William Beer, profile picture
Uploaded byWilliam Beer
752 views

Revolution Or Evolution Exec Summary

1) Information security is undergoing significant change driven by evolving technology trends and how people use technology. Key trends include the growth of cloud computing, connected devices, data sharing, and new identity and trust models. 2) Over the next decade, information security requirements will be shaped by factors like globalization, regulation, and demographics. Suppliers will need to specialize to meet diverse needs. 3) Organizations require holistic information security approaches considering technology, processes, and people to adapt to threats and remain compliant with changing rules. Proactive strategies can provide competitive advantages over reactive ones.

Embed presentation

Downloaded 29 times
Information security Revolution or evolution? Information Security 2020: Executive Summary Prepared by pwc
Revolution or evolution? About the Technology Strategy Board About PricewaterhouseCoopers LLP The Technology Strategy Board is a business-led executive non- PricewaterhouseCoopers LLP provides industry-focused assurance, departmental public body, established by the Government. Its role tax and advisory services to build public trust and enhance value for is to promote and support research into, and development and our clients and their stakeholders. More than 163,000 people in 151 exploitation of, technology and innovation for the benefit of UK countries across our network share their thinking, experience and business, in order to increase economic growth and improve solutions to develop fresh perspectives and practical advice. quality of life.
Revolution or evolution? About this roadmap This roadmap was commissioned by the Technology Strategy Board and jointly prepared with PricewaterhouseCoopers LLP (UK). The purpose of this roadmap is to set We subsequently held a workshop with Chatham House, Cisco, Credit Suisse, out the drivers that will shape the future over 40 experts to validate the trends Cyveillance, De Montfort University, Information Security environment to and explore them in further detail. Digital Systems Knowledge Transfer 2020 and beyond. This roadmap is to Network, European Information Society The research focuses on the commercial inform business leaders and security Group, Garlik, Hewlett Packard, IBM, aspects of Information Security, but professionals alike, and sets out potential IdenTrust, Information Commissioner’s remains cognisant of trends in cyber 1 future scenarios and issues around Office, Information Security Forum, security and warfare for military and information security, allowing the reader Kaspersky Lab, Lloyd’s of London, intelligence applications. Our research to draw implications and conclusions that McAfee, Methods Consulting, National primarily illustrates trends in the UK apply to them. Grid, Ministry of Defence, Nokia, Information Security market, but the Office of Cyber Security, Oracle, In preparing this roadmap we interviewed implications are relevant globally. PGP Encryption, QinetiQ, Queens over 35 leading Information Security We would like to thank the following University, Royal Holloway University, experts and business leaders across the organisations for their participation RSA, Security Innovation & Technology private sector, academia and government in the research: AstraZeneca, BBC, Consortium, Skype, Symantec, to determine the key trends that are likely Birmingham University, British Technology Strategy Board, Travelex, to impact Information Security to 2020. Business Federation Authority, BT, Trend Micro, as well as several others who would prefer to remain anonymous.
Revolution or evolution? Executive summary 2 Information Security is a much broader concept than technology. It relates to protecting information and information systems from unauthorised access, use, disclosure, disruption, modification or destruction. As the volume of information grows and continues to be increasingly stored and communicated in electronic form, Information Security is rapidly becoming intertwined with technology, and more specifically, the internet. This has given rise to the term Cyber Security and for it to be used interchangeably with Information Security. This roadmap is for business leaders and security professionals alike, and sets out potential future scenarios and issues around Information Security, allowing the reader to draw implications and conclusions that apply to them.
Revolution or evolution? 3 Information Security, whilst being a globalisation, climate change, regulation has been a key aspect of Information very current and topical issue, is also and evolving demographics. These Security in recent years, but increasingly, an emerging sector that is undergoing will present opportunities and risks for organisations are realising that processes significant change. The main suppliers organisations in dealing with Information and people are overlooked components shaping the Information Security industry Security issues, and also companies when developing holistic approaches are a converging group of technology providing Information Security products to Information Security. By 2020, there vendors, system integrators, consultants and services. There is likely to be a may be a reversion to technology being and aerospace & defence companies. greater degree of segmentation within the the key strand to Information Security, The available market research does not Information Security market in the future driven by significant increases in the provide a consensus on the size of the as suppliers specialise to meet the needs volume of data, speed of processing IT security market, the best proxy for the of specific groups. For example, the and communication technology, and Information Security market. The range rising importance of Information Security the emergence of more complex and of market research suggests that the IT in the healthcare sector as services are automated threats. security market is worth approximately increasingly provided electronically is £4-5bn per year in the UK and is likely to drive specific regulatory and growing strongly. technology requirements. Over the next decade, Information Information Security is often considered Security requirements will be driven by to have three components; technology, various macro level factors, such as processes and people. Technology
Revolution or evolution? 4 The research identified seven interrelated networks are enabling faster static and Regulation and standards will be key trends that are likely to drive change mobile broadband access. By 2020, important drivers of Information Security in Information Security through to 2020 ubiquitous devices will seamlessly and over the next decade, but will need to and beyond – see diagram overleaf. automatically interact with other devices keep pace and evolve as technology and The first three trends relate to changes around them, adapting functionality to its uses develop. There is likely to be in technology, whilst the following three their local environment and other objects increasing pressure towards regulation trends reflect changing patterns in how in their proximity. in information security, with privacy and people use technology and the internet. consent being a key driver. The volume of private information being Finally, trust and identity are universal shared has escalated significantly over Proving identity and establishing trust are themes which are intertwined with many the last decade, particularly driven by two of the greatest challenges identified of the prior trends. These trends have social networking, and this is likely to in the research. In 2020 as people implications for organisations of all continue. Additionally, the volume and spend an increasing proportion of their sizes, individuals, governments and the value of transactions through electronic time online, identity becomes a greater Information Security industry. channels is expected to continue to rise. challenge because fewer interactions The building blocks of modern These trends suggest that cyber criminals will be face-to-face, a greater volume communication technology are rapidly will increasingly be willing to invest of private information may be available evolving and we see this change all further resources in developing more online and new technologies could make around us. Televisions are blurring sophisticated attacks. it easier to impersonate individuals. with computers, feature rich mobile devices are becoming more prevalent and fibre optic cables and wireless
5 Revolution or evolution? Key trends impacting Information Security to 2020 • Increase in penetration of high speed broadband and wireless networks • Centralisation of computing resources and widespread adoption of cloud computing 1 • Proliferation of IP (internet protocol) connected devices and growth in functionality Infrastructure • Improved global ICT (Information and Communications Technology) infrastructure enabling greater outsourcing revolution • Device convergence and increasing modularisation of software components • Blurring work/personal life divide and ‘Bring Your Own’ approach to enterprise IT • Evolution in user interfaces and emergence of potentially disruptive technologies • Greater sharing of sensitive data between organisations and individuals 2 • A significant increase in visual data • More people connected globally Data explosion • Greater automated traffic from devices Key longer term drivers • A multiplication of devices and applications generating traffic • A greater need for the classification of data Globalisation 3 An always-on, • Greater connectivity between people driven by social networking and other platforms • Increasingly seamless connectivity between devices always-connected Increased focus on climate change • Increasing information connectivity and data mining world • Increased Critical National Infrastructure and public services connectivity Shifting global economic centres 4 • Rising levels of electronic and mobile commerce and banking Changing demographics Future • Development of new banking models finance • Growth in new payment models • Emergence of digital cash Increasing regulation / governance Increasing reliance on technology 5 Tougher • Increasing regulation relating to privacy and information regulation • Increasing standards on Information Security • Globalisation and net neutrality as opposing forces to regulation and standardisation and standards Changing attitudes towards privacy Evolving work / home balance • Greater censorship 6 • Political motivations driving new state/regional internets Multiple internets • New and more secure internets • Closed social networks • Growth in paid content 7 New identity • The effectiveness of current identity concepts continues to decline and trust • Identity becomes increasingly important in the move from perimeter to information based security models • New models of trust develop for people, infrastructure, including devices, and data
Revolution or evolution? 6 The research indicated that there is effective Information Security in place the organisation in the form of increased a need for a proactive approach to could increasingly attract consumers to spending on Information Security Information Security from all stakeholders use their products/services. Information solutions, loss of intellectual property, given the rising complexity and volume Security could also provide opportunities loss of market share and hence income, of threats. to sell products/services through new and damage to its brand. channels or interact with customers in Organisations should ensure that In the second scenario, the organisation new ways that are not possible today due approaches to Information Security takes a more proactive approach to concerns about privacy and consent. are holistic and consider technology, to Information Security. It invests in processes and people. Approaches need Organisations need to consider both Information Security solutions and to adapt to rapidly changing threats the potential benefits and costs of benefits from greater trust from its and technology, and also to changes in their approach to Information Security customers and gains in market share, regulations and standards. However, it is with a holistic approach like the ‘Total higher price points relative to its peers important that organisations also focus Lifecycle Cost of Information Security’ and agility in adapting its Information on aspects of Information Security that model shown overleaf. This illustration Security approach to market changes. are not necessarily driven by regulation demonstrates the potential long term In this example, the organisation could and standards, for example, protecting impact of two different approaches to be replaced with an industry, country or commercially sensitive information or Information Security. even a region. intellectual property. In the first scenario, the organisation Increasing focus on Information does not have an appropriate approach Security could also provide competitive to Information Security. It then suffers advantage. Organisations that have from an ‘event’ which causes cost to
Revolution or evolution? 7 There are many uncertainties with respect Figure 1: The cost of inaction – two illustrative scenarios for an organisation’s approach to Information Security to how Information Security will evolve over the next decade. However, it is Total Lifecycle Cost of Information Security certain that new Information Security requirements will require businesses to ‘Reactive’ approach innovate to develop new products and services. This will provide opportunities Cost of inaction both for businesses, to develop new ‘Proactive’ approach business models and generate competitive advantage and for financial investors alike. It will also stimulate economic growth through consumption and exports, and make the UK a safer place to do business. Key event Are you up to the challenge? 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 Definition Lifecycle costs Total Lifecycle Cost of of deploying and Reputational Intellectual Operational Financial impact Information Security = operating security + value + Property value + effectiveness + of incidents solutions • Hardware / • Brand volume • R&D information • Productivity • Direct financial software solutions • Customer • Customer • Ability to service loss from attack • Training satisfaction/ databases customers • Consultancy costs confidence • Competitive • Cost to serve • People costs information customers
For further information about this roadmap contact: Andrew Tyrer Neil Hampson Leader, Network Security Innovation Platform Partner, Strategy Technology Strategy Board PricewaterhouseCoopers LLP (UK) andrew.tyrer@tsb.gov.uk neil.r.hampson@uk.pwc.com Paul Lewis Barry Jaber Lead Technologist, Network Security Innovation Platform Assistant Director, Strategy Technology Strategy Board PricewaterhouseCoopers LLP (UK) paul.lewis@tsb.gov.uk barry.n.jaber@uk.pwc.com William Beer Director, OneSecurity PricewaterhouseCoopers LLP (UK) william.m.beer@uk.pwc.com We would also like to acknowledge the contribution of Greg Bacon (PwC), Jason Creasey (ISF) and Andrew Wilson (PwC). For information on the Technology Strategy Board: www.innovateuk.org For information on PricewaterhouseCoopers LLP: www.pwc.co.uk This report has been prepared by the Technology Strategy Board together with PricewaterhouseCoopers LLP, UK (“PwC”) for Technology Strategy Board under the terms of the engagement contract with PwC dated 31st March 2010 (the “Engagement”). This report is for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this report without obtaining specific professional advice. This report contains information obtained or derived from a variety of sources (as indicated within the report). PwC has not sought to establish the reliability of those sources or verified the information so provided. Accordingly no representation or warranty of any kind (whether express or implied) is given by PwC to any person (except to the Technology Strategy Board under the relevant terms of the Engagement) as to the accuracy or completeness of the information in this report. PwC accepts no duty of care to any person (except to the Technology Strategy Board under the relevant terms of the Engagement) for the preparation of the report. Accordingly, regardless of the form of action, whether in contract, tort or otherwise, and to the extent permitted by applicable law, PwC accepts no liability of any kind and disclaims all responsibility for the consequences of any person (other than the Technology Strategy Board on the above basis) acting or refraining to act in reliance on the report or any information contained in the report or for any decisions made or not made which are based upon this report or information therein. The quotes in this report reflect the views of the individuals and are not necessarily the views of their organisations. © Technology Strategy Board, 2010. Publication: T10/037

More Related Content

PDF
Research Agenda in Security Research
bysiswarren
 
PPTX
Models of Escalation and De-escalation in Cyber Conflict
byZsolt Nemeth
 
PDF
Telefónica security io_t_final
byChristopher Wang
 
PDF
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
byijtsrd
 
PDF
International Cyber Security 2012
bySharmin Ahammad
 
PDF
Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)
bySeungjoo Kim
 
PDF
Fundamental Areas of Cyber Security on Latest Technology
byijtsrd
 
PPT
The Realities and Challenges of Cyber Crime and Cyber Security in Africa
byZsolt Nemeth
 
Research Agenda in Security Research
bysiswarren
 
Models of Escalation and De-escalation in Cyber Conflict
byZsolt Nemeth
 
Telefónica security io_t_final
byChristopher Wang
 
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
byijtsrd
 
International Cyber Security 2012
bySharmin Ahammad
 
Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)
bySeungjoo Kim
 
Fundamental Areas of Cyber Security on Latest Technology
byijtsrd
 
The Realities and Challenges of Cyber Crime and Cyber Security in Africa
byZsolt Nemeth
 

What's hot

PPTX
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know About
byBernard Marr
 
DOCX
Cyber defence sebagai garda terdepan ketahanan nasional
byEdi Suryadi
 
PDF
2015 Global Threat Intelligence Report Executive Summary | NTT i3
byNTT Innovation Institute Inc.
 
PDF
The Vigilant Enterprise
byBooz Allen Hamilton
 
PDF
Information Sharing of Cyber Threat Intelligence with their Issue and Challenges
byijtsrd
 
PDF
Cloud Computing Security: Government Acquisition Considerations for the Cloud...
byBooz Allen Hamilton
 
PDF
OS17 Brochure
byDominic Vogel
 
PPTX
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
byCODE BLUE
 
PDF
Improved-Cybersecurity-cooperation
byrrepko
 
PDF
Nordic IT Security 2014 agenda
byCopperberg
 
PDF
Cyber Training: Developing the Next Generation of Cyber Analysts
byBooz Allen Hamilton
 
PDF
Industrial Control Security USA Sacramento California Oct 6/7
byJames Nesbitt
 
PDF
Ten Expert Tips on Internet of Things Security
byDean Bonehill ♠Technology for Business♠
 
PDF
40 under 40 in cybersecurity. top cyber news magazine
byBradford Sims
 
PDF
Wireless Security on Context (disponible en español)
byCisco Service Provider Mobility
 
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know About
byBernard Marr
 
Cyber defence sebagai garda terdepan ketahanan nasional
byEdi Suryadi
 
2015 Global Threat Intelligence Report Executive Summary | NTT i3
byNTT Innovation Institute Inc.
 
The Vigilant Enterprise
byBooz Allen Hamilton
 
Information Sharing of Cyber Threat Intelligence with their Issue and Challenges
byijtsrd
 
Cloud Computing Security: Government Acquisition Considerations for the Cloud...
byBooz Allen Hamilton
 
OS17 Brochure
byDominic Vogel
 
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
byCODE BLUE
 
Improved-Cybersecurity-cooperation
byrrepko
 
Nordic IT Security 2014 agenda
byCopperberg
 
Cyber Training: Developing the Next Generation of Cyber Analysts
byBooz Allen Hamilton
 
Industrial Control Security USA Sacramento California Oct 6/7
byJames Nesbitt
 
Ten Expert Tips on Internet of Things Security
byDean Bonehill ♠Technology for Business♠
 
40 under 40 in cybersecurity. top cyber news magazine
byBradford Sims
 
Wireless Security on Context (disponible en español)
byCisco Service Provider Mobility
 

Viewers also liked

PDF
The Evolution of Information Architecture
byOASIS DITA Adoption TC
 
PPTX
Circumventricular Organs - Succinct Presentation - Sanjoy Sanyal
bySanjoy Sanyal
 
PPT
Evolution, Information at the speed of thought
byVivek Mehra
 
PPTX
Brain Evolution Information Explosion - Sanjoy Sanyal
bySanjoy Sanyal
 
PPSX
Information, Evolution, and Utility (Samuelson & Swinkels, 2006)
byPaul Cohen
 
PDF
Origins - Evolution and information
byRobin Schumacher
 
PDF
Evolution of information in academic libraries (VIANA, 2015)
byMichelangelo Mazzardo Marques Viana
 
The Evolution of Information Architecture
byOASIS DITA Adoption TC
 
Circumventricular Organs - Succinct Presentation - Sanjoy Sanyal
bySanjoy Sanyal
 
Evolution, Information at the speed of thought
byVivek Mehra
 
Brain Evolution Information Explosion - Sanjoy Sanyal
bySanjoy Sanyal
 
Information, Evolution, and Utility (Samuelson & Swinkels, 2006)
byPaul Cohen
 
Origins - Evolution and information
byRobin Schumacher
 
Evolution of information in academic libraries (VIANA, 2015)
byMichelangelo Mazzardo Marques Viana
 

Similar to Revolution Or Evolution Exec Summary

PPT
PCTY 2012, IBM Security and Strategy v. Fabio Panada
byIBM Danmark
 
PDF
IE_ERS_CyberAnalysisReport
byCamilo do Carmo Pinto
 
PPTX
The Need for Information Security (powerpoint)
bydrpiyushmaheshwari1
 
PPTX
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
byDataExchangeAgency
 
PDF
Outlook emerging security_technology_trends
bywardell henley
 
DOCX
Discussion Questions The difficulty in predicting the future is .docx
byduketjoy27252
 
PDF
Wk White Paper
byCreus Moreira Carlos
 
PDF
Etude sur le marché de la cyber sécurité (2011)
byPwC France
 
PDF
IT Security Trends 2013
byIMC Institute
 
PDF
Infosec russia cnemeth_v1.2.ppt
byChristophe Németh (CISSP / CISM)
 
PDF
Protective measures in e commerce to deal with security threats arising
byIAEME Publication
 
PDF
Protective measures in e commerce to deal with security
byIAEME Publication
 
PDF
Protective measures in e commerce to deal with security
byIAEME Publication
 
PDF
Protective measures in e commerce to deal with security
byIAEME Publication
 
PDF
(2006) Graduate Course Development Focusing on Security Issues in Manufacturing
byInternational Center for Biometric Research
 
ODP
IT Security through governance, compliance and risk
byE Radar
 
ODP
IISP NW branch meeting 15 nov 2012 security through governance, compliance…
byGurbir Singh
 
PPTX
WCIT 2014 Matt Stamper - Information Assurance in a Global Context
byWCIT 2014
 
PDF
Industry Overview: Big Data Fuels Intelligence-Driven Security
byEMC
 
PDF
ACS Talk (Melbourne) - The future of security
bysiswarren
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
byIBM Danmark
 
IE_ERS_CyberAnalysisReport
byCamilo do Carmo Pinto
 
The Need for Information Security (powerpoint)
bydrpiyushmaheshwari1
 
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
byDataExchangeAgency
 
Outlook emerging security_technology_trends
bywardell henley
 
Discussion Questions The difficulty in predicting the future is .docx
byduketjoy27252
 
Wk White Paper
byCreus Moreira Carlos
 
Etude sur le marché de la cyber sécurité (2011)
byPwC France
 
IT Security Trends 2013
byIMC Institute
 
Infosec russia cnemeth_v1.2.ppt
byChristophe Németh (CISSP / CISM)
 
Protective measures in e commerce to deal with security threats arising
byIAEME Publication
 
Protective measures in e commerce to deal with security
byIAEME Publication
 
Protective measures in e commerce to deal with security
byIAEME Publication
 
Protective measures in e commerce to deal with security
byIAEME Publication
 
(2006) Graduate Course Development Focusing on Security Issues in Manufacturing
byInternational Center for Biometric Research
 
IT Security through governance, compliance and risk
byE Radar
 
IISP NW branch meeting 15 nov 2012 security through governance, compliance…
byGurbir Singh
 
WCIT 2014 Matt Stamper - Information Assurance in a Global Context
byWCIT 2014
 
Industry Overview: Big Data Fuels Intelligence-Driven Security
byEMC
 
ACS Talk (Melbourne) - The future of security
bysiswarren
 

Revolution Or Evolution Exec Summary

  • 1.
    Information security Revolution orevolution? Information Security 2020: Executive Summary Prepared by pwc
  • 2.
    Revolution or evolution? About the Technology Strategy Board About PricewaterhouseCoopers LLP The Technology Strategy Board is a business-led executive non- PricewaterhouseCoopers LLP provides industry-focused assurance, departmental public body, established by the Government. Its role tax and advisory services to build public trust and enhance value for is to promote and support research into, and development and our clients and their stakeholders. More than 163,000 people in 151 exploitation of, technology and innovation for the benefit of UK countries across our network share their thinking, experience and business, in order to increase economic growth and improve solutions to develop fresh perspectives and practical advice. quality of life.
  • 3.
    Revolution or evolution? Aboutthis roadmap This roadmap was commissioned by the Technology Strategy Board and jointly prepared with PricewaterhouseCoopers LLP (UK). The purpose of this roadmap is to set We subsequently held a workshop with Chatham House, Cisco, Credit Suisse, out the drivers that will shape the future over 40 experts to validate the trends Cyveillance, De Montfort University, Information Security environment to and explore them in further detail. Digital Systems Knowledge Transfer 2020 and beyond. This roadmap is to Network, European Information Society The research focuses on the commercial inform business leaders and security Group, Garlik, Hewlett Packard, IBM, aspects of Information Security, but professionals alike, and sets out potential IdenTrust, Information Commissioner’s remains cognisant of trends in cyber 1 future scenarios and issues around Office, Information Security Forum, security and warfare for military and information security, allowing the reader Kaspersky Lab, Lloyd’s of London, intelligence applications. Our research to draw implications and conclusions that McAfee, Methods Consulting, National primarily illustrates trends in the UK apply to them. Grid, Ministry of Defence, Nokia, Information Security market, but the Office of Cyber Security, Oracle, In preparing this roadmap we interviewed implications are relevant globally. PGP Encryption, QinetiQ, Queens over 35 leading Information Security We would like to thank the following University, Royal Holloway University, experts and business leaders across the organisations for their participation RSA, Security Innovation & Technology private sector, academia and government in the research: AstraZeneca, BBC, Consortium, Skype, Symantec, to determine the key trends that are likely Birmingham University, British Technology Strategy Board, Travelex, to impact Information Security to 2020. Business Federation Authority, BT, Trend Micro, as well as several others who would prefer to remain anonymous.
  • 4.
    Revolution or evolution? Executivesummary 2 Information Security is a much broader concept than technology. It relates to protecting information and information systems from unauthorised access, use, disclosure, disruption, modification or destruction. As the volume of information grows and continues to be increasingly stored and communicated in electronic form, Information Security is rapidly becoming intertwined with technology, and more specifically, the internet. This has given rise to the term Cyber Security and for it to be used interchangeably with Information Security. This roadmap is for business leaders and security professionals alike, and sets out potential future scenarios and issues around Information Security, allowing the reader to draw implications and conclusions that apply to them.
  • 5.
    Revolution or evolution? 3 Information Security, whilst being a globalisation, climate change, regulation has been a key aspect of Information very current and topical issue, is also and evolving demographics. These Security in recent years, but increasingly, an emerging sector that is undergoing will present opportunities and risks for organisations are realising that processes significant change. The main suppliers organisations in dealing with Information and people are overlooked components shaping the Information Security industry Security issues, and also companies when developing holistic approaches are a converging group of technology providing Information Security products to Information Security. By 2020, there vendors, system integrators, consultants and services. There is likely to be a may be a reversion to technology being and aerospace & defence companies. greater degree of segmentation within the the key strand to Information Security, The available market research does not Information Security market in the future driven by significant increases in the provide a consensus on the size of the as suppliers specialise to meet the needs volume of data, speed of processing IT security market, the best proxy for the of specific groups. For example, the and communication technology, and Information Security market. The range rising importance of Information Security the emergence of more complex and of market research suggests that the IT in the healthcare sector as services are automated threats. security market is worth approximately increasingly provided electronically is £4-5bn per year in the UK and is likely to drive specific regulatory and growing strongly. technology requirements. Over the next decade, Information Information Security is often considered Security requirements will be driven by to have three components; technology, various macro level factors, such as processes and people. Technology
  • 6.
    Revolution or evolution? 4 The research identified seven interrelated networks are enabling faster static and Regulation and standards will be key trends that are likely to drive change mobile broadband access. By 2020, important drivers of Information Security in Information Security through to 2020 ubiquitous devices will seamlessly and over the next decade, but will need to and beyond – see diagram overleaf. automatically interact with other devices keep pace and evolve as technology and The first three trends relate to changes around them, adapting functionality to its uses develop. There is likely to be in technology, whilst the following three their local environment and other objects increasing pressure towards regulation trends reflect changing patterns in how in their proximity. in information security, with privacy and people use technology and the internet. consent being a key driver. The volume of private information being Finally, trust and identity are universal shared has escalated significantly over Proving identity and establishing trust are themes which are intertwined with many the last decade, particularly driven by two of the greatest challenges identified of the prior trends. These trends have social networking, and this is likely to in the research. In 2020 as people implications for organisations of all continue. Additionally, the volume and spend an increasing proportion of their sizes, individuals, governments and the value of transactions through electronic time online, identity becomes a greater Information Security industry. channels is expected to continue to rise. challenge because fewer interactions The building blocks of modern These trends suggest that cyber criminals will be face-to-face, a greater volume communication technology are rapidly will increasingly be willing to invest of private information may be available evolving and we see this change all further resources in developing more online and new technologies could make around us. Televisions are blurring sophisticated attacks. it easier to impersonate individuals. with computers, feature rich mobile devices are becoming more prevalent and fibre optic cables and wireless
  • 7.
    5 Revolution or evolution? Key trends impacting Information Security to 2020 • Increase in penetration of high speed broadband and wireless networks • Centralisation of computing resources and widespread adoption of cloud computing 1 • Proliferation of IP (internet protocol) connected devices and growth in functionality Infrastructure • Improved global ICT (Information and Communications Technology) infrastructure enabling greater outsourcing revolution • Device convergence and increasing modularisation of software components • Blurring work/personal life divide and ‘Bring Your Own’ approach to enterprise IT • Evolution in user interfaces and emergence of potentially disruptive technologies • Greater sharing of sensitive data between organisations and individuals 2 • A significant increase in visual data • More people connected globally Data explosion • Greater automated traffic from devices Key longer term drivers • A multiplication of devices and applications generating traffic • A greater need for the classification of data Globalisation 3 An always-on, • Greater connectivity between people driven by social networking and other platforms • Increasingly seamless connectivity between devices always-connected Increased focus on climate change • Increasing information connectivity and data mining world • Increased Critical National Infrastructure and public services connectivity Shifting global economic centres 4 • Rising levels of electronic and mobile commerce and banking Changing demographics Future • Development of new banking models finance • Growth in new payment models • Emergence of digital cash Increasing regulation / governance Increasing reliance on technology 5 Tougher • Increasing regulation relating to privacy and information regulation • Increasing standards on Information Security • Globalisation and net neutrality as opposing forces to regulation and standardisation and standards Changing attitudes towards privacy Evolving work / home balance • Greater censorship 6 • Political motivations driving new state/regional internets Multiple internets • New and more secure internets • Closed social networks • Growth in paid content 7 New identity • The effectiveness of current identity concepts continues to decline and trust • Identity becomes increasingly important in the move from perimeter to information based security models • New models of trust develop for people, infrastructure, including devices, and data
  • 8.
    Revolution or evolution? 6 The research indicated that there is effective Information Security in place the organisation in the form of increased a need for a proactive approach to could increasingly attract consumers to spending on Information Security Information Security from all stakeholders use their products/services. Information solutions, loss of intellectual property, given the rising complexity and volume Security could also provide opportunities loss of market share and hence income, of threats. to sell products/services through new and damage to its brand. channels or interact with customers in Organisations should ensure that In the second scenario, the organisation new ways that are not possible today due approaches to Information Security takes a more proactive approach to concerns about privacy and consent. are holistic and consider technology, to Information Security. It invests in processes and people. Approaches need Organisations need to consider both Information Security solutions and to adapt to rapidly changing threats the potential benefits and costs of benefits from greater trust from its and technology, and also to changes in their approach to Information Security customers and gains in market share, regulations and standards. However, it is with a holistic approach like the ‘Total higher price points relative to its peers important that organisations also focus Lifecycle Cost of Information Security’ and agility in adapting its Information on aspects of Information Security that model shown overleaf. This illustration Security approach to market changes. are not necessarily driven by regulation demonstrates the potential long term In this example, the organisation could and standards, for example, protecting impact of two different approaches to be replaced with an industry, country or commercially sensitive information or Information Security. even a region. intellectual property. In the first scenario, the organisation Increasing focus on Information does not have an appropriate approach Security could also provide competitive to Information Security. It then suffers advantage. Organisations that have from an ‘event’ which causes cost to
  • 9.
    Revolution or evolution? 7 There are many uncertainties with respect Figure 1: The cost of inaction – two illustrative scenarios for an organisation’s approach to Information Security to how Information Security will evolve over the next decade. However, it is Total Lifecycle Cost of Information Security certain that new Information Security requirements will require businesses to ‘Reactive’ approach innovate to develop new products and services. This will provide opportunities Cost of inaction both for businesses, to develop new ‘Proactive’ approach business models and generate competitive advantage and for financial investors alike. It will also stimulate economic growth through consumption and exports, and make the UK a safer place to do business. Key event Are you up to the challenge? 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 Definition Lifecycle costs Total Lifecycle Cost of of deploying and Reputational Intellectual Operational Financial impact Information Security = operating security + value + Property value + effectiveness + of incidents solutions • Hardware / • Brand volume • R&D information • Productivity • Direct financial software solutions • Customer • Customer • Ability to service loss from attack • Training satisfaction/ databases customers • Consultancy costs confidence • Competitive • Cost to serve • People costs information customers
  • 10.
    For further informationabout this roadmap contact: Andrew Tyrer Neil Hampson Leader, Network Security Innovation Platform Partner, Strategy Technology Strategy Board PricewaterhouseCoopers LLP (UK) andrew.tyrer@tsb.gov.uk neil.r.hampson@uk.pwc.com Paul Lewis Barry Jaber Lead Technologist, Network Security Innovation Platform Assistant Director, Strategy Technology Strategy Board PricewaterhouseCoopers LLP (UK) paul.lewis@tsb.gov.uk barry.n.jaber@uk.pwc.com William Beer Director, OneSecurity PricewaterhouseCoopers LLP (UK) william.m.beer@uk.pwc.com We would also like to acknowledge the contribution of Greg Bacon (PwC), Jason Creasey (ISF) and Andrew Wilson (PwC). For information on the Technology Strategy Board: www.innovateuk.org For information on PricewaterhouseCoopers LLP: www.pwc.co.uk This report has been prepared by the Technology Strategy Board together with PricewaterhouseCoopers LLP, UK (“PwC”) for Technology Strategy Board under the terms of the engagement contract with PwC dated 31st March 2010 (the “Engagement”). This report is for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this report without obtaining specific professional advice. This report contains information obtained or derived from a variety of sources (as indicated within the report). PwC has not sought to establish the reliability of those sources or verified the information so provided. Accordingly no representation or warranty of any kind (whether express or implied) is given by PwC to any person (except to the Technology Strategy Board under the relevant terms of the Engagement) as to the accuracy or completeness of the information in this report. PwC accepts no duty of care to any person (except to the Technology Strategy Board under the relevant terms of the Engagement) for the preparation of the report. Accordingly, regardless of the form of action, whether in contract, tort or otherwise, and to the extent permitted by applicable law, PwC accepts no liability of any kind and disclaims all responsibility for the consequences of any person (other than the Technology Strategy Board on the above basis) acting or refraining to act in reliance on the report or any information contained in the report or for any decisions made or not made which are based upon this report or information therein. The quotes in this report reflect the views of the individuals and are not necessarily the views of their organisations. © Technology Strategy Board, 2010. Publication: T10/037