reasons for centralised security are clear. Organisations can implement integrated systems that reduce the chance of security gaps that provide entry points for hackers. In addition, centralisation makes it easier to adopt common standards and enterprise- wide detection and monitoring of intrusions. Other benefits include simplified training and policy management, as well as cost efficiencies that come with not procuring and maintaining multiple security systems. 4. Meet skills shortages by retraining in-house personnel Attracting and retaining skilled security talent is a challenge for any organisation. But successful firms are taking steps to address this long-time problem. Notably, successful firms are meeting the challenge of recruiting data security experts by elevating the security skills of existing employees. These staff members have strong incentives to hone their security skills. Not only will it make them more effective for their current employers, but it’s a smart career move. One study found that by 2019, a skills gap will leave 1.5 million cyber-security jobs unfilled5 . “Over time, effective security has become less about just technology and more about integrating security into the processes of the firm,” says Mr Woerner. Which of the following best describes your organisational approach to data security? (% respondents) Do you use centralised policies to identify and protect sensitive information? (% respondents who answered yes) Source: Economist Intelligence Unit survey, 2016 Less successful firms More successful firms Control within the line of business Hybrid control Centralised control Less successful firms More successful firms 65 75 38 22 39 17 33 48 Percentage of respondents who answered yes to the following statements Source: Economist Intelligence Unit survey, 2016 We have difficulty recruiting qualified security personnel We have difficulty retaining qualified security personnel We can train and repurpose our existing personnel in security 50 58 60 47 23 54 Less successful: Firms with higher growth in cyber-attacks (+21.1%) More successful: Firms with lower growth in cyber-attacks (+9.8%)
  • 6. © The Economist Intelligence Unit Limited 20166 Data security: How a proactive C-suite can reduce cyber-risk for the enterprise 5. Tap the expertise of third-party security firms Given the size and complexity of the cyber-security challenge, internal resources alone may not be enough to fully defend against cyber-criminals. Successful firms supplement their internal security resources with third-party vendors. These providers offer an independent view for monitoring the effectiveness of a client’s defences. Just as importantly, because third-parties engage with a range of customers, they bring a broad perspective on trending threats, as well as the latest best practices for keeping organisations protected. “If I’m an independent threat-intelligence service with 5,000 clients, I have an opportunity to see new patterns of behavior before they become widely known by others,” says Mr Ritter. “I know of one service that updates its black list every 30 seconds, and to do that, they’re looking at over 275,000 nodes, including 50,000 honey pots, or decoy systems, that they manage to monitor the activities of hackers.” 6. Invest sufficient resources—in particular, security funding—to meet today’s complex data-security requirements Despite cyber-attacks increasing by nearly 40% in 2015, budget increases remain modest. On average, enterprises are increasing spending by less than 10%. It’s no wonder that IT staff at many firms feel outgunned and outspent by cyber- criminals. The EIU study found a significant correlation between low levels of funding and a lack of success which, as shown in earlier charts, also correlates with higher growth rates of attacks. How successful have you been in engaging security vendors? (% respondents who answered successful plus very successful) How important are third-party vendors in providing the following security services? (% respondents who answered important and very important) Source: Economist Intelligence Unit survey, 2016 Conducting independent security audits Conducting independent probes and tests Providing early warning/alerts Less successful firms More successful firms 37 71 39 69 20 53 19 48 Would you describe your data security budget as sufficient? (% respondents answering agree plus strongly agree) Projected growth of data security budget (increase over the next fiscal year) (% respondents) Source: Economist Intelligence Unit survey, 2016 Less successful firms More successful firms Increase > 25% Increase of 11-25% Increase of 1-10% 1 15 51 1 27 55 25 67 Less successful firms More successful firms Less successful: Firms with higher growth in cyber-attacks (+21.1%) More successful: Firms with lower growth in cyber-attacks (+9.8%)
  • 7. © The Economist Intelligence Unit Limited 20167 Data security: How a proactive C-suite can reduce cyber-risk for the enterprise A ray of hope As cyber-crime evolves, the role of the C-suite and board of directors is becoming vital for successful security efforts. Traditional static defences—characterised by “defending the firewall”—are becoming less effective as the volume and sophistication of attacks increase. The new era of cyber-crime prevention calls for a more elastic, proactive and cross-enterprise set of defences. This in turn calls for mobilising employees, partners and external firms. Make no mistake—the answer isn’t just another IT initiative. An effective, proactive strategy must mobilise almost the entire firm. Only the C-suite/board has the authority to support this level of engagement for the long term. But as the EIU data shows, this modern approach pays off in a significant decrease in the number of cyber-attacks on the enterprise. There’s one other benefit—greater peace of mind. Firms that are pursuing proactive security strategies with strong C-suite backing are more confident about the future—it’s a welcome contrast to the litany of discouraging news that often surrounds cyber-security. How confident are you in your firm’s ability to meet future challenges in data security? (% respondents answering confident or very confident) Source: Economist Intelligence Unit survey, 2016 Less successful firms More successful firms 41 67 Less successful: Firms with higher growth in cyber-attacks (+21.1%) More successful: Firms with lower growth in cyber-attacks (+9.8%)
  • 8. © The Economist Intelligence Unit Limited 20168 Data security: How a proactive C-suite can reduce cyber-risk for the enterprise Appendix: summary of survey demographics In February-March 2016, the EIU surveyed 300 executives identified as responsible for or are knowledgeable of cyber-security in their companies. The following is a summary of survey sample demographics. Seniority and function Company leadership, strong IT representation (% respondents) Geography Globally representative by region (% respondents) Size of company Medium-large business—supports complex IT (% respondents, US$bn)  $100-500  $500-1 bn  $1-3 bn  $3-15 bn 61 3 14 23  Americas  Europe & ME  Asia-Pacific  RoW 30 30 30 10CIO CISO Chief Strategy Officer Chief Risk Officer COO Chief Data Officer CEO CFO Industry 20 verticals, none more than 10%— effectively represents all industries (% respondents) Consumer goods Entertainment Manufacturing Chemicals Financial services Healthcare Construction Automotive IT Telecommunications Transportation Logistics Agriculture Energy Education Government Aerospace Non-IT (33%) IT (67%) 45 17 12 9 7 5 2 2 10 10 9 8 8 8 7 6 6 6 6 5 4 3 2 2 1 1 http://www.industryweek.com/strategic-planning-execution/10-questions-leading-boardroom-agendas-2016 2 http:co//www.telegraph..uk/technology/internet-security/10886640/Cyber-crime-costs-global-economy-445-bn-annually.html 3 http://www.gartner.com/newsroom/id/3135617 4 http://www.pwc.com/gx/en/issues/cyber-security/information-security-survey.html 5 http://searchcio.techtarget.com/news/4500273059/Obamas-19B-cybersecurity-plan-takes-aim-at-cybercrime- underscores-skills-gap