Does someone else own your company s reputation? EY Global Information Security Survey 2018

Similar documents
Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

Global Information Security Survey. A life sciences perspective

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

Demonstrating data privacy for GDPR and beyond

Emerging Technologies The risks they pose to your organisations

Introduction. When it comes to GDPR compliance, is OK for now enough? Minds made for protecting financial services

EY s data privacy service offering

If you were under cyber attack would you ever know?

Big data privacy in Australia

What s new in EY Atlas. November 2018

EY Consulting. Is your strategy planning for the future or creating it? #TransformativeAge

Cyber Security Incident Response Fighting Fire with Fire

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

THE POWER OF TECH-SAVVY BOARDS:

Danish Cloud Maturity Survey 2018

EY Norwegian Cloud Maturity Survey 2018

Get ahead of cybercrime. EY s 2014 Global Information Security Survey

Protecting your data. EY s approach to data privacy and information security

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

The State of Cybersecurity and Digital Trust 2016

Managing Cyber Risk. Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust

Are we breached? Deloitte's Cyber Threat Hunting

2015 VORMETRIC INSIDER THREAT REPORT

Step 1: Open browser to navigate to the data science challenge home page

Cyber Threat Landscape April 2013

Cybersecurity. Securely enabling transformation and change

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

Real estate predictions 2017 What changes lie ahead?

Tax News Update: Global Edition (GTNU) User Guide

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

A new approach to Cyber Security

Angela McKay Director, Government Security Policy and Strategy Microsoft

Combating Cyber Risk in the Supply Chain

Cyber Risks in the Boardroom Conference

Digital trends in real estate, hospitality and construction. Building blocks for future growth. Brochure title RR. Brochure subtitle RR

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

Insider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

Safeguarding unclassified controlled technical information (UCTI)

The New Healthcare Economy is rising up

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

How to be cyber secure A practical guide for Australia s mid-size business

with Advanced Protection

The hidden cost of smart buildings

What is ISO ISMS? Business Beam

Digital innovation? Cyber secure? Digital security: a Financial Services perspective

Building a Threat Intelligence Program

Cyber Attacks & Breaches It s not if, it s When

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Cyber Risk and Third Party Risk Management. Lisa Murphy First Horizon National Corporation

Governance Ideas Exchange

Anticipating the wider business impact of a cyber breach in the health care industry

I D C T E C H N O L O G Y S P O T L I G H T

EY Norwegian Cloud Maturity Survey Current and planned adoption of cloud services

People risk. Capital risk. Technology risk

Cyber Security: Threat and Prevention

PA TechCon. Cyber Wargaming: You ve been breached: Now what? April 26, 2016

The Deloitte-NASCIO Cybersecurity Study Insights from

Cyber Incident Response. Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response

CYBER RESILIENCE & INCIDENT RESPONSE

CYBER INSURANCE: MANAGING THE RISK

ForeScout Extended Module for Splunk

Incident Response Services

EY GlobalOne Individual Portal

BIG DATA INDUSTRY PAPER

Secure the value chain. Risk management in the omnichannel consumer and retail environment

TAN Jenny Partner PwC Singapore

2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

Gujarat Forensic Sciences University

CYBERSECURITY AND THE MIDDLE MARKET

How to Create, Deploy, & Operate Secure IoT Applications

Cyber Diligence. EY Deals Forum Ian McCaw EY Transaction Advisory Services

HOSTED SECURITY SERVICES

The Center for Internet Security

Sales Presentation Case 2018 Dell EMC

SOC for cybersecurity

Internet of Things Toolkit for Small and Medium Businesses

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Cyber-Threats and Countermeasures in Financial Sector

Embedded SIM Study. September 2015 update

FOR FINANCIAL SERVICES ORGANIZATIONS

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

Advanced Security Centers. Enabling threat and vulnerability services in a borderless world

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

AUSTRALIA Building Digital Trust with Australian Healthcare Consumers

M&A Cyber Security Due Diligence

IT Consulting and Implementation Services

Cyber Security Technologies

Security in India: Enabling a New Connected Era

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

THALES DATA THREAT REPORT

Customer Breach Support A Deloitte managed service. Notifying, supporting and protecting your customers through a data breach

Cyber Resilience - Protecting your Business 1

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,

EY Training. Project Management Professional PMP. Exam preparatory course. 30 September 4 October 2018

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Cybersecurity: balancing risks and controls for finance professionals

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Transcription:

Does someone else own your company s reputation? EY Global Information Security Survey 2018 Perspectives for technology, media and entertainment, and telco companies

Risking cyber reputations Are TMT companies doing what s necessary to protect their brands? The brand a company s bond with its customers can take generations to build. Yet the escalating threat of cyber attacks presents the very real possibility of a brand being destroyed overnight. Given this level of global threat, are technology, media and entertainment, and telco (TMT) companies doing what is necessary to secure their operations, manage cyber risk, protect their customers and safeguard their brands? In September to November 2017, EY conducted its annual Global Information Security Survey (GISS) of more than 1,100 executives on key issues in cybersecurity. The global survey panel was drawn from more than 60 countries and represented 20 industries. The following analysis focuses on consolidated findings from TMT companies. 2 Risking cyber reputations: Are TMT companies doing what s necessary to protect their brands?

The cyber threat to TMT companies TMT companies know the value of their brands and their relationships with customers. Many of these companies are considered leaders in providing product design, customer support and the most attractive customer experience. It is no wonder that 50% of the 10 most admired companies are from the TMT space 1 far more than any other sector. But the case can also be made that the TMT sector is more vulnerable to cyber attacks than other industries and that the consequences of a breach are more serious. Consider these issues: Many TMT companies are leaders in digital transformation. While digitization may make them more agile and streamline operations, it also increases the number of global attack vectors for cyber attackers. It also exposes virtually every part of their content and operations from digital rights to trade secrets to semiconductor design to intrusion. Traditional industries such as manufacturing and transportation can involve significant switching costs to customers. Not so for many companies in the TMT sector in which competitors are just a click away for the dissatisfied customer. Many TMT companies particularly those in the technology sector are held to be the guardians of digital and product security. This sets a higher standard for their security measures and greater consequences should they fail. TMT companies, like many others, are facing a talent shortage in digital transformation, and an especially acute shortage in cybersecurity skills. This leaves them highly exposed to their cyber adversaries. Many TMT companies are leaders in digital transformation. 1 The World s Most Admired Companies for 2017, Fortune magazine, January 2018, fortune.com/worlds-most-admired-companies/ EY Global Information Security Survey 3

The cyber threat to the brand TMT companies recognize the danger that cyber criminals pose to their customer relationships. When asked to identify what proprietary information is most valuable to cyber criminals, TMT companies overwhelmingly identified customer information. Figure 1: What information in your organization do you consider is the most valuable to cyber criminals? (Select five) Figure 2: In your opinion, what is the likelihood of your organization being able to detect a sophisticated cyber attack? Customer information/passwords Intellectual property 79% 34% 12% 13% Personal information of executives Corporate strategic plans 14% 14% Very likely Likely M&A information Financial information Supplier/vendor information/passwords 7% 6% 4% 31% 43% Unlikely Very unlikely R&D information 3% Customer data remains the No. 1 target of the cyber criminal. In a worst-case scenario, a severe breach could create a public perception of a company as an unsafe enterprise to do business with a negative branding that could take years to recover from and potentially impact its existence. Furthermore, few TMT companies have high confidence that they will be able to detect breaches of their systems, and that they will be able to determine whether customer and other data has in fact been compromised. Customer data remains the No. 1 target of the cyber criminal. 4 Risking cyber reputations: Are TMT companies doing what s necessary to protect their brands?

Committing to protecting the cyber reputation of TMT companies Given the dangers, one might assume that companies are making cybersecurity a high corporate priority. Figure 4: Which vulnerabilities have most increased your risk exposure over the last 12 months? (Selected responses) Careless or unaware employees 34% But the numbers show otherwise while global companies spent almost $600 billion on building their brands in 2016, 2 they allocated only about one-tenth of that amount to cybersecurity. 3 Outdated information security controls/architecture Cloud computing Mobile computing 25% 22% 14% Our research shows that the TMT sector is not an exception. While increasing its absolute cybersecurity spend, the sector is not making anywhere near the commitment that it believes is necessary to safeguard customer data and their brand. Figure 3: Commitment to cybersecurity by TMT companies Social media Unauthorized access 11% Similarly, TMT respondents believe that employees either through lack of awareness or via malicious acts are the greatest source of an attack. 9% Figure 5: What do you consider the most likely source of an attack? 10.6% 22.2% Projected growth in cybersecurity budget (next 12 months) Growth in funding needed to protect company in line with company s risk tolerance In summary, TMT executives believe that their companies are spending less than half of what is necessary to reach acceptable levels of security creating consequences for their reputations and customer franchises. Malicious or careless employees Criminal syndicate Hacktivists Lone wolf attacker External contractor, on-site State-sponsored attacker Supplier Other business partner Customer 40% 15% 12% 11% 10% 9% 5% 4% 3% A striking example of this shortfall is in the lack of resources committed to employee awareness and training. We asked TMT executives to assess their companies cyber vulnerabilities and identify the most likely sources of attacks on their companies. In both cases, the most serious vulnerabilities were linked to employee behavior. Yet while TMT companies recognize the dangers presented by employees, they place a surprisingly low priority on the training and supervision that are designed to reduce employee-driven cyber risk. 2 Global Advertising Spend to Rise 4.6% to $579 Billion in 2016, Zenith Optimedia, cited in Variety, 2016. Global PR Industry Hits $14bn In 2016 As Growth Slows To 5%, Holmes Report, 2016. 3 Cyber security spend $73.7 billion, IDC Worldwide Semiannual Security Spending Guide, 2016. EY Global Information Security Survey 5

Figure 6: Which of the following information security areas would you define as high priority for your organization over the coming 12 months? (Select top three) Securing the Internet of Things Forensics support Intellectual property protection 43% 40% 40% TMT companies are placing an especially high priority on securing the Internet of Things (IoT). While the IoT has many benefits for TMT companies digitizing a telco s entire network, or full robotic automation of a semiconductor lab it can also present higher cyber risk. By placing a company s critical operations on an IoT platform, it can increase the level of vulnerability (e.g., more attack vectors) and present higher consequences of a breach (e.g., ransomware attacks on production systems). Security architecture redesign Third-party risk management Securing mobile devices Privacy measures Security analytics Business continuity/disaster recovery Security awareness and training Identity and access management 29% 24% 22% 16% 12% 10% 9% 9% In summary, TMT companies while acknowledging the risk posed by their employees are not placing a high enough priority on the means to reduce this risk. This is an important example of an under commitment being made by companies to reach their own standards of cybersecurity. TMT companies are placing an especially high priority on securing the Internet of Things. 6 Risking cyber reputations: Are TMT companies doing what s necessary to protect their brands?

What technology, media and entertainment, and telco companies must do There is a global consensus that cyber attacks will not only continue but increase in velocity and sophistication, including targeting data, cloud providers, automation and IoT products. Accepting that the brand the company s bond with its customers is a critical asset that demands the highest protection, these are a few of the key steps that TMT companies must take: 1. Place a priority on protection level of brand-related assets: An emerging view in cybersecurity is that, due to resource constraints, all assets cannot be protected with equal levels of security. 2. TMT companies should place such a priority on protecting brand-related assets: Building a ring fence around purchasing information, passwords, transaction records, personally identifiable information and other data that touches the customer. This is the information that is most likely to be targeted by cyber attackers, and the breach that can cause the greatest harm to the enterprise it should be the priority. In addition, TMT companies that build and sell IoT products should manage cybersecurity risks throughout the IoT ecosystem from development, production and most importantly, active maintenance. 3. Build an employee culture of cybersecurity: Many cybersecurity programs managed by IT specialists focus on highly technical solutions to defend against cyber attacks. Companies should recognize that attackers can potentially be their own employees, and detecting malicious lateral movements inside the network perimeter is equally as important. Cybersecurity training, supervision and accountability in short, an employee culture of cybersecurity focused on vigilance are critical to defend against cyber attacks. 4. Create a post-breach, brand-recovery program: Many cyber experts privately acknowledge that their companies will be breached at some point. Ability to respond is as important as the capability to defend: companies should have in place a proactive incident response and recovery plan including a communications plan, incident response process, forensics capability, governance and technical recovery procedures that can help minimize damage, enable legal diligence and accelerate the company back to the trust of its customers. For the findings and demographics of the cross-industry EY Global Information Security Survey, visit ey.com/giss. EY Global Information Security Survey 7

EY Assurance Tax Transactions Advisory About EY EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities. EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com About EY Global Technology, Media & Entertainment and Telco services Digital technology innovation is continuously disrupting organizations and converging industries, driving content distributors into content production, transforming telco providers into content distributors and turning tech companies in all directions. Thus, competition is escalating, and digitally empowered customers are demanding more than ever. Our global Technology, Media & Entertainment and Telco (TMT) services can help you revamp your organization for the future and enhance customer experiences across all channels. Our network of more than 38,000 TMT professionals helps you nurture growth by bolstering agility, operational excellence and enterprise trust. Our broad advisory, assurance, tax and transaction services help you thrive in this rapidly changing environment while preparing for disruptions yet to come. Find out more at ey.com/tmt Contacts: Dave Padmos EY Global Technology Sector Advisory Leader +1 206 348 7043 dave.padmos@ey.com Rob Belk West Region Cybersecurity Lead Ernst & Young LLP +1 858 535 7707 rob.belk@ey.com Burgess Cooper Cybersecurity Advisory Services Lead Ernst & Young LLP +91 993 081 8333 burgess.cooper@in.ey.com M.J. Vaidya Cybersecurity Advisory Services Lead Ernst & Young LLP +1 404 541 7039 mj.vaidya@ey.com 2018 EYGM Limited. All Rights Reserved. EYG no. 02065-184GBL ED None This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax or other professional advice. Please refer to your advisors for specific advice. ey.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback