CYBERSECURITY AND THE MIDDLE MARKET

Similar documents
December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

Predictive Insight, Automation and Expertise Drive Added Value for Managed Services

2018 MANAGED SECURITY SERVICE PROVIDER (MSSP): BENCHMARK SURVEY Insights That Inform Decision-Making for Retail Industry Outsourcing

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

CERTIFIED IN THE GOVERNANCE OF ENTERPRISE IT CGEIT AFFIRM YOUR STRATEGIC VALUE AND CAREER SUCCESS

How to be cyber secure A practical guide for Australia s mid-size business

2017 RIMS CYBER SURVEY

Building a Threat Intelligence Program

ISACA GEEK WEEK SECURITY MANAGEMENT TO ENTERPRISE RISK MANAGEMENT USING THE ISO FRAMEWORK AUGUST 19, 2015

Understanding Cybersecurity Talent Needs Findings From Surveys of Business Executives and College Presidents

The Deloitte-NASCIO Cybersecurity Study Insights from

PEOPLE INNOVATION CAPITAL INFRASTRUCTURE AGILITY. New Brunswick Growth Opportunity. Cybersecurity

If you were under cyber attack would you ever know?

Cybersecurity. Securely enabling transformation and change

Driving Global Resilience

Emerging Technologies The risks they pose to your organisations

Cybersecurity in Higher Ed

Background FAST FACTS

Executive Summary and Overview

10 Cloud Myths Demystified

Better together. KPMG LLP s GRC Advisory Services for IBM OpenPages implementations. kpmg.com

Technology Priorities SURVEY. Exclusive Research from CIO magazine

Security in Today s Insecure World for SecureTokyo

Turning Risk into Advantage

Cloud Computing. January 2012 CONTENT COMMUNITY CONVERSATION CONVERSION

Introduction. When it comes to GDPR compliance, is OK for now enough? Minds made for protecting financial services

STRATEGIC PLAN

Cyber Risks in the Boardroom Conference

Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services

Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017

Governor Patrick Announces Funding to Launch Massachusetts Open Cloud Project Celebrates Release of 2014 Mass Big Data Report

BRING EXPERT TRAINING TO YOUR WORKPLACE.

Transformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018

locuz.com SOC Services

Defense Security Service. Strategic Plan Addendum, April Our Agency, Our Mission, Our Responsibility

REINVENTING ETHICAL, SUSTAINABLE SUPPLY CHAINS

GOVERNMENT IT: FOCUSING ON 5 TECHNOLOGY PRIORITIES

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

Improving Data Governance in Your Organization. Faire Co Regional Manger, Information Management Software, ASEAN

Taking AIM at cyber risk

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

What It Takes to be a CISO in 2017

SIEM: Five Requirements that Solve the Bigger Business Issues

Sales Presentation Case 2018 Dell EMC

Investor Presentation. February 2016

Accelerating Growth Through the Network as the Platform

Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank

2015 VORMETRIC INSIDER THREAT REPORT

Cognizant Cloud Security Solution

CYBER SECURITY WORKSHOP NOVEMBER 2, Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services

DATACENTER SERVICES DATACENTER

HEALTH CARE AND CYBER SECURITY:

Cisco Connected Factory Accelerator Bundles

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

SALARY $ $72.54 Hourly $3, $5, Biweekly $8, $12, Monthly $103, $150, Annually

Cyber Diligence. EY Deals Forum Ian McCaw EY Transaction Advisory Services

COUNTRY PROFILE. Bulgaria

CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD

Social Engineering: We are the target Sponsor Guide

AAPA Smart Ports. Cyber Management for Ports Panel. Small Port Cyber Security Workshops. March 6, 2018

DIGITAL TRANSFORMATION IN FINANCIAL SERVICES

The U.S. Manufacturing Extension Partnership - MEP

Run the business. Not the risks.

COUNTRY PROFILE AUSTRALIA

Cyber Security is it a boardroom issue?

79th OREGON LEGISLATIVE ASSEMBLY Regular Session. Senate Bill 90

IT Optimization Trends. Summary Results January 2018

Cybersecurity Risk Management:

COUNTRY PROFILE. Malaysia

2017 Trends in Security Metrics and Security Assurance Measurement Report A Survey of IT Security Professionals

Facilities Master Plan Toronto Public Library Board Consultation

ASSEMBLY, No STATE OF NEW JERSEY. 217th LEGISLATURE INTRODUCED FEBRUARY 4, 2016

Security in India: Enabling a New Connected Era

How Organizations Are Effectively Leveraging BCM Benchmarking Data. October 7, 2014

Government IT Modernization and the Adoption of Hybrid Cloud

Big data privacy in Australia

COUNTRY PROFILE. Estonia

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

COUNTRY PROFILE. Ireland

2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT

in Action Delivering the digital enterprise Human Centric Innovation Ralf Salzmann Manager OEM

COUNTRY PROFILE. Italy

COUNTRY PROFILE. Korea Republic

Cybersecurity 2016 Survey Summary Report of Survey Results

Smart Data Center From Hitachi Vantara: Transform to an Agile, Learning Data Center

Exhibit to Agenda Item #3

Mid-Market Data Center Purchasing Drivers, Priorities and Barriers

COUNTRY PROFILE. Iceland

Rising to the risk: Cybersecurity top concern of corporate counsel

Cyber Security in Smart Commercial Buildings 2017 to 2021

Securing Your Most Sensitive Data

Protect Your Institution with Effective Cybersecurity Governance. Baker Tilly Virchow Krause, LLP

HOW TO BE AN EFFECTIVE CYBERSECURITY LEADER IN HEALTHCARE

Oracle Buys Automated Applications Controls Leader LogicalApps

COUNTRY PROFILE. Qatar

Cybersecurity and Data Protection Developments

I D C T E C H N O L O G Y S P O T L I G H T

How NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity

Uncovering the Risk of SAP Cyber Breaches

Business Resiliency Strategies for the Cloud. Summary Results September 2017

Transcription:

CYBERSECURITY AND THE MIDDLE MARKET The Importance of Cybersecurity and How Middle Market Companies Manage Cyber Risks IN COLLABORATION WITH

2 Concerns about cybersecurity are not matched by plans. IMPORTANCE OF CYBERSECURITY WHETHER ORGANIZATION HAS DEFINED CYBER RISK STRATEGY Extremely Important 26% Yes - strategy is current and reviewed at least annually Very Important 45% Yes - but the strategy is not current and may only be reviewed occasionally Important 25% No - organization does not have a defined strategy Not Very/Not At All Important 14%

3 Concern about cybersecurity varies with company size and by industry. IMPORTANCE OF CYBERSECURITY 26% 19% 29% 35% 14% 18% 29% 33% 37% 33% 21% 8% 9% 37% 32% 26% 5% 18% 18% 32% 35% 15% 26% 27% 29% 25% 29% 33% 13% 9% 33% 39% 18% 48% 23% 23% 31% 32% 6% 6% Total Middle Market $10M-< $50M $50M-< $100M $100M-< $1B Manufacturing Wholesale Retail Construction Financial Healthcare Extremely Important Very Important Important Not Very/At All Important

4 Faster growing companies pay more attention to cybersecurity. AVERAGE YEAR-OVER-YEAR REVENUE & EMPLOYMENT GROWTH 7.7% 7.8% 4.7% 3.9% Extremely Important Very Important Important Not Important Revenue Growth

5 Bigger companies and certain industries are most likely to have a defined cybersecurity strategy. WHETHER ORGANIZATION HAS DEFINED CYBER RISK STRATEGY 36% 54% 56% 46% 41% 28% 51% 36% 61% 54% 27% 27% 19% 18% 23% 9% 28% 27% 24% 34% 21% 26% 42% 38% 28% 25% 15% 23% 23% $10M-<$50M $50M-<$100M $100M-<$1B Manufacturing Wholesale Retail Construction Financial Healthcare Yes strategy is current and reviewed at least annually Yes but the strategy is not current and may only be reviewed at least annually No our organization does not have a defined strategy

6 Business strategy is aligned with cybersecurity strategy only about half the time. WHETHER CYBER RISK STRATEGY ALIGNS TO OVERALL BUSINESS STRATEGY 14% 38% 60% 57% 49% 41% 37% 33% 34% 21% 7% 9% Total Middle Market $10M-<$50M $50M-<$100M $100M-<$1B Yes cyber risk management is actively part of broader strategic discussions Yes cyber risk management is advised of the strategy after it s been defined No cyber risk defines its own strategy separately from business input

7 Most middle market companies believe they have not been hacked. WHETHER COMPANY HAS BEEN TARGET OF A HACK 9% 75% 16% Profile of Hack Targets: Faster past year and projected employment growth More likely to have expanded into new international markets (26%) Have greater difficulty accessing capital 19 Healthcare, construction and services companies are most likely to be aware of having been hacked. 13 15 23 17 26 Company has been target of hack Company has not been target of hack 6 Don't know Wholesale Retail Manufacturing Construction Financial Healthcare

8 Nearly three-quarters of middle market companies have a documented response plan. WHETHER HAVE DOCUMENTED INCIDENT RESPONSE PLAN $10M-<$50M $50M-< $100M $100M-< $1B 27% 73% Yes - our organization has a documented plan for response to a cyber incident No - our organization does not have a documented response plan Yes our organization has a documented plan for response to a cyber incident No our organization does not have a documented response plan 67% 81% 78% 33% 19% 22% Manufacturing Wholesale Retail Construction Financial Healthcare Yes our organization has a documented plan for response to a cyber incident No our organization does not have a documented response plan 78% 67% 56% 73% 76% 84% 83% 22% 33% 44% 27% 24% 16% 17%

9 Top executives are usually but not always informed about cyber risk. WHETHER REPORT CYBER RISKS TO EXECUTIVES Report cyber risks to executives 70% 80% 50% Do not report cyber risks to executives 20% 50% Total Have Documented Response Plan No Documented Response Plan

10 Most middle market companies manage cybersecurity as part of IT. HOW CYBERSECURITY IS MANAGED 16% 1% 7% 5% Part of IT Separately, with own budget Outsourced Total Middle Market $10M-< $50M $50M-< $100M $100M-< $1B Part of IT 61% 56% 68% 66% Separately, with own budget 10% 10% 5% 13% 10% 61% Don't have anyone overseeing Other arrangement Don t know Outsourced 16% 20% 17% 11% Don t have anyone overseeing Other arrangement 7% 9% 8% 4% 1% 1% - - Don t know 5% 5% 2% 6%

11 People, processes and technology tools are all deployed. Total Middle Market Total Middle Market HOW COMPANY MANAGES SECURITY RISKS Clear policies and practices communicated to employees, contractors, and visitors 50% Importance of Having a Solution in Place 57% 54% 50% 43% Access controls for all employees 49% Training/education for employees to better understand threats Automated defense against known threats 45% 44% Mobility and security access 63% Cloud security 62% 33% Compliance maintenance (i.e. HIPAA, PCI, DSS, ISO, etc.) 40% Incident response process 33% Threat visibility 28% Threat intelligence 57% Complex infrastructure 48% 16% Detailed log collection of all applications 27% Visibility 41% Remediation for any/all employees that fail to follow policies and practices 26% Ransomware 29% Incorporating IT security tools and best practices Developing back-up IT capabilities (mirror servers/ cloud) Ensuring employee devices and applications are secure Employing dedicated IT security resources Providing funding for IT security initiatives Choosing development projects with low risk Working with customers and vendors to integrate security through the supply chain 24% Cyber insurance 22% Remediation capabilities 18% Other 1% None of the above 7%

12 About this report WHO WHEN Overall Qualifications Financial decision makers Private and public organizations $10 million-<$1 billion in Gross Revenue September 5, 2016 through September 16, 2016 Subgroups Shown Total MM Firms = Sample sourced from respondents who participated in the Q3 2016 MMI. HOW Self-Administered Online Survey

The National Center for the Middle Market is the leading source of knowledge, leadership, and innovative research focused on the U.S. Middle Market economy. The Center provides critical data, analysis, insights, and perspectives to help accelerate growth, increase competitiveness, and create jobs for companies, policymakers, and other key stakeholders in this sector. Stay connected to the Center by contacting middlemarketcenter@fisher.osu.edu. From business as usual to business unusual, Fisher College of Business prepares students to go beyond and make an immediate impact in their careers through top-ranked programs, distinguished faculty and a vast network of partnerships that reaches from the surrounding business community to multinationals, nonprofits and startups across the globe. Our students are uniquely prepared and highly sought, leveraging Fisher s rigorous, experiential learning environment with the resources of Ohio State, a premiere research university with 500,000 proud Buckeye alumni. SunTrust Banks, Inc. is a purpose-driven company dedicated to Lighting the Way to Financial Well-Being for the people, businesses and communities it serves. Headquartered in Atlanta, the company has three business segments: Wholesale Banking, Consumer Banking and Private Wealth Management, and Mortgage. Its flagship subsidiary, SunTrust Bank, operates an extensive branch and ATM network throughout the high-growth Southeast and Mid-Atlantic states, along with 24-hour digital access. Certain business lines serve consumer, commercial, corporate and institutional clients nationally. As of December 31, 2015, SunTrust had total assets of $191 billion and total deposits of $150 billion. The company provides deposit, credit, trust, investment, mortgage, asset management, securities brokerage, and capital market services. SunTrust's Internet address is suntrust.com. Founded in Chicago in 1924, Grant Thornton LLP (Grant Thornton) is the U.S. member firm of Grant Thornton International Ltd, one of the world s leading organizations of independent audit, tax and advisory firms. In the United States, Grant Thornton has revenue in excess of $1.3 billion and operates 57 offices with more than 500 partners and 6,000 employees. Grant Thornton works with a broad range of dynamic publicly and privately held companies, government agencies, financial institutions, and civic and religious organizations. Grant Thornton refers to Grant Thornton LLP, the U.S. member firm of Grant Thornton International Ltd (GTIL). GTIL and the member firms are not a worldwide partnership. Please see grantthornton.com for further details. Cisco is the worldwide leader in IT that helps companies seize the opportunities of tomorrow by proving that amazing things can happen when you connect the previously unconnected. At Cisco customers come first and an integral part of our DNA is creating long-lasting customer partnerships and working with them to identify their needs and provide solutions that support their success. Learn more at cisco.com.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback