Weitere ähnliche Inhalte Ähnlich wie 2018 State of Cyber Resilience Insurance (20) Mehr von Accenture Insurance (20) Kürzlich hochgeladen (20) 2018 State of Cyber Resilience Insurance3. Organizations are improving cyber resilience and showing they can
perform better under greater pressure as the number of targeted attacks
more than doubles.
CLOSING THE GAP ON CYBER ATTACKS
Organizations reduced the rate
of successful attacks: From 30% to 13%.
In the past 12 months, how many attempted / successful breaches have you
identified and how many were successful?
Average.
2018
240
52
Targeted attacks
Security breaches
Insurance
4. 14%
30%
45%
10%
24%
28%
22%
23%
Less than 50%
51%-65%
66%-75%
76% or more
2017 2018
12%
23%
55%
9%
20%
31%
22%
27%
Less than 50%
51%-65%
66%-75%
76% or more
2017 2018
CLOSING THE GAP ON CYBER ATTACKS
Despite the rising number of cyber attacks, security teams continue to
identify nearly two-thirds of all breach attempts, 63% on average, and twice
as many of them are now able to detect 76% or more cyber attacks.
Proportion of cyber
attacks discovered
by security teams
Global
Global mean:
63%
Insurance mean:
64%
Insurance
5. 5
66%
60%
58%
56%
53%
66%
62%
57%
52%
55%
Internally by our employees
Externally by a peer/competitor in
our industry
Externally by the media
White hats
Law enforcement
Copyright © 2018 Accenture Security. All rights reserved.
CLOSING THE GAP ON CYBER ATTACKS
Collaboration is helping with attacks undetected by security teams.
Cyber attacks
discovered
outside of
security teams
For the breaches that are not detected by your security team, how do you most frequently learn about them? (Ranked top 3)
Global
Insurance
6. 12% 43% 34% 11%Global
Less than one day 1-7 days 1-4 weeks More than one month
9% 46% 36% 9%q16
CLOSING THE GAP ON CYBER ATTACKS
The majority of security teams are also more effective at finding security
breaches faster—from months and years to just days and weeks.
Improvements in detection speed
of security breaches
Thinking about the past year, how long, on average, did it take for a
successful breach to be detected?
Insurance
7. IMPROVING CYBER RESILIENCE
Cyber
Response
Readiness
Cyber Response Plans
Cyber Incident Escalation
Plans
Stakeholder Involvement
Cyber Incident
Communication
Recovery of Key Assets
Strategic
Threat Context
What-If Analysis
Peer Situation Monitoring
Business Relevant Threat
Monitoring
Threat Vector Monitoring
Resilience
Readiness
Recovery Ability
Design for Resilience
Exposure Driven Design
Continuous Improvement
Threat Landscape
Alignment
Governance &
Leadership
High Value Assets &
Business Processes
Physical & Safety Risks
Actual IT Support
Scenarios of Material
Impact
Key Protection
Assumptions
Business
Exposure
High Value Assets &
Business Processes
Physical & Safety Risks
IT Risk Support
Cyber Attack Scenarios
Extended
Ecosystem
Contractual Dependability
Contractual Assurance
Regulatory Compliance
Focus
Operational Cooperation
Investment
Efficiency
Securing Future
Architecture
Protection of Key Assets
Security in Project
Funding
Security in Investment
Funding
Risk Analysis & Budgeting
Copyright © 2016 Accenture All rights reserved.
Cybersecurity Strategy
WE EVALUATED 33 CYBERSECURITY CAPABILITIES ACROSS SEVEN DOMAINS
8. CLOSING THE GAP ON CYBER ATTACKS
Being better at detection, prevention and collaboration is not all that
security teams can be proud of—they have also realized an impressive 42
percent improvement in security capabilities.
Cybersecurity
capabilities rated
high performing
Capabilities rated
high performing:
2018 Global : 19
2018 Insurance: 20
9. CLOSING THE GAP ON CYBER ATTACKS
In terms of delivering the next wave of improvements, it is easy to focus
exclusively on counteracting external attacks, but organizations should not
neglect the enemy within.
Most damaging security breaches
ranked by frequency and impact
28% of respondents ranked
‘External Attacks’ as having the
greatest impact on their
organization while 33% ranked
‘Internal Attacks’ as the most
frequent.
10. 10
INTERNAL ATTACKS AND HACKER ATTACKS ARE THE MOST
FREQUENT ATTACKS AND CAUSE THE GREATEST IMPACT ON
THE ORGANIZATION
Among the types of breaches your organization has experienced,
please rank them from most to least frequent. (Ranked top 3)
70%
56%
44%
43%
39%
26%
24%
72%
51%
40%
43%
43%
28%
24%
Internal attack (e.g.,
malicious insiders)
Hacker attack
Accidentally published
information (e.g., insider
errors/failure to follow
processes and policies)
Configuration error that
affected security
Legacy infrastructure
that is challenging to
secure
Lost/stolen media
Lost/stolen computer
Copyright © 2018 Accenture Security. All rights reserved.
Among the successful breaches, please indicate which of the following
causes had the greatest impact on your organization. (Ranked top 3)
53%
51%
46%
39%
32%
22%
18%
53%
54%
49%
44%
33%
23%
20%
Internal attack (e.g.,
malicious insiders)
Hacker attack
Accidentally published
information (e.g., insider
errors/failure to follow
processes and policies)
Legacy infrastructure
that is challenging to
secure
Configuration error
Lost/stolen media
Lost/stolen computer
Global
Insurance
11. 11
63%
57%
56%
56%
48%
47%
32%
69%
60%
56%
54%
45%
51%
31%
Corporate IT (all
systems in the
corporate office)
Cloud service providers
Customer or partner
environments (i.e.,
hosted websites,…
Operational
technologies (i.e.
manufacturing,…
Products and services
(i.e., wearables, xx)
Field operations
(branches, franchises,
subsidiaries)
Third parties
Copyright © 2018 Accenture Security. All rights reserved.
CLOSING THE GAP ON CYBER ATTACKS
Organizations need to protect their most valuable assets, from the inside
out, and across the entire value chain.
Areas
cybersecurity
program is actively
protecting
Percentage of organization actively
protected by cybersecurity
program
Global: 67%
Insurance: 66%
Which of the following is your cybersecurity program actively protecting?
Multiple responses.
Global
Insurance
12. 12Copyright © 2018 Accenture Security. All rights reserved.
CLOSING THE GAP ON CYBER ATTACKS
Cybersecurity standards should extend beyond the organization.
Degree to which
ecosystem
partners are held
to cybersecurity
standards
Which of the following statements best represents the degree to which you hold your ecosystem partners and/or strategic partners to cybersecurity
standards?
Global
Insurance
6%
14%
16%
46%
18%
10%
13%
12%
41%
24%
We do not review cybersecurity standards of partners
We review cybersecurity standards of partners,
but do not impose any standards or requirements
We hold partners to a minimum standard for cybersecurity,
that is below our business standards, and audit regularly
We hold partners to the same cybersecurity standards
as our business, and audit regularly
We hold partners to higher cybersecurity standards
than our business
13. 18%
34%
59%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
2016e 2017 2018 2019e 2020e 2021e
Global Measured capability average Filtered sample Log. (Global Measured capability average)Insurance
CLOSING THE GAP ON CYBER ATTACKS
If the current rate of progress is maintained, organizations could reach a
sustainable level of cyber resilience in the next two to three years.
Forecast of average cybersecurity capabilities reaching a sustainable level of cyber resilience
Cyber resilience embedded into the business*
*Estimate based on current rate of
improvement 13
14. 14
Copyright © 2018 Accenture Security. All rights reserved.
CLOSING THE GAP ON CYBER ATTACKS
Cybersecurity investment is important to keep the momentum of improved
security resilience
Significant
increase in
investment
(double or more)
in cybersecurity
22%
31%
Global
Past 3 years Next 3 years
14%
27%
1
Past 3 years Next 3 years
Insurance
15. 15Copyright © 2018 Accenture Security. All rights reserved.
CLOSING THE GAP ON CYBER ATTACKS
Focusing on the right success measures ensures security objectives are
aligned with the business.
Measures of
success for
cybersecurity
programs
62%
57%
56%
53%
51%
42%
40%
38%
64%
63%
62%
55%
52%
45%
38%
34%
Cyber IT resiliency (i.e., how many times an enterprise
system went down and for how long)
Cyber recovery/restoration time (i.e., how long it takes to
restore normal activity)
Cyber response time (i.e., how long it takes to identify
and mobilize)
Cyber OT resiliency (i.e., how many times an operational
technology system stopped and for how long)
Cyber compliance with national standards
Trend measurement (incidents increasing/decreasing)
Repetition (portion of breaches that come from repeated
attempts of the same type)
Business risk improvement
How do you measure the success of your cybersecurity program?
Multiple responses.
Global
Insurance
16. 16
55%
54%
48%
45%
45%
44%
43%
41%
40%
55%
56%
49%
47%
50%
49%
43%
46%
39%
IoT security
Security intelligence platforms
Blockchain
Threat hunting
Continuous control monitoring
and reporting
Managed security services
Machine learning/artificial
intelligence
Password-less authentication
Robotic process automation
(RPA)
Copyright © 2018 Accenture Security. All rights reserved.
CLOSING THE GAP ON CYBER ATTACKS
Breakthrough technologies are essential to securing the organization’s
future and driving the next round of cyber resilience.
Emerging
technologies
organizations
invest in to
evolve
security
programs
New technologies such as artificial
intelligence, machine/deep
learning user behavior analytics,
blockchain, etc. are essential to
securing the future of the
organization.
Global: 83%
Insurance: 85%
In which of the following new and emerging technologies are you investing to evolve your security program?
Multiple responses.
Global
Insurance
18. Industry Global Insurance
A&D Manufacturing 100
Automotive 101
Banking & Cap Markets 410
Chemicals 202
CG&S 410
Energy (Oil & Gas) 200
Healthcare (Payer) 100
Healthcare (Provider) 102
High Tech 411
Industrial Equipment 313
Insurance 411
Life Sciences 200
Media 252
Public Service (Federal) 255
Public Service (ST & Local) 198
Retail 411
Software & Platforms 221
Communications 158
Utilities 214
Location Global Insurance
Australia 401
Brazil 130
Canada 150
France 401
Germany 400
Ireland 124
Italy 302
Japan 400
Netherlands 115
Norway 114
Singapore 126
Spain 250
United Arab Emirates 132
United Kingdom 450
United States 1,174
0
0
0
0
0
0
0
0
0
0
411
0
0
0
0
0
0
0
0
THIS STUDY WAS FIELDED FEBRUARY 2018
40
10
15
40
40
20
41
40
10
10
5
30
10
40
60
133
146
74
41
11
6
0
0
0
0
0
18
2
24
79
113
193
Title Global Insurance
CIO 1513
Chief Security Officer 1429
Chief Compliance Officer 829
Chief Risk Officer 535
Chief Security Architect 133
Corporate Security Officer 78
Civilian - Political Appointee 50
Civilian - Senior Executive
Service (SES)
49
Civilian - GS-13 to GS-15 27
Military - Officer (O-7 to O-10) 23
Military - Officer (O-4 to O-6) 3
Revenue Global
Insuranc
e
$50 bn or more 58
$20 bn-$49.9 bn 276
$10 bn-$19.9 bn 891
$6 bn-$9.9 bn 1,432
$1 bn-$5.9 bn 2,012
20. 20
INFORMATION IS A KEY COMPANY ASSET PROTECTED BY THE
ORGANIZATION’S CYBERSECURITY STRATEGY
Which of the following are you addressing with your cybersecurity strategy?
Ranked top 3
48%
43%
35%
31%
31%
30%
30%
28%
25%
45%
40%
38%
27%
32%
36%
30%
24%
28%
Protecting organization information
Protecting customer information
Protecting organization reputation
Protecting employee privacy
Preventing service disruption
Mitigating against financial losses
Providing customer satisfaction
Protecting physical
infrastructures/assets
Mitigating against legal/compliance
issues
Copyright © 2018 Accenture Security. All rights reserved.
Global
Insurance
21. 21
CONFIDENCE IS GENERALLY HIGH FOR CYBERSECURITY
EFFECTIVENESS
How confident are you in the effectiveness of each of the following for your organization?
40%
42%
42%
43%
42%
41%
43%
43%
43%
41%
45%
43%
42%
42%
42%
40%
40%
39%
39%
35%
Password Management
Infrastructure security
Asset management
Application Management
User Account Management
Physical security
Configuration and Change Management
Training and Awareness
Patch Management
3rd Party and Compliance
Confident Extremely confident
Copyright © 2018 Accenture Security. All rights reserved.
38%
42%
44%
45%
39%
36%
46%
44%
41%
44%
47%
43%
41%
41%
47%
42%
37%
41%
40%
35%
Password Management
Infrastructure security
Asset management
Application Management
User Account Management
Physical security
Configuration and Change Management
Training and Awareness
Patch Management
3rd Party and Compliance
Global Insurance
22. 43%
40%
44%
41%
41%
38%
42%
38%
39%
43%
39%
44%
43%
40%
42%
41%
Monitor for breaches
Identify the cause of a breach
Manage reputational risk due to a cybersecurity
event
Measure the impact of a breach
Restore normal activity after a breach
Know the frequency of breaches
Manage financial risk due to a cybersecurity
event
Minimize disruption from a cybersecurity event
22
EXECUTIVES ARE VERY CONFIDENT ABOUT THEIR
CYBERSECURITY CAPABILITIES
How confident are you that your organization can do the following?
40%
41%
41%
41%
41%
40%
42%
41%
42%
42%
42%
42%
42%
41%
40%
39%
Monitor for breaches
Identify the cause of a breach
Manage reputational risk due to a cybersecurity
event
Measure the impact of a breach
Restore normal activity after a breach
Know the frequency of breaches
Manage financial risk due to a cybersecurity
event
Minimize disruption from a cybersecurity event
Confident Extremely confident
Copyright © 2018 Accenture Security. All rights reserved.
Global Insurance
23. Copyright © 2018 Accenture Security. All rights reserved. 23
ORGANIZATIONS RECOGNIZE THE RISKS ASSOCIATED WITH
ADOPTION OF NEW BUSINESS MODELS AND THE GROWING ROLE
OF NEW TECHNOLOGIES IN SECURING THE ORGANIZATION
Please indicate your agreement with each of the following statements:
Agree/Strongly agree
83%
83%
82%
72%
71%
85%
84%
84%
75%
77%
New technologies such as artificial intelligence,
machine/deep learning, user behavior
analytics, blockchain, etc. are essential to
securing the future of the organization.
Cybersecurity at our organization is completely
embedded into our culture.
As companies adopt new innovative business
models, ecosystems, liquid workforces, etc.,
the risk and security attack surface area
increases exponentially.
It is not possible to appear strong, prepared
and competent, if my organization is the victim
of a major security breach.
Cyberattacks are a bit of a black box; we do not
quite know how or when they will affect our
organization.
Global
Insurance
24. 24
INTERRUPTION OF IT SERVICES IS THE MOST FREQUENTLY
CITED RESULT OF A BREACH AND CAUSES THE GREATEST LOSS
Which of the following has your organization experienced as a result of a
breach? Multiple responses.
55%
45%
44%
41%
39%
39%
38%
37%
35%
29%
58%
46%
47%
45%
42%
43%
40%
38%
38%
28%
Interruption of IT service/network down
Interruption of physical operations/shutdown of
assets (e.g., plants)
Intellectual Property (IP) data loss
Operational data loss/patent theft
Brand equity/reputation loss
Lost or stolen confidential information (M&A,
financial, IP)
Identity theft
Denial of service or access to systems
Financial loss
Credit card theft
Copyright © 2018 Accenture Security. All rights reserved.
Among those checked in the previous question, which one resulted in the
greatest loss to the business?
24%
13%
10%
9%
9%
9%
8%
8%
6%
3%
26%
10%
14%
9%
9%
8%
7%
8%
7%
2%
Interruption of IT service/network down
Interruption of physical operations/shutdown of
assets (e.g., plants)
Brand equity/reputation loss
Lost or stolen confidential information (M&A,
financial, IP)
Intellectual Property (IP) data loss
Operational data loss/patent theft
Denial of service or access to systems
Identity theft
Financial loss
Credit card theft
Global
Insurance
25. 38% 36% 23% 4%Global
30 days or less 31-60 days 61-90 days More than 90 days
33% 34% 28% 5%1
25
MOST ORGANIZATIONS ARE ABLE TO REMEDIATE A BREACH IN
60 DAYS OR LESS
On average, how long does it take for you to remediate a breach?
Copyright © 2018 Accenture Security. All rights reserved.
Insurance
26. 19%
15%
8%
14%
19%
14%
6%
13%
q20a_1
q20a_2
q20a_3
q20a_4
Copyright © 2018 Accenture Security. All rights reserved. 26
INVESTMENTS IN CYBERSECURITY TODAY WILL SECURE THE
FUTURE OF THE ORGANIZATION
How much does your organization spend on cybersecurity, as a percentage of each of the below?
Average % of budget dedicated to security
Global
Insurance
% of total IT budget
% of total OT budget
% of total annual revenue
% of operational costs
27. 27
BUDGET AUTHORIZATION RESTS AT THE HIGHEST LEVELS OF
THE ORGANIZATION
Who authorizes your cybersecurity budget (i.e., how high in the organization do you have to go to get your budget approved)?
32%
27%
12%
11%
9%
6%
2%
32%
22%
11%
17%
5%
10%
3%
CEO/Executive Committee
Board of Directors
Chief Financial Officer
Chief Operating Officer
Chief Information Security Officer/Chief
Security Officer
Chief Information Officer
Others
Copyright © 2018 Accenture Security. All rights reserved.
Global
Insurance
28. 28
WITH MORE BUDGET, SECURITY INVESTMENTS WOULD BE
DIRECTED TOWARD TECHNOLOGIES AND INNOVATIONS OVER
TRAINING
If you were given more budget for cybersecurity, how would you use it?
Up to three responses.
62%
59%
54%
52%
36%
13%
61%
61%
59%
60%
32%
10%
Filling known gaps in cybersecurity
technology
Adding new innovations in
cybersecurity
Filling known gaps in capabilities
(other than staffing and technology)
Filling security staffing gaps
Better reporting tools
End user training
Copyright © 2018 Accenture Security. All rights reserved.
Global
Insurance
29. 29
CYBER SECURITY SPEND IS ON THE RISE AND IS EXPECTED TO
GROW OVER THE NEXT THREE YEARS
How recently has your organization
made a major transformational
investment (expenditure) in its
cybersecurity capability?
24%
45%
23%
7%
1%
25%
45%
21%
8%
1%
1 - Within the past six months
2 - Six months to one year
ago
3 - Between one and two
years ago
4 - Two or more years ago
5 - Not applicable, we have
not yet made a major
investment in cybersecurity
capabilities
Copyright © 2018 Accenture Security. All rights reserved.
Past 3 years with regard to cybersecurity.
31%
59%
9%
0%
0%
27%
64%
9%
0%
0%
1 - Significantly increase
(double or more)
2 - Increase modestly
3 - Stay the same
4 - Decrease modestly
5 - Significantly decrease
(decrease by half or more)
22%
65%
13%
1%
0%
14%
71%
15%
0%
0%
1 - Increased significantly
(doubled or more)
2 - Increased modestly
3 - Stayed the same
4 - Decreased modestly
5 - Decreased significantly
(decreased by half or more)
Next 3 years with regard to cybersecurity.
Global Insurance
30. Copyright © 2018 Accenture Security. All rights reserved. 30
ORGANIZATIONS RELY ON THEIR INTERNAL SECURITY
WORKFORCE BUT SUPPLEMENT WITH CONTRACTORS AND
OUTSOURCED STAFF
Percentage of Internal Security FTE as a percent of total
employees globally
Insurance Global
Security FTE:
Total FTE 1:34 1:35
Security FTE:
Contractors/
Consultants
6:1 5:1
Security FTE:
Outsourced 10:1 9:1
0.73%
0.71%
0.70%
0.67%
0.66%
0.73%
0.71%
0.66%
0.63%
0.63%
Security operations
Digital identity
Security Strategy and
leadership PMO
Security architecture
and engineering
Risk and compliance
Global Insurance
31. 31
GAPS WITHIN ORGANIZATIONS ARE MOSTLY IN CYBER THREAT
ANALYTICS AND SECURITY MONITORING
Which of the following capabilities/solutions are most needed in your organization to fill gaps in your cybersecurity?
Multiple responses.
46%
46%
44%
40%
40%
39%
38%
35%
33%
33%
33%
31%
28%
24%
24%
48%
50%
50%
44%
38%
39%
40%
37%
35%
35%
35%
27%
27%
26%
30%
Cyber threat analytics
Security monitoring
Network security
Risk management
Artificial Intelligence/security…
Threat intelligence
OT-related security
Application security
Incident response
End point security
Next generation Identity
Encryption
Vulnerability management
Staffing
Remediation
Copyright © 2018 Accenture Security. All rights reserved.
Global
Insurance
32. Copyright © 2018 Accenture Security. All rights reserved. 32
EXECUTIVES RECOGNIZE THE GROWING NEED TO SPREAD
RESPONSIBILITY FOR CYBERSECURITY ACROSS MULTIPLE
SUPPLIERS
Please indicate the way in which your organization tends to source your cybersecurity program today:
Please indicate the way in which you expect your organization WILL source your cybersecurity program in three years:
Please indicate the way in which you believe your organization SHOULD source your cybersecurity program in three years:
28%
26%
26%
44%
42%
40%
28%
32%
34%
Today
WILL in 3 years
SHOULD in 3 years
More than half Single supplier About equal More than half Multiple supplier
24%
26%
27%
45%
42%
35%
31%
33%
38%
q29_1
q30_1
q31_1
More than half Single supplier About equal More than half Multiple supplier
Today
WILL in 3 years
SHOULD in 3 years
InsuranceGlobal
33. Copyright © 2018 Accenture Security. All rights reserved. 33
THE ROLE 0F OUTSOURCED CYBERSECURITY SERVICES IS
LIKELY TO RISE AT A MODERATE PACE
Please indicate the way in which your organization tends to source your cybersecurity program today:
Please indicate the way in which you expect your organization WILL source your cybersecurity program in three years:
Please indicate the way in which you believe your organization SHOULD source your cybersecurity program in three years:
37%
34%
34%
40%
40%
39%
23%
25%
27%
Today
WILL in 3 years
SHOULD in 3 years
More than half In-house security staff About equal More than half Outsourced providers
35%
30%
31%
39%
43%
42%
26%
27%
27%
More than half In-house security staff About equal More than half Outsourced providers
Today
WILL in 3 years
SHOULD in 3 years
InsuranceGlobal
34. Copyright © 2018 Accenture Security. All rights reserved. 34
CLOUD BASED SERVICES ARE MORE FREQUENTLY USED THAN
ON-SITE DEPLOYMENT; THIS TREND WILL GROW OVER NEXT 3
YEARS
Please indicate the way in which your organization tends to source your cybersecurity program today:
Please indicate the way in which you expect your organization WILL source your cybersecurity program in three years:
Please indicate the way in which you believe your organization SHOULD source your cybersecurity program in three years:
27%
24%
24%
42%
42%
38%
31%
34%
38%
Today
WILL in 3 years
SHOULD in 3 years
More than half On-site deployment About equal More than half Cloud Services
30%
27%
20%
41%
39%
41%
29%
34%
39%
More than half On-site deploymen About equal More than half Cloud Services
Global
Today
WILL in 3 years
SHOULD in 3 years
Insurance
35. Copyright © 2018 Accenture Security. All rights reserved. 35
THE LICENSING MODEL IN CYBERSECURITY WILL REMAIN
LARGELY UNCHANGED OVER THE NEXT THREE YEARS,
ACCORDING TO RESPONDENTS
Please indicate the way in which your organization tends to source your cybersecurity program today:
Please indicate the way in which you expect your organization WILL source your cybersecurity program in three years:
Please indicate the way in which you believe your organization SHOULD source your cybersecurity program in three years:
26%
26%
25%
44%
42%
40%
30%
32%
35%
Today
WILL in 3 years
SHOULD in 3 years
More than half Perpetual licensing About equal More than half Usage-based services
25%
26%
26%
48%
47%
37%
27%
28%
37%
More than half Perpetual licensing About equal More than half Usage-based services
Insurance
Today
WILL in 3 years
SHOULD in 3 years
Global
37. Copyright © 2018 Accenture Security. All rights reserved. 37
CAPABILITIES 1/7:
BUSINESS EXPOSURE
Business Exposure
At my organization… Top 2 Box Score–
% rated high performing
60%
56%
60%
56%
59%
57%
63%
60%
58%
59%
Identification of High-Value Assets &
Business Processes
Physical & Safety Risks
IT Risk Support
Cyber Attack Scenarios
Cybersecurity Strategy - Key Protection
Assumptions
Global
Insurance
38. Copyright © 2018 Accenture Security. All rights reserved. 38
Cyber Response Readiness
At my organization…
61%
59%
60%
56%
58%
62%
59%
58%
60%
57%
Cyber Response Plan
Cyber-Incident Escalation Paths
Ability to Ensure Stakeholder
Involvement
Cyber-Incident Communication
Protection and Recovery of Key Assets
CAPABILITIES 2/7:
CYBER RESPONSE READINESS
Global
Insurance
Top 2 Box Score–
% rated high performing
39. Copyright © 2018 Accenture Security. All rights reserved. 39
Strategic Threat Intelligence – Anticipating Future Threats
At my organization…
56%
61%
58%
62%
59%
57%
62%
65%
What-If Threat Analysis
Business Relevant Threat Monitoring
Peer Monitoring – as a Source for
Information on Threats to Your
Business
Threat Vector Monitoring
CAPABILITIES 3/7:
STRATEGIC THREAT INTELLIGENCE
Global
Insurance
Top 2 Box Score–
% rated high performing
40. Copyright © 2018 Accenture Security. All rights reserved. 40
Resilience Readiness
At my organization…
61%
60%
60%
60%
60%
61%
57%
57%
61%
55%
Cyber-Incident Recovery
Design for Resilience (limited impact)
Design for Protection of Key Assets
Maintaining Resilience Readiness
Threat Landscape & Resilience
Alignment
CAPABILITIES 4/7:
RESILIENCE READINESS
Global
Insurance
Top 2 Box Score–
% rated high performing
41. Copyright © 2018 Accenture Security. All rights reserved. 41
58%
55%
59%
60%
58%
60%
55%
60%
62%
58%
Cybersecurity Architecture Approach
Cybersecurity Investments for Key
Assets
Including Cybersecurity Funding in IT
Project Plans
Inclusion of Cybersecurity in
investments
Risk Analysis and Budgeting
Investment Efficiency
At my organization…
CAPABILITIES 5/7:
INVESTMENT EFFICIENCY
Global
Insurance
Top 2 Box Score–
% rated high performing
42. Copyright © 2018 Accenture Security. All rights reserved. 42
59%
56%
57%
59%
60%
64%
59%
61%
59%
63%
Cybersecurity in Chain of Command
Cybersecurity Incentives
Measuring and Reporting Cybersecurity
Cybersecurity Accountability
Security-minded Culture
Governance & Leadership
At my organization…
CAPABILITIES 6/7:
GOVERNANCE & LEADERSHIP
Global
Insurance
Top 2 Box Score–
% rated high performing
43. Copyright © 2018 Accenture Security. All rights reserved. 43
59%
57%
58%
61%
61%
60%
55%
66%
Third-Party Cybersecurity
Third-Party Cybersecurity Clauses
Cybersecurity Regulatory Compliance
Cooperation during Crisis Management
Extended Ecosystem
At my organization…
CAPABILITIES 7/7:
EXTENDED ECOSYSTEM
Global
Insurance
Top 2 Box Score–
% rated high performing
45. 45
INDUSTRY SPECIFIC DATA POINTS 1/7
Please indicate your agreement with each of the following statements:
1%
1%
1%
2%
1%
2%
3%
2%
4%
3%
5%
14%
18%
13%
16%
17%
20%
43%
44%
49%
46%
47%
42%
40%
34%
35%
33%
31%
32%
Banking plays a role in the security of our
nation.
Banks/Capital Markets are really selling
safety/security of the financial system.
Digitization offers the opportunity to
improve customer experience while at the
same time meeting government anti-fraud
requirements.
Security breaches are becoming easier to
detect
Payments technology is moving too fast,
leaving cracks bad actors can exploit.
General Data Protection Regulation
(GDPR) rules will make customer data
security more complex and less safe.
1 - Strongly Disagree 2 - Disagree 3 - Neither Agree nor Disagree 4 - Agree 5 - Strongly Agree
Base = Financial Services; n=821Copyright © 2018 Accenture Security. All rights reserved.
46. 46
INDUSTRY SPECIFIC DATA POINTS 2/7
Which type of fraud has been the most prevalent in payments over the past year?
Base = Financial Services; n=821
26%
24%
21%
18%
9%
2%
Identity theft
Advanced free and wire transfer
scams
Merchant identity fraud
Phishing
Pagejacking
None of the above
Copyright © 2018 Accenture Security. All rights reserved.
47. 47
INDUSTRY SPECIFIC DATA POINTS 3/7
Which of the following cyber threats is going to be most damaging to Financial Services in 2018?
Base = Financial Services; n=821
28%
26%
20%
14%
11%
Theft of customer information
Fraudulent transfers
Theft of Corporate IP
Distributed Denial of Service
(DDoS)
Extortion or ransom
Copyright © 2018 Accenture Security. All rights reserved.
48. 48
INDUSTRY SPECIFIC DATA POINTS 4/7
Currently insurance companies offer cyber breach products. Do you expect the future trend will be to offer protection of digital assets much in the same
way physical assets are insured today?
Base = Insurance only; n=411Copyright © 2018 Accenture Security. All rights reserved.
93% 6% 1%
1 - Yes 2 - No 3 - Do not know
49. 49
INDUSTRY SPECIFIC DATA POINTS 4/7
Would your organization consider offering cybersecurity protection of digital assets in the same way physical assets are insured today?
Base = Insurance only; n=411Copyright © 2018 Accenture Security. All rights reserved.
69% 30% 1%
1 - Yes, definitely 2 - Yes, maybe 3 - No
50. 50
INDUSTRY SPECIFIC DATA POINTS 5/7
If insurance companies offered cybersecurity protection of digital assets much in the same way physical assets are insured today, would your organization
be interested?
Base = Banking & Capital Markets; n=410Copyright © 2018 Accenture Security. All rights reserved.
71% 28%
1 - Yes, definitely 2 - Yes, maybe 3 - No
51. 51
INDUSTRY SPECIFIC DATA POINTS 7/7
Are compliance frameworks and risk assessments an effective risk management approach for Cyber Security?
Base = Banking & Capital Markets; n=410Copyright © 2018 Accenture Security. All rights reserved.
93% 7%
1 - Yes 2 - No