RSA Cybersecurity Poverty Index : APJ

Similar documents
RSA Cybersecurity Poverty Index

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Helping the C-Suite Define Cyber Risk Appetite. The executive Imperative

Why you should adopt the NIST Cybersecurity Framework

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

NCSF Foundation Certification

MITIGATE CYBER ATTACK RISK

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Introducing Cyber Observer

Buyer s Guide. What you need to know before selecting a cyber risk analytics solution

Developing a Model for Cyber Security Maturity Assessment

Cybersecurity-Related Information Sharing Guidelines Draft Document Request For Comment

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

Math is Hard: Compliance to Continuous Risk Management

INTELLIGENCE DRIVEN GRC FOR SECURITY

Moving Beyond the Heat Map: Making Better Decisions with Cyber Risk Quantification

CYBERSECURITY MATURITY ASSESSMENT

Readiness, Response & Resilence:

CYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS

THE STATE OF IT TRANSFORMATION FOR RETAIL

SOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

Federal Continuous Monitoring Working Group. March 21, DOJ Cybersecurity Conference 2/8/2011

THE POWER OF TECH-SAVVY BOARDS:

Mitigating Risk with Ongoing Cybersecurity Risk Assessment. Scott Moser CISO Caesars Entertainment

RSA INCIDENT RESPONSE SERVICES

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

Cybersecurity for Health Care Providers

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Cyber Resilience. Think18. Felicity March IBM Corporation

K12 Cybersecurity Roadmap

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Think Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe

RSA INCIDENT RESPONSE SERVICES

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

How to Underpin Security Transformation With Complete Visibility of Your Attack Surface

RSA Advanced Cyber Defence Summit

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Mastering The Endpoint

Cyber Risk Market Survey 2019 Sneak Preview

I. Contact Information: Lynn Herrick Director, Technology Integration and Project Management Wayne County Department of Technology

Vulnerability Assessments and Penetration Testing

NCSF Foundation Certification

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

IMPROVING NETWORK SECURITY

THE EVOLUTION OF SIEM

The State of Cybersecurity and Digital Trust 2016

RSA NetWitness Suite Respond in Minutes, Not Months

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

INCIDENT RESPONDER'S FIELD GUIDE INCIDENT RESPONDER'S INCIDENT RESPONSE PLAN FIELD GUIDE LESSONS FROM A FORTUNE 100 INCIDENT RESPONSE LEADER

Evaluating Cybersecurity Coverage A Maturity Model. Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Cybersecurity. Securely enabling transformation and change

Vulnerability Management Trends In APAC

Gaps in Resources, Risk and Visibility Weaken Cybersecurity Posture

ACHIEVING FIFTH GENERATION CYBER SECURITY

CISO as Change Agent: Getting to Yes

CYBERSECURITY RESILIENCE

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

Continuous protection to reduce risk and maintain production availability

Table of Contents. Sample

Cyber Threat Intelligence Debbie Janeczek May 24, 2017

ISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard

RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

CLEARING THE PATH: PREVENTING THE BLOCKS TO CYBERSECURITY IN BUSINESS

PAIN AND PROGRESS THE RSA CYBERSECURITY AND BUSINESS RISK STUDY

Operationalizing Cybersecurity in Healthcare IT Security & Risk Management Study Quantitative and Qualitative Research Program Results

Second International Barometer of Security in SMBs

HIPAA RISK ADVISOR SAMPLE REPORT

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Effectively Measuring Cybersecurity Improvement: A CSF Use Case

Bring Your Own Device (BYOD)

2018 MANAGED SECURITY SERVICE PROVIDER (MSSP): BENCHMARK SURVEY Insights That Inform Decision-Making for Retail Industry Outsourcing

Symantec Business Continuity Solutions for Operational Risk Management

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

whitepaper How to Measure, Report On, and Actually Reduce Vulnerability Risk

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS

Innovate or die!? Modern IT Workplace Security. Alex Verboon Cyber Security Consultant

The Deloitte-NASCIO Cybersecurity Study Insights from

NAPA SANITATION DISTRICT

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

Transportation Security Risk Assessment

Security Metrics. February 25, Annabelle Lee Senior Technical Executive

MaGMa: a framework and tool for use case management

Bradford J. Willke. 19 September 2007

Update on the Key Initiatives Recommended by NTT Data regarding the Agency Cyber Security Framework

EXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT. An Insight Cyber White Paper. Copyright Insight Cyber All rights reserved.

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

How To Build or Buy An Integrated Security Stack

Bonnie A. Goins Adjunct Industry Professor Illinois Institute of Technology

Choosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist

How to Optimize Cyber Defenses through Risk-Based Governance. Steven Minsky CEO of LogicManager & Author of the RIMS Risk Maturity Model

THE CYBERSECURITY LITERACY CONFIDENCE GAP

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

Security in a Converging IT/OT World

Transcription:

RSA Cybersecurity Poverty Index : APJ 2016

Overview Welcome to RSA s second annual Cybersecurity Poverty Index. The RSA Cybersecurity Poverty Index is the result of an annual maturity self-assessment completed by organizations of all sizes, industries, and geographies across the globe. The assessment was created using the NIST Cybersecurity Framework (CSF). This year s assessment was completed by 878 respondents across 81 countries which attracted 200 respondents from the APJ region. Our goal in creating and conducting this global research initiative is two-fold. First, we want to provide a measure of the risk management and information security capabilities of the global population. As an industry leader and authority, we are often asked why do security incidents that negatively impact organizations continue to occur? We believe that a fundamental gap in capability is a major contributor, and hope that this research can illuminate and quantify that gap. Second, we wish to give organizations a way to benchmark their capabilities against peers and provide a globally recognized practical standard, with an eye towards identifying areas for improvement. 2

Methodology Organizations rated their own capabilities by responding to 18 questions that covered the five key functions outlined by the CSF: Identify, Protect, Detect, Respond, and Recover. Respondents rated capabilities using a 5 point scale 1. Not Currently Done My organization does not currently do this. 2. Ad Hoc My organization handles this in an ad hoc or case-by-case manner. Our practices in this area are not formalized and are most often handled in a reactive manner without using repeatable processes. 3. Progressing My organization has progressed from a purely ad hoc or caseby-case approach in this area, but is in the early stages of formalizing its practices and executing them on an organization-wide basis. 4. Mature My organization s security practices in this area are mature and are generally consistently repeated on an organizationwide basis. Each respondent received an overall score for their program based on their responses. Negligent - Falling well short of best security practices and thus neglecting its responsibility to properly protect its IT assets. Deficient - Providing inadequate security protection and thus falling short in its responsibility to protect its IT assets. Functional - Has generally implemented some security best practices and thus making progress in providing sufficient protection for its IT assets. Developed - Has a well-developed security program and is well positioned to further improve its effectiveness. Advantaged - Has a superior security program and is extremely well positioned to defend its IT assets against advanced threats. 5. Mastered My organization s security practices in this area are highly mature, adaptive, risk focused, enterprise in scope, and almost always based-on lessons learned from internal experiences, quantitative metrics, or externally sourced best practices. 3

By Geography Organizations in EMEA reported the most mature security strategies with 29% ranked as developed or advantaged vs. APJ at 26% and the Americas at 23%. 50% 40% Americas APJ EMEA 30% 20% 10% 0% Negligent Deficient Functional Developed Advantaged Overall Rating 4

APJ By the Numbers 5

APJ: Overall 18 % 8 % Advantaged Capabilities The overall survey results found that 74% of respondents have significant cybersecurity risk exposure (with overall capabilities falling below the Developed category). Only 18% of respondents indicated that they have Developed Capabilities, and just 8% have Advantaged Capabilities. Developed Capabilities Significant Cybersecurity Risk Exposure 74 % 6

APJ: By Type of Capability In APJ, the strongest reported maturity levels reported were in the area of Protection. Response ranked last in maturity across functions. Average Ranking For Capability Protect Identify Detect Recover Respond 66% 70% 72% 74% 76% % of respondents with inadequate levels of capability within the function 7

APJ: By Size of Organization Respondents with below Developed Capabilities 100% 90% 80% 85% of organizations surveyed with under 1,000 employees are not well prepared for today s threats (ranking below Developed in overall maturity). 70% 85% 60% 61% 50% 65% 40% 30% 20% 10% 0% 8 Under 1,000 Employees 1,000-10,000 Employees Over 10,000 Employees

APJ: By Number of Incidents In APJ, 70% of respondents had incidents that negatively impacted their business operations in the last 12 months, but only 23% of those were considered mature in their security strategy. 70 % Negatively Impacted 23 % Considered Mature 9

Conclusion The results speak for themselves. There is work to be done to improve risk management and cybersecurity capabilities regardless of company size, geography, or vertical industry. Two important findings stand out from the wealth of data. First, damaging security incidents are the main factor driving action and culture change. Effective Incident Response capabilities, which can help minimize the business impact of security incidents, are particularly underdeveloped. However, organizations that experience the most security incidents are significantly more likely to have developed or advantaged overall capabilities. Once organizations experience an incident that negatively impacts their operations, they strive to improve their capabilities and maturity at a greater pace to mitigate the effects of (inevitable) future incidents. As a result, a greater disparity has emerged between those organizations who are more mature and those who are not. Second, organizations struggle to take proactive steps to improve their cybersecurity and risk posture because they struggle to understand cyber risk and how it will impact their operations. The least developed capability across the survey is an organization s ability to catalog, assess, and mitigate risk. The inability to assess cyber risk and calculate cyber risk appetite makes it impossible to prioritize areas of mitigation and investment. If you completed the assessment this year, we thank you for your participation and look forward to your continued input in future years. If you did not participate, we encourage you to complete the survey and obtain a benchmark that can help you plan for advancing your organization s capabilities. Take the survey today at rsa.com/maturitysurvey. 10

EMC2, EMC, the EMC logo, RSA, and the RSA logo are registered trade marks or trademarks of EMC Corporation in the United States and other countries. Copyright 2016 EMC Corporation. All rights reserved. Published in the USA. 06/16 ebook H15279

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback