2016 KPMG AS, a Norwegian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG

Transcription

1 1 1

2 Cyber Security A game changer? Cyber Risk in Internet of everything age April 7th, 2016

3 3 3

4 What is disruptive technology? 4

5 What if our «things» turn against us? Sources: sfglobe.com, wired.com, forbes.com 5

6 The ubiquity of Cyber threats

7 The Truck Dilemma Main features: Takes you from A to B in reasonable time Extra features: Standard brakes Standard safety belts Main features: Takes you from A to B in reasonable time Extra features: Anti-lock Braking System (ABS) Electronic Stability Program (ESP) Safety belts with pretentioner Anti-sleep alarm Car alarm with GPS tracking Full insurance 7

8 Cyber Maturity UNAWARE AWARENESS CRISIS TACTICAL RESPONSE EVOLUTION ADAPTIVE RISK SECURITY CAPABILITY 8

9 Cyber Maturity per Sectors UNAWARE AWARENESS CRISIS TACTICAL RESPONSE EVOLUTION ADAPTIVE RISK CONSUMER GOODS PHARMACEUTICALS MINING OIL & GAS INVESTMENT BANKING RETAIL BANKING AEROSPACE DEFENCE SECURITY CAPABILITY 9

10 HOW MUCH DOES IT ALL VULNER ABILITY Are we ready to protect and respond? CYBER RISK ASSETS What are we trying to protect? THREAT Who would target us and why? ENTERPRISE RISK MANAGEMENT Can we accept the risk? How much are we going to spend to mitigate it? MATTER? o o o o COMPLIANCE REPUTATION MARKET VALUE & SHARE PRICE MARKET SHARE 10

11 Cyber Risk in today s technology ecosystem 11

12 Are business leaders managing cyber risk? What steps have you taken to preempt a cyber security breach? What steps are you planning to take in the next three years? Appointed a cyber security executive/created a cyber security team: Changed internal processes (data sharing, device use etc.): Changed external processes (data gathering, transaction processing, data sharing etc.): 21 % 29 % 50 % 44 % 11 % 45 % 53 % 13 % Have taken preemptive steps 34 % Planning to take steps in next 3 years No planned action Over half of the CEOs have only plans to take steps to prevent a cyber security breach. 12

13 Common misconceptions about cyber risk 13

14 Cyber Security framework LEGAL AND COMPLIANCE Regulatory and international certification standards as relevant LEADERSHIP AND GOVERNANCE Management demonstrating due diligence, ownership, and effective management of risk OPERATIONS AND TECHNOLOGY The level of control measures implemented to address identified risks and minimize the impact of compromise Board Engagement & Oversight HUMAN FACTORS The level and integration of a security culture that empowers and ensures the right people, skills, culture, and knowledge BUSINESS CONTINUITY AND CRISIS MANAGEMENT Preparations for a security event and ability to prevent or minimize the impact through successful crisis and stakeholder management INFORMATION RISK MANAGEMENT The approach to achieve comprehensive and effective risk management of information throughout the organization and its delivery and supply partners 14

15 The Cost of Doing Business in the 21 st Century PLANNING FOR THE FUTURE Establish a cyber-risk framework that enables the business with board-level sponsorship. Assume your organisation is a target and that existing security controls can be bypassed. Establish an incident response/management service to detect and react to events quickly Enhance your visibility with external threat intelligence to understand who might attack you and how to avoid the tools, techniques and procedures they use. The Business Benefits of Managing Cyber Risk Ability to seize an opportunity denied to competition because a better informed view of the management of risk is taken. Opportunity management whereby a detailed evaluation is undertaken of new business opportunities before deciding to take the opportunity. Achieving a positive outcome from a situation that could have gone wrong, without effective judgement/risk management. 15

16 Contacts The contacts at KPMG in connection with this report are: Hasse Kristiansen Partner, Cyber and Information Security Tel: hasse.kristiansen@kpmg.no Antonio Martiradonna Senior Manager, Cyber and Information Security Tel: Antonio.Martiradonna@kpmg.no 16

17 2016 KPMG AS, a Norwegian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a