According to the latest PwC Global State of Information Security® Survey 2017, there is a distinct shift in how organisations are now viewing cybersecurity, with forward-thinking organisations understanding that an investment in cybersecurity and privacy solutions can facilitate business growth and foster innovation.
The survey, prepared with input from over 10,000 participants in 133 countries and produced in conjunction with CIO and CSO, examines how executives are adopting technology and collaborative approaches to cybersecurity and privacy to manage threats and achieve competitive advantages.
Many organisations no longer view cybersecurity as a barrier to change or as an IT cost. According to the survey, 59% of respondents said they have increased cybersecurity spending as a result of digitisation of their business ecosystem. In this process, organisations not only create products, but also deliver complementary software-based services for products that extend opportunities for customer engagement and growth.
Reflecting on the contents of the survey, PwC Ireland Cybersecurity Leader Pat Moran said: "From my experience of working with clients in Ireland, the global survey findings are very relevant and are very well aligned. Clients are investing in security to provide them with a competitive advantage.
"I see more confidence from clients in leveraging from cloud based technologies to identify cyber threats. They are also entering into managed services solutions to allow them to focus on their core business with the comfort that they are applying the best security techniques available to protect their information assets."
Among the key findings in the survey were:
• Employee training remains a top priority for data privacy:
56% of respondents currently require employees to complete privacy training.
• Organisations are moving beyond passwords to advanced authentication:
Many businesses are turning to advanced authentication technologies to add an extra layer of security and improve trust among customers, with over half (57%) of survey respondents using biometrics for authentication.
• A strategy is required for Internet of Things:
As the Internet of Things is growing, organisations are beginning to update their cybersecurity safeguards, with 46% of respondents investing in a security strategy for the Internet of Things.
• Phishing has become one of the top threats:
Phishing is the most-cited vector of cybersecurity incidents this year, with 43% of large businesses reporting phishing incidents.
Pat Moran continued: “There is a distinct transformation in how business leaders are viewing cybersecurity and technology. They are no longer seeing technology as a threat and understanding that cybersecurity is a vital component that must be adopted into the business framework. To remain competitive, organisations today must make a budgetary commitment to the integration of cybersecurity with digitisation from the outset.”
Survey results also found that as trust in cloud models deepens, organisations are running more sensitive business functions on the cloud. Today, the majority of organisations around the world — 63% of survey respondents — say they run IT services in the cloud. Additionally, approximately one-third of organisations were found to entrust finance and operations to cloud providers, reflecting the growing trust in cloud models.
Leonard McAuliffe, Director, PwC Ireland Cybersecurity Practice, said: “The fusion of advanced technologies with cloud architectures can empower organisations to quickly identify and respond to threats, better understand customers and the business ecosystem, and ultimately reduce costs. Cloud models have become more popular in recent years, and that trend will likely only continue as the benefits become increasingly clear.”
According to survey respondents, organisations are also embracing both managed security services and open-source software to enhance cybersecurity capabilities, signaling that businesses are making cybersecurity a priority despite many not having the necessary in-house capabilities and an overall lack in talent to fill key positions. More than half (53%) of respondents employ open-source software and 62% of respondents say they use managed security services for cybersecurity and privacy. Relying on managed security services for highly technical initiatives such as authentication, data loss prevention and identity management.
“Designing and implementing a cybersecurity and privacy program is challenging enough, but once a program is in place components must be thoroughly integrated, professionally managed and continuously improved. As this can be difficult for resource-constrained organisations, many are adopting managed security services and utilising open-source software," said Bob Bragdon, SVP/Publisher of CSO.
Other key findings in the report include:
• 59% say that digitization of the business has impacted security spending
• Use of technologies to address threats and create value:
• 63% run the IT function in the cloud
• 62% use managed security services for cybersecurity
• 57% employ biometrics for authentication
• 53% use open-source software
• 51% employ Big Data for cybersecurity
• 46% invest in security for the internet of things
• Cybersecurity spending priorities in the year ahead:
• 51% improved collaboration among business, digital and IT
• 46% new security needs related to evolving business models
• 46% security for the Internet of Things
• 46% digital enterprise architecture
• 43% biometrics and advanced authentication
To explore the survey findings by industry and region, visit www.pwc.com/gsiss.
Notes to editor:
The Global State of Information Security® Survey 2017 is a worldwide study by PwC, CIO and CSO. It was conducted online from April 4, 2016, to June 3, 2016. Readers of CIO and CSO and clients of PwC from around the globe were invited via email to take the survey. The results discussed in this report are based on the responses of more than 10,000 executives including CEOs, CFOs, CISOs, CIOs, CSOs, vice presidents, and directors of IT and information security from more than 133 countries. Thirty-four percent (34%) of respondents were from North America, 31% from Europe, 20% from Asia Pacific, 13% from South America, and 3% from the Middle East and Africa. The margin of error is less than 1%.
CIO is the premier content and community resource for information technology executives and leaders thriving and prospering in this fast-paced era of IT transformation in the enterprise. The award-winning CIO portfolio - CIO executive programs, CIO Strategic Marketing Services, CIO Forum on LinkedIn, CIO Executive Council and CIO primary research - provides business technology leaders with analysis and insight on information technology trends and a keen understanding of IT’s role in achieving business goals. Additionally, CIO provides opportunities for IT solution providers to reach this executive IT audience. The CIO Executive Council is a professional organisation of CIOs created to serve as an unbiased and trusted peer advisory group. CIO is published by IDG Enterprise, a subsidiary of IDG.
CSO is the content and community resource for security decision-makers leading “business risk management” efforts within their organization. For more than a decade, CSO’s award-winning website, executive conferences, strategic marketing services and research have equipped security decision-makers to mitigate both IT and corporate/physical risk for their organisations and provided opportunities for security vendors looking to reach this audience. To assist CSOs in educating their organisations’ employees on corporate and personal security practices, CSO also produces the quarterly newsletter Security Smart. CSO is published by IDG Enterprise, a subsidiary of IDG.
At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 157 countries with more than 223,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com.
PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.
©2017 PwC. All rights reserved