This document summarizes the key findings from the 2014 Cyber Governance Health Check of FTSE 350 companies. Some of the main points covered include:
- Board engagement on cybersecurity issues is increasing, but more work is still needed to improve board understanding of risks.
- Companies are starting to focus more on managing cyber risks from third party suppliers and vendors, though more can still be done.
- Views from KPMG cybersecurity experts provide perspectives on challenges companies face in cyber risk management and what the future may hold.
Securing the Digital Economy: Reinventing the Internet for TrustAccenture Insurance
Securing the digital economy does not fall on the individual, but instead relies on the ability of leaders to work collectively to forge digital trust.
2015 Energy Industry Cybersecurity Research UpdateGridCyberSec
ScottMadden, Inc., one of North America’s leading energy consulting firms, has released a report on cybersecurity within the energy sector. This new report helps utilities understand how their cybersecurity practices and perceptions compare to those of industry peers. It is a resource for utility executives evaluating their cybersecurity capabilities. Additional industry cybersecurity information can be found on ScottMadden’s sponsored website: GridCyberSec.com.
Ninth Annual Cost of Cybercrime Study in Financial Services – 2019 Reportaccenture
This new Accenture Security document reports on how the cost of cybercrime continues to increase for financial services companies and explores how enhanced cybersecurity can unlock substantial new financial value for their organizations
No More Snake Oil: Why InfoSec Needs Security GuaranteesJeremiah Grossman
Ever notice how everything in InfoSec is sold “as is”? No guarantees, no warrantees, no return policies. For some reason in InfoSec, providing customers with a form of financial coverage for their investment is seen as gimmicky, but the tides and times are changing. This talk discusses use cases on why guarantees are a must have and how guarantees benefit customers as well as InfoSec as a whole.
This year, CSO partnered with the CERT® Division of Software Engineering Institute at Carnegie Mellon University, U.S. Secret Service and KnowBe4 to evaluate trends in the frequency and impact of cybersecurity incidents
Under cyber attack: EY's Global information security survey 2013EY
Under cyber-attack, EY's 16th annual Global Information Security Survey 2013 tracks the level of awareness and action by companies in response to cyber threats and canvases the opinion of over 1,900 senior executives globally. This year’s results show that as companies continue to invest heavily to protect themselves against cyber-attacks, the number of security breaches is on the rise and it is no longer of question of if, but when, a company will be the target of an attack.
For further information, visit: http://www.ey.com/GL/en/Services/Advisory/Cyber-security
Securing the Digital Economy: Reinventing the Internet for TrustAccenture Insurance
Securing the digital economy does not fall on the individual, but instead relies on the ability of leaders to work collectively to forge digital trust.
2015 Energy Industry Cybersecurity Research UpdateGridCyberSec
ScottMadden, Inc., one of North America’s leading energy consulting firms, has released a report on cybersecurity within the energy sector. This new report helps utilities understand how their cybersecurity practices and perceptions compare to those of industry peers. It is a resource for utility executives evaluating their cybersecurity capabilities. Additional industry cybersecurity information can be found on ScottMadden’s sponsored website: GridCyberSec.com.
Ninth Annual Cost of Cybercrime Study in Financial Services – 2019 Reportaccenture
This new Accenture Security document reports on how the cost of cybercrime continues to increase for financial services companies and explores how enhanced cybersecurity can unlock substantial new financial value for their organizations
No More Snake Oil: Why InfoSec Needs Security GuaranteesJeremiah Grossman
Ever notice how everything in InfoSec is sold “as is”? No guarantees, no warrantees, no return policies. For some reason in InfoSec, providing customers with a form of financial coverage for their investment is seen as gimmicky, but the tides and times are changing. This talk discusses use cases on why guarantees are a must have and how guarantees benefit customers as well as InfoSec as a whole.
This year, CSO partnered with the CERT® Division of Software Engineering Institute at Carnegie Mellon University, U.S. Secret Service and KnowBe4 to evaluate trends in the frequency and impact of cybersecurity incidents
Under cyber attack: EY's Global information security survey 2013EY
Under cyber-attack, EY's 16th annual Global Information Security Survey 2013 tracks the level of awareness and action by companies in response to cyber threats and canvases the opinion of over 1,900 senior executives globally. This year’s results show that as companies continue to invest heavily to protect themselves against cyber-attacks, the number of security breaches is on the rise and it is no longer of question of if, but when, a company will be the target of an attack.
For further information, visit: http://www.ey.com/GL/en/Services/Advisory/Cyber-security
Securing the Digital Economy: Reinventing the Internetaccenture
Securing the digital economy does not fall on the individual, but instead relies on the ability of leaders to work collectively to forge digital trust.
Insuring your future: Cybersecurity and the insurance industryAccenture Insurance
How are insurance companies faring when it comes to protecting their assets and their customers from fraud, malware, cyber attacks and a host of other security breaches? The question is important. Insurance companies hold a vast amount of data
including personally identifiable information, personal health information, credit card and bank account data, and trade secrets (their own and sometimes their clients’). Insurers
have a very distributed model for servicing, increasing the risk across the value chain. Aging legacy systems complicate matters even more.
According to current government guidelines, everyone who cannot do their job from home should now go to work, provided their workplace is open. As people start to trickle back into the workplace over the next few months, we’re going to see the emergence of a very dierent workplace. More people are going to continue to work remotely, whether full-time or part-time, and businesses are going to have to deal with the impact of the predicted recession.
This study from the Ponemon Institute and Accenture reviews the economic impact of cyber attacks in financial services and shares insights on the security investments that make a difference in financial services. Read our Cost of Cyber Crime blog series, which takes a closer look at the results: https://accntu.re/2GrL8El
Webcast outlines how IT security and operations can address top security concerns and challenges and adapt to new technologies and trends surrounding the endpoint.
The Digital Multiplier: Five Steps To Digital Success In The Insurance SectorAccenture Insurance
Insurers are investing less than many of their counterparts in other industries in essential digital technology. They’re also achieving lower financial returns on this spending.
The few insurers that are generating good financial returns from their investments in digital technology have a big advantage over their competitors. They have grown revenue 64 percent more than other insurers that have invested heavily in digital technology and achieved a 48 percent better return on equity.
In January-February 2016, the EIU, surveyed 1,100 senior executives on data security practices within their firms. The survey’s primary objective was to analyse the differences, if any, between the C-suite and senior IT executives on data security.
The survey sample was recruited from companies with between $500 million and $10 billion in revenues, and is equally representative of the Americas, Asia-Pacific and European regions. The panel came from 20 industries, with no single industry accounting for more than 14% of the total.
This was a survey of senior executives. The C-suite segment, sometimes referred to herein as senior management or corporate leadership, consisted exclusively of C-suite executives (eg CEOs, CFO, COOs). The security segment, sometimes referred to herein as the security executives, consisted of the CIO and those who identified themselves as Chief Data Officers or Chief Information Security Officers (CISOs).
Each panel was asked an identical set of 20 questions, and the results have been reviewed for insight and commentary by a panel of independent experts.
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsElizabeth Dimit
Blog post discussing why CISOs need to collaborate with privacy, legal, and product teams to effectively identify and mitigate risk in their organization.
Cyber-criminals are assaulting every part of the enterprise. But not all cyber-attacks are created equal. In the minds of senior executives, the greatest danger of cyber-attacks is damage to the reputation of the firm with its customers.
In its second year, IDG’s 2018 Security Priorities study was conducted to gain a better understanding of organization’s current and future security posture.
Cyber Crime & Big Data Webinar -- 10-16-13MedillNSZ
Paul Rosenzweig hosts the Medill National Security Journalism Initiative's Cyber Crime & Big Data Webinar -- 10-16-13. From Evanston, IL and Washington, DC. Hosted by NSJI's Ellen Shearer.
The race is on
Clearly, Canadian executives are feeling that the race is on; but it remains to be seen whether they act quickly enough and with the right focus to effectively transform and evolve. Among our findings:
75 percent of CEOs agree that the next three years will be more critical to their industry than the previous 50 years;
74 percent of CEOs believe their company will remain largely the same in the next 3 years;
98 percent are concerned about the loyalty of customers;
13 percent feel confident that they are fully prepared for a cyber-event.
Securing the Digital Economy: Reinventing the Internetaccenture
Securing the digital economy does not fall on the individual, but instead relies on the ability of leaders to work collectively to forge digital trust.
Insuring your future: Cybersecurity and the insurance industryAccenture Insurance
How are insurance companies faring when it comes to protecting their assets and their customers from fraud, malware, cyber attacks and a host of other security breaches? The question is important. Insurance companies hold a vast amount of data
including personally identifiable information, personal health information, credit card and bank account data, and trade secrets (their own and sometimes their clients’). Insurers
have a very distributed model for servicing, increasing the risk across the value chain. Aging legacy systems complicate matters even more.
According to current government guidelines, everyone who cannot do their job from home should now go to work, provided their workplace is open. As people start to trickle back into the workplace over the next few months, we’re going to see the emergence of a very dierent workplace. More people are going to continue to work remotely, whether full-time or part-time, and businesses are going to have to deal with the impact of the predicted recession.
This study from the Ponemon Institute and Accenture reviews the economic impact of cyber attacks in financial services and shares insights on the security investments that make a difference in financial services. Read our Cost of Cyber Crime blog series, which takes a closer look at the results: https://accntu.re/2GrL8El
Webcast outlines how IT security and operations can address top security concerns and challenges and adapt to new technologies and trends surrounding the endpoint.
The Digital Multiplier: Five Steps To Digital Success In The Insurance SectorAccenture Insurance
Insurers are investing less than many of their counterparts in other industries in essential digital technology. They’re also achieving lower financial returns on this spending.
The few insurers that are generating good financial returns from their investments in digital technology have a big advantage over their competitors. They have grown revenue 64 percent more than other insurers that have invested heavily in digital technology and achieved a 48 percent better return on equity.
In January-February 2016, the EIU, surveyed 1,100 senior executives on data security practices within their firms. The survey’s primary objective was to analyse the differences, if any, between the C-suite and senior IT executives on data security.
The survey sample was recruited from companies with between $500 million and $10 billion in revenues, and is equally representative of the Americas, Asia-Pacific and European regions. The panel came from 20 industries, with no single industry accounting for more than 14% of the total.
This was a survey of senior executives. The C-suite segment, sometimes referred to herein as senior management or corporate leadership, consisted exclusively of C-suite executives (eg CEOs, CFO, COOs). The security segment, sometimes referred to herein as the security executives, consisted of the CIO and those who identified themselves as Chief Data Officers or Chief Information Security Officers (CISOs).
Each panel was asked an identical set of 20 questions, and the results have been reviewed for insight and commentary by a panel of independent experts.
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsElizabeth Dimit
Blog post discussing why CISOs need to collaborate with privacy, legal, and product teams to effectively identify and mitigate risk in their organization.
Cyber-criminals are assaulting every part of the enterprise. But not all cyber-attacks are created equal. In the minds of senior executives, the greatest danger of cyber-attacks is damage to the reputation of the firm with its customers.
In its second year, IDG’s 2018 Security Priorities study was conducted to gain a better understanding of organization’s current and future security posture.
Cyber Crime & Big Data Webinar -- 10-16-13MedillNSZ
Paul Rosenzweig hosts the Medill National Security Journalism Initiative's Cyber Crime & Big Data Webinar -- 10-16-13. From Evanston, IL and Washington, DC. Hosted by NSJI's Ellen Shearer.
The race is on
Clearly, Canadian executives are feeling that the race is on; but it remains to be seen whether they act quickly enough and with the right focus to effectively transform and evolve. Among our findings:
75 percent of CEOs agree that the next three years will be more critical to their industry than the previous 50 years;
74 percent of CEOs believe their company will remain largely the same in the next 3 years;
98 percent are concerned about the loyalty of customers;
13 percent feel confident that they are fully prepared for a cyber-event.
Cyber security lecture for University students, following and expanding on previously delivered presentation on Enterprise Security Incident Management. More in-depth, with the Security Incident lifecycle focus
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case StudyHoneywell
Joint presentation with Accenture that illustrates the significant time savings, security enhancements & cost reductions in implementing ICS cyber security.
Presentation talking about the ever increasing threat of cyber crime and how social media, mobile devices, cloud computing make an interesting point of attack. Cyber security is only getting more and more important due to the widespread of new platforms, increasingly available and simple to use exploit kits as well as attacks becoming more sophisticated and having specific targets.
PwC Point of View on Cybersecurity ManagementCA Technologies
During this session, participants will learn about PwC’s Cybersecurity Management framework that assists enterprises in identifying crown jewels, threats & risks in the environment, architectural gaps, and assists in building cyber resilience program.
For more information, please visit http://cainc.to/Nv2VOe
Fighting The Top 7 Threats to Cloud CybersecurityDavid Zaizar
Data breaches are happening on an unprecedented scale, and the consequences of a breach occurring are not only extremely expensive, but can permanently damage a business's reputation. Guard against threats the right way – by knowing what these threats to cloud cyber security are.
Cyber Resilience presented at the Malta Association of Risk Management (MARM) Cybercrime Seminar of 24 June 2013 by Mr Donald Tabone. Mr Tabone, Associate Director and Head of Information Protection and Business Resilience Services at KPMG Malta, presented a six-point action plan corporate entities can follow in order to reach a sustainable level of cyber resilience.
Continuous Cyber Attacks: Engaging Business Leaders for the New NormalAccenture Technology
Organizations face a cyber crime wave that is increasing in intensity and sophistication. Business leaders must establish a holistic, end-to-end security strategy to protect the organization.
This new edition of the Cyber Risk Governance Report includes a case study that illustrates how our cyber risk governance model works in practice.
FERMA has made the ongoing digital transformation a priority for our advocacy work for several years now.This is why, in 2017, we launched one of the first European cyber risk
governance models jointly with our European colleagues and internal auditors from the ECIIA.
Events since then have only strengthened our view that corporate governance models will quickly become obsolete if they do not embed governance for cyber risks under the leadership of a risk and insurance professional.
Cyber security trends in the UK
Enterprises today are faced with three key challenges:
- Implementing new SMAC technologies to support the business, as part of their digital transformation programs, but while keeping it secure;
- Responding to the increasing and changing threat landscape of targeted attacks;
- Achieving and retaining compliance with an increasing number of rules and regulations.
How do enterprises respond, in the context of a nationwide shortage in cyber security skills? Our hypothesis for this study was that enterprises are struggling to cope with the increase in workload, and are increasingly offloading (some of) their security provision to outsourcing providers as Managed Security Services (MSS). We surveyed 230 decision makers in large companies (1000+ employees) in the UK, to understand their motivations and drivers with regard to cyber security provision.
This study deals with the following questions:
- What do companies understand about the growing cyber threat landscape?
- How are companies meeting their resource challenges in cyber security?
- How are they using external providers to meet resource challenges?
- What are the drivers and inhibitors for using external cyber security providers?
- What alternative approaches to external cyber security provision being considered?
- Which services do companies expect from a cyber security provider?
- What are the capabilities and attributes of a credible cyber security provider?
How close is your organization to being breached | Safe SecurityRahul Tyagi
Traditional methods are certainly limited in
their capabilities and this is easily proven by
the multitude of breaches businesses were a
victim of, across the globe. The 2020 Q3 Data
Breach QuickView Report revealed that the
number of records exposed in 2020 has
increased to 36 billion globally. The report
stated that there were 2,953 publicly
reported breaches in the first three quarters
of 2020 itself! 2020 is already named the
“worst year on record” by the end of Q2 in
terms of the total number of records
exposed. With the growing sophistication of
cyber-attacks and global damages related
to cybercrime reaching $6 trillion by 2021, we
need a solution that simplifies
cybersecurity.
To know more about breach probability visit : www.safe.security
Information Security assessment of companies in Germany, Austria and Switzerland, February 2015.
Every day critical security incidents show the drastic extent of "successful" cyber attacks for organizations in terms of monetary and material loss. With increasing use of digital technologies and the growing spread of mobile and IoT cyber security is becoming a key factor for companies’ successful digital transformation. To analyze current challenges, trends and maturity of companies state of information security, Capgemini Consulting DACH conducted a survey in Germany, Austria and Switzerland. The 2014 Information Security Benchmarking Study shows that information security is insufficiently embedded in most companies‘ business strategy and operations to effectively safeguard organizations against current cyber threats.
https://www.de.capgemini-consulting.com/resources/information-security-benchmarking
Metrics & Reporting - A Failure in CommunicationChris Ross
Wisegate recently conducted a research initiative to assess the current state of security risks and controls in business today. One of the key takeaways? A concerning lack of metrics and reporting on the subject. While CISOs claim to be improving corporate security all the time, there is little ability to measure that success. In this Drill-Down report, Wisegate uncovers where most organizations stand when it comes to metrics and reporting, and how it is affecting their businesses on the whole.
2016 Cyber Security Breaches Survey for the UKGary Chambers
PIB Insurance Brokers is proud to present our report summarising the 2016 Cyber Security Breaches Survey for the United Kingdom, commissioned by the Department for Culture, Media & Sport as part of the National Cyber Security Programme.
Current enterprise information security measures continue to fail us. Why is ...Livingstone Advisory
Conventional information security measures continue to fail our businesses in today’s rapidly changing world of cyber-risk. Adverse cyber-events manifest themselves as the usual suspects including data breaches, information theft, ransom- and malware, viruses, payment card fraud, DDOS attacks or physical loss – to name but a few.
Problem is, the tally of adverse events keeps mounting up. While headline adverse cyber incidents are now reported in the media with regularity, this represents the tip of the cyber-risk iceberg. Most known events are either unreported or hidden from public disclosure. Not helping, is the industry analysis suggesting that, on average, nearly half of all adverse cyber-risk events impacting organisations are self-inflicted and avoidable. No industry is untouched.
Delivered at the CIO Summit in Melbourne, Australia in November 2016, in this presentation, Rob offers valuable strategic insights into the problem and why it continues to be a problem.
He outlines some practical steps that will be helpful for CIOs and CISOs in reshaping their own organisation’s approach in building a more effective and resilient information security capability.
Just as Amazon changed how we buy things and
Netflix transformed how we consume videos,
companies like AirBnB and Uber have shaken up the
hotel and transportation industries. With new disruptive
technologies, products, services and business models
being introduced almost daily, CIOs need to take charge
of their organization’s response now to secure long-term
business success.
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursSurfWatch Labs
With the board room increasingly being held accountable for data breaches, it's crucial that they know and understand the cyber risks facing their organization.Connect board room to server room
Managing Cyber Risk: Are Companies Safeguarding Their Assets?EMC
This white paper summarizes the results of a survey done by RSA, NYSE Governance Series, and Corporate Board Member, in association with Ernst & Young, with 200 audit committee members responding on a variety of issues regarding their cyber risk oversight program.
Managing Cyber Risk: Are Companies Safeguarding Their Assets?EMC
This white paper summarizes the results of a survey done by RSA, NYSE Governance Series, and Corporate Board Member, in association with Ernst & Young, with 200 audit committee members responding on a variety of issues regarding their cyber risk oversight program.
Presentation slides from DVV Solutions Third Party Risk Breakfast Briefing March 2019 on the current state of TPRM program maturity in the UK including survey results from Shared Assessments "Tone at the Top" study.
AI will allow systems and businesses to become much more complex (to the point that it exceeds the capacity of the human mind to comprehend). The nature of
this increased complexity is also self-perpetuating and although it might appear as simplifcation, it could well introduce ‘technical debt’. Embedding controls in a system to mitigate technical debt after its implementation is typically far more costly than designing in the right controls at the start. Opportunities to build risk and control consideration by design will inevitably diminish over time and hence now is an optimal time to consider taking a positive and dynamic approach to building in control.
Similar to FTSE350 Cyber Governance - An insight into the issues of today and tomorrow (20)