SlideShare ist ein Scribd-Unternehmen logo

Cybersecurity Preparedness Trends and Best Practices

Tony Moroney
Tony Moroney
1 von 48
Downloaden Sie, um offline zu lesen
Cybersecurity Preparedness Benchmark Study
2 BRG Overview Over 1,000 professionals in 37 offices Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study
3 Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study Study Background Why the need for cybersecurity benchmarking? • Financial and non-financial consequences of a successful cyber attack • Governance and Technology • Gain understanding how other peers implement Information Security • Study results from two different points of view: – overall results across all participants to provide a thorough and balanced view of the current state of Cybersecurity – an individual assessment for each participant where individual answers are discussed and compared against other study respondents
4 Study Background Target group: Executive Management and Board of Directors from different sectors Survey: 103 Questions, approximately 60 minutes. Online questionnaire; select phone interviews Timeline: Q1 and Q2 2016 Results: Q3 2016 Participants received: Anonymized evaluation of participant data including indication of their individual answers Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study
5 Objectives Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study
6 Country of Origin Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study
7 Study Participants Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study Primary Industry of Organization Title or Level in Organization Total Employees with Average FTE IT Employees
8 Strategic Insights Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study
9 Who does the CISO/CSO report to? Growing Importance of CISO Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study 54% of organizations report an Information Security Officer is in place
10 How would you rate your organization’s information security culture? Security Culture Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study CISO 73% of organizations have a formal cybersecurity training and awareness program
11 Rate the effectiveness of your organization’s cyber security program Cybersecurity Effectiveness Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study CISO 80% of organizations report that senior managers approach information security as an enterprise risk-management issue
12 How would you rate your organization’s cyber security incident response capabilities? Incident Response Capability Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study CISO 60% of organizations inform governments and regulators of cybersecurity breaches
13 What strategic initiatives has your organization adopted in its security program? Strategic Initiatives Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study 90% of organizations do not have a cybersecurity strategy for the Internet of Things
14 Board and Executive Leadership Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study
15 Areas in which the Board of Directors actively participate: Board Engagement Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study CISO 55% of organizations report that the Board of Directors actively participate in overall cybersecurity strategy
16 Areas board participation has helped improve your organization’s information security program: Board Influence Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study
17 How does the board oversee cyber security-related issues? Board Oversight Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study
18 How would you rate the organizational leadership support for cybersecurity? Rate senior management focus on information security Leadership Support & Focus Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study
19 How do you measure the effectiveness of the organization’s cyber security program? Feedback Mechanisms Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study 69% of organizations rely on auditors, both internal and external as a measure of their cybersecurity effectiveness
20 Managing Security Risk Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study
21 Has your organization performed a cyber risk appetite assessment? Has your organization performed a cyber threat assessment? Cybersecurity Risk Assessments Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study CISO CISO 47% of organizations do not believe that leadership has a functional understanding of their network security
Are there formal security and operational procedures documented? 22 Documented Procedures Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study 91% of organizations document their cybersecurity policies and procedures
23 Areas for improvement and awareness programs? Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study Improvement & Awareness
24 How often does executive management receive periodical briefings on the state of your organization’s network security system? Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study Executive Briefings 30% of executive management receive a briefing once every six months or less
25 Systems and Controls Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study
Which information security standard and best practice does your organization follow? 26 Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study Security Standards 37% of organizations used ISO27001, with financial services at 43%
Security controls and business continuity plans are tested on a regular basis? 27 Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study Controls Testing
How often are the security controls of the enterprise systems and interconnected systems reviewed? 28 Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study System Reviews 24% of organizations do not routinely test security controls and business continuity plans on a regular basis
How often are self-assessments conducted? 29 Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study Self-assessments 30% of organizations do not routinely undertake self-assessments CISO
How often are external security assessments conducted? 30 Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study External Assessments CISO
What steps has your organization taken in order to obtain assurances from external service providers and vendors that their security meets standards? 31 Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study External Service Providers & VendorsCISO 63% of organizations have ensured external service providers and vendor contracts include provisions for security
32 Governance and Reporting Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study
Rate your organization’s cyber security risk management program 33 Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study Risk Management Effectiveness 42% of organizations somewhat agree that cybersecurity risks are being considered in business decision making 7% of organizations strongly agree that cybersecurity risks are being considered in business decision making
Rate your organization’s cyber security Information Governance capabilities 34 Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study Information Governance Capabilities 56% of organizations rate their Information Governance capabilities as ‘slightly’ or ‘somewhat effective’
Rate your company’s information security governance maturity level 35 Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study IS Governance Maturity CISO
Rate your company’s IT risk management maturity level 36 IT Risk Management Maturity Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study CISOCISO
Rate your company’s cloud computing maturity level 37 Cloud Computing Maturity Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study 57% of organizations do not allow use of public cloud services
38 Does the organization incident response plan outline regulatory and governmental notification protocols for breaches? Regulatory & Government Reporting Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study 57% of organizations are required by regulatory and government agencies to disclose system breaches
39 Breaches and Incidents Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study
What type of breaches did your organization experience? 40 Type of Cybersecurity Breaches Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study 51% of organizations do not believe they are well equipped to handle a breach 46% of organizations report having experienced a cybersecurity breach
45% of organizations report current employees as the most likely source of cybersecurity breach incidents 41 What was the estimated source of data breach incidents? Sources of Breaches Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study
Type of staff-related incidents the organization experienced? 42 Staff-related Incidents Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study
43 Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study Key Observations Despite a strong focus on cybersecurity culture, many organizations do not believe their cybersecurity programs are fully effective 45% of respondents reported that they needed to improve security awareness and training Current employees are the likely cause behind most cybersecurity breaches Respondents reported that current employees were the likely source of 45% of data breach incidents, followed by 22% of incidents caused by hackers and 13% by former employees Viruses and malicious software are the most common breaches. Respondents reported that infections from viruses or malicious software accounted for 39% of all data breaches, followed by system failures or data corruption accounting for 35% of breaches
44 Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study Key Observations Most organizations do not have strategies for the emerging fields of the Internet of Things or Big Data 90% of respondents do not have a cybersecurity strategy for the Internet of Things, and 86% do not have a strategy for Big Data Organizations lack confidence in their cybersecurity incident response capability 65% of respondents reported having a formal cyber incident response plan, and 60% incorporated regulatory and government notification protocols for breaches. However, when asked if their organization was well equipped to handle a cyber breach, 51% of respondents were neutral or disagreed Organizations anticipate an increase in information security budgets 54% of respondents reported that they expected an increase in their 2016 cybersecurity budget. However, 48% of respondents reported they were neutral or disagreed when asked if leadership allocated adequate budget for cybersecurity efforts
45 Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study Recommendations 1. Hire Experts 2. Establish a Plan of Action 3. Train Your Staff 4. Identify Problems 5. Learn from your mistakes 5 Steps to Prepare for a Data Breach
46 Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study Recommendations Board & Executive Leadership Engagement and By-In • Review and approve the cyber risk appetite and tolerance at board level • Ensure the board has sufficient cybersecurity expertise and/or access to such expertise Security Culture • Build cybersecurity in to all activities and develop enterprise-wide cyber risk management strategies and procedures • Incorporate cybersecurity within business strategy and risk management frameworks Documented Vendor Protocols • Develop procedures to identify and manage cyber risks associated with outside vendors, suppliers, customers, utilities, and other external organizations and service providers • Include provisions to conduct cybersecurity audits External Audits • Undertake testing to include the potential for multiple attacks and the impact of interruptions on critical infrastructure • Ensure there is a robust cyber resilience and incident response program Qualified Talent • Pro-actively undertake cyber threat intelligence gathering and ongoing security analytics • Invest in your people to ensure there is high awareness and ownership for cybersecurity across the organization
47 Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study • Needs to be early stages of collaboration to show the connection points between Corporate and Academic institutions • National Cybersecurity Framework and Cybersecurity Education needs to be aligned • Anticipate use cases for – Organizing academic curriculum – Workforce roles and responsibilities – Professional certifications Cybersecurity Workforce Development National Cybersecurity Education Initiative National Cybersecurity Awareness Formal Cybersecurity Education Cybersecurity Workforce Structure Cybersecurity workforce training & professional development Recommendations
48 The full study is available at: http://www.thinkbrg.com/media/publication/828_CSPBS_Report.pdf Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study Tony Moroney | Managing Director | International Financial Services Berkeley Research Group, LLC 6 New Street Square, 15th Floor | London, EC4A 3BF D +44 (0) 20 3597 5167 | M +353 87 2556947 | F +44 (0)20 3808 2784 tmoroney@thinkbrg.com | thinkbrg.com Faisal Amin | Director | Benchmarking & Strategic Research Berkeley Research Group, LLC 700 Louisiana Street, Suite 2600 | Houston, TX 77002 D 713.493.2552 | O 713.481.9410 | M 281.788.9573 | F 832.862.2284 famin@thinkbrg.com | thinkbrg.com

Empfohlen

Cybersecurity Program Assessments
Cybersecurity Program AssessmentsCybersecurity Program Assessments
Cybersecurity Program AssessmentsJohn Anderson
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security programWilliam Godwin
 
Security Framework for Digital Risk Managment
Security Framework for Digital Risk ManagmentSecurity Framework for Digital Risk Managment
Security Framework for Digital Risk ManagmentSecurestorm
 
Ch3 cism 2014
Ch3 cism 2014Ch3 cism 2014
Ch3 cism 2014Aladdin Dandis
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data SecurityImperva
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityRahul Tyagi
 
Ch2 cism 2014
Ch2 cism 2014Ch2 cism 2014
Ch2 cism 2014Aladdin Dandis
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 

Empfohlen

Cybersecurity Program Assessments
Cybersecurity Program AssessmentsCybersecurity Program Assessments
Cybersecurity Program AssessmentsJohn Anderson
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security programWilliam Godwin
 
Security Framework for Digital Risk Managment
Security Framework for Digital Risk ManagmentSecurity Framework for Digital Risk Managment
Security Framework for Digital Risk ManagmentSecurestorm
 
Ch3 cism 2014
Ch3 cism 2014Ch3 cism 2014
Ch3 cism 2014Aladdin Dandis
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data SecurityImperva
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityRahul Tyagi
 
Ch2 cism 2014
Ch2 cism 2014Ch2 cism 2014
Ch2 cism 2014Aladdin Dandis
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityRahul Tyagi
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offeringeeaches
 
Its time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerIts time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerEnclaveSecurity
 
Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014Aladdin Dandis
 
Cybertopic_1security
Cybertopic_1securityCybertopic_1security
Cybertopic_1securityAnne Starr
 
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessAyham Kochaji
 
4 Cyber Security KPIs
4 Cyber Security KPIs4 Cyber Security KPIs
4 Cyber Security KPIsSteven Aiello
 
Ch4 cism 2014
Ch4 cism 2014Ch4 cism 2014
Ch4 cism 2014Aladdin Dandis
 
Security Maturity Models.
Security Maturity Models.Security Maturity Models.
Security Maturity Models.Priyanka Aash
 
Trends in Information Security
Trends in Information SecurityTrends in Information Security
Trends in Information SecurityCompTIA
 
Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016EnterpriseGRC Solutions, Inc.
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
Cybersecurity Consulting Services flyer
Cybersecurity Consulting Services flyerCybersecurity Consulting Services flyer
Cybersecurity Consulting Services flyerJohn Anderson
 
Creating And Enforcing Anti Malware Practices
Creating And Enforcing Anti Malware PracticesCreating And Enforcing Anti Malware Practices
Creating And Enforcing Anti Malware PracticesDiane M. Metcalf
 
How to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationHow to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationExigent Technologies LLC
 
Supplement To Student Guide Seminar 03 A 3 Nov09
Supplement To Student Guide Seminar 03 A 3 Nov09Supplement To Student Guide Seminar 03 A 3 Nov09
Supplement To Student Guide Seminar 03 A 3 Nov09Tammy Clark
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
IT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALIT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALCYBER SENSE
 
Information Systems Security & Strategy
Information Systems Security & StrategyInformation Systems Security & Strategy
Information Systems Security & StrategyTony Hauxwell
 
RIB Cybersecurity
RIB CybersecurityRIB Cybersecurity
RIB CybersecurityAndy Kim
 
Electricity Subsector Cybersecurity Capability Maturity Model Case Study
Electricity Subsector Cybersecurity Capability Maturity Model Case StudyElectricity Subsector Cybersecurity Capability Maturity Model Case Study
Electricity Subsector Cybersecurity Capability Maturity Model Case StudyEnergySec
 

Weitere ähnliche Inhalte

Was ist angesagt?

Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityRahul Tyagi
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offeringeeaches
 
Its time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerIts time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerEnclaveSecurity
 
Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014Aladdin Dandis
 
Cybertopic_1security
Cybertopic_1securityCybertopic_1security
Cybertopic_1securityAnne Starr
 
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessAyham Kochaji
 
4 Cyber Security KPIs
4 Cyber Security KPIs4 Cyber Security KPIs
4 Cyber Security KPIsSteven Aiello
 
Security Maturity Models.
Security Maturity Models.Security Maturity Models.
Security Maturity Models.Priyanka Aash
 
Trends in Information Security
Trends in Information SecurityTrends in Information Security
Trends in Information SecurityCompTIA
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
Cybersecurity Consulting Services flyer
Cybersecurity Consulting Services flyerCybersecurity Consulting Services flyer
Cybersecurity Consulting Services flyerJohn Anderson
 
Creating And Enforcing Anti Malware Practices
Creating And Enforcing Anti Malware PracticesCreating And Enforcing Anti Malware Practices
Creating And Enforcing Anti Malware PracticesDiane M. Metcalf
 
How to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationHow to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationExigent Technologies LLC
 
Supplement To Student Guide Seminar 03 A 3 Nov09
Supplement To Student Guide Seminar 03 A 3 Nov09Supplement To Student Guide Seminar 03 A 3 Nov09
Supplement To Student Guide Seminar 03 A 3 Nov09Tammy Clark
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
IT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALIT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALCYBER SENSE
 
Information Systems Security & Strategy
Information Systems Security & StrategyInformation Systems Security & Strategy
Information Systems Security & StrategyTony Hauxwell
 

Was ist angesagt? (20)

Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe Security
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offering
 
Its time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerIts time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primer
 
Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014
 
Cybertopic_1security
Cybertopic_1securityCybertopic_1security
Cybertopic_1security
 
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-Effectiveness
 
4 Cyber Security KPIs
4 Cyber Security KPIs4 Cyber Security KPIs
4 Cyber Security KPIs
 
Ch4 cism 2014
Ch4 cism 2014Ch4 cism 2014
Ch4 cism 2014
 
Security Maturity Models.
Security Maturity Models.Security Maturity Models.
Security Maturity Models.
 
Trends in Information Security
Trends in Information SecurityTrends in Information Security
Trends in Information Security
 
Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 
Cybersecurity Consulting Services flyer
Cybersecurity Consulting Services flyerCybersecurity Consulting Services flyer
Cybersecurity Consulting Services flyer
 
Creating And Enforcing Anti Malware Practices
Creating And Enforcing Anti Malware PracticesCreating And Enforcing Anti Malware Practices
Creating And Enforcing Anti Malware Practices
 
How to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationHow to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organization
 
Supplement To Student Guide Seminar 03 A 3 Nov09
Supplement To Student Guide Seminar 03 A 3 Nov09Supplement To Student Guide Seminar 03 A 3 Nov09
Supplement To Student Guide Seminar 03 A 3 Nov09
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 
IT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALIT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSAL
 
Information Systems Security & Strategy
Information Systems Security & StrategyInformation Systems Security & Strategy
Information Systems Security & Strategy
 

Andere mochten auch

RIB Cybersecurity
RIB CybersecurityRIB Cybersecurity
RIB CybersecurityAndy Kim
 
Electricity Subsector Cybersecurity Capability Maturity Model Case Study
Electricity Subsector Cybersecurity Capability Maturity Model Case StudyElectricity Subsector Cybersecurity Capability Maturity Model Case Study
Electricity Subsector Cybersecurity Capability Maturity Model Case StudyEnergySec
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAPPECB
 
Don't Get Left In The Dust How To Evolve From Ciso To Ciro
Don't Get Left In The Dust How To Evolve From Ciso To CiroDon't Get Left In The Dust How To Evolve From Ciso To Ciro
Don't Get Left In The Dust How To Evolve From Ciso To CiroPriyanka Aash
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsMark Arena
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015Capgemini
 
Super CISO 2020: How to Keep Your Job
Super CISO 2020: How to Keep Your JobSuper CISO 2020: How to Keep Your Job
Super CISO 2020: How to Keep Your JobPriyanka Aash
 
What is Information Governance
What is Information GovernanceWhat is Information Governance
What is Information GovernanceAtle Skjekkeland
 
Structuring for success - Developing a dynamic structure for your marketing t...
Structuring for success - Developing a dynamic structure for your marketing t...Structuring for success - Developing a dynamic structure for your marketing t...
Structuring for success - Developing a dynamic structure for your marketing t...B2B Marketing
 
Security Best Practices: AWS AWSome Day Management Track
Security Best Practices: AWS AWSome Day Management TrackSecurity Best Practices: AWS AWSome Day Management Track
Security Best Practices: AWS AWSome Day Management TrackIan Massingham
 
JaspersoftBI analyse les tendances du rail
JaspersoftBI analyse les tendances du rail JaspersoftBI analyse les tendances du rail
JaspersoftBI analyse les tendances du rail Audaxis
 

Andere mochten auch (11)

RIB Cybersecurity
RIB CybersecurityRIB Cybersecurity
RIB Cybersecurity
 
Electricity Subsector Cybersecurity Capability Maturity Model Case Study
Electricity Subsector Cybersecurity Capability Maturity Model Case StudyElectricity Subsector Cybersecurity Capability Maturity Model Case Study
Electricity Subsector Cybersecurity Capability Maturity Model Case Study
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAP
 
Don't Get Left In The Dust How To Evolve From Ciso To Ciro
Don't Get Left In The Dust How To Evolve From Ciso To CiroDon't Get Left In The Dust How To Evolve From Ciso To Ciro
Don't Get Left In The Dust How To Evolve From Ciso To Ciro
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metrics
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015
 
Super CISO 2020: How to Keep Your Job
Super CISO 2020: How to Keep Your JobSuper CISO 2020: How to Keep Your Job
Super CISO 2020: How to Keep Your Job
 
What is Information Governance
What is Information GovernanceWhat is Information Governance
What is Information Governance
 
Structuring for success - Developing a dynamic structure for your marketing t...
Structuring for success - Developing a dynamic structure for your marketing t...Structuring for success - Developing a dynamic structure for your marketing t...
Structuring for success - Developing a dynamic structure for your marketing t...
 
Security Best Practices: AWS AWSome Day Management Track
Security Best Practices: AWS AWSome Day Management TrackSecurity Best Practices: AWS AWSome Day Management Track
Security Best Practices: AWS AWSome Day Management Track
 
JaspersoftBI analyse les tendances du rail
JaspersoftBI analyse les tendances du rail JaspersoftBI analyse les tendances du rail
JaspersoftBI analyse les tendances du rail
 

Ähnlich wie Cybersecurity Preparedness Trends and Best Practices

Cybersecurity Preparedness Benchmark Study_Webex 27 Ocober 2016
Cybersecurity Preparedness Benchmark Study_Webex 27 Ocober 2016Cybersecurity Preparedness Benchmark Study_Webex 27 Ocober 2016
Cybersecurity Preparedness Benchmark Study_Webex 27 Ocober 2016Tony Moroney
 
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -Marcello Marchesini
 
Cloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor RiskCloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor RiskHealth Catalyst
 
Security Priorities 2022 Sample Slides.pdf
Security Priorities 2022 Sample Slides.pdfSecurity Priorities 2022 Sample Slides.pdf
Security Priorities 2022 Sample Slides.pdfIDG
 
Please read the instructions and source that provided, then decide.docx
Please read the instructions and source that provided, then decide.docxPlease read the instructions and source that provided, then decide.docx
Please read the instructions and source that provided, then decide.docxLeilaniPoolsy
 
2015 Scalar Security Study Executive Summary
2015 Scalar Security Study Executive Summary2015 Scalar Security Study Executive Summary
2015 Scalar Security Study Executive Summarypatmisasi
 
Cybersecurity Quarterly Benchmarks Q1 2022
Cybersecurity Quarterly Benchmarks Q1 2022Cybersecurity Quarterly Benchmarks Q1 2022
Cybersecurity Quarterly Benchmarks Q1 2022Gartner Peer Insights
 
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdfCyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdfCyber Security Experts
 
Chapter 7 Managing Secure System.pdf
Chapter 7 Managing Secure System.pdfChapter 7 Managing Secure System.pdf
Chapter 7 Managing Secure System.pdfAbuHanifah59
 
Security Priorities Sample Slides 2023.pdf
Security Priorities Sample Slides 2023.pdfSecurity Priorities Sample Slides 2023.pdf
Security Priorities Sample Slides 2023.pdfIDG
 
NEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdfNEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdfIDG
 
Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisEvan Francen
 
Top CISO Concerns Relating to Data Security
Top CISO Concerns Relating to Data SecurityTop CISO Concerns Relating to Data Security
Top CISO Concerns Relating to Data SecurityScale Venture Partners
 
Evolving State of the Endpoint Webinar
Evolving State of the Endpoint WebinarEvolving State of the Endpoint Webinar
Evolving State of the Endpoint WebinarLumension
 
BRG_CSP_Study-Summary-nofees
BRG_CSP_Study-Summary-nofeesBRG_CSP_Study-Summary-nofees
BRG_CSP_Study-Summary-nofeesFaisal Amin
 

Ähnlich wie Cybersecurity Preparedness Trends and Best Practices (20)

Cybersecurity Preparedness Benchmark Study_Webex 27 Ocober 2016
Cybersecurity Preparedness Benchmark Study_Webex 27 Ocober 2016Cybersecurity Preparedness Benchmark Study_Webex 27 Ocober 2016
Cybersecurity Preparedness Benchmark Study_Webex 27 Ocober 2016
 
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
 
Cloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor RiskCloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor Risk
 
2015 IA survey - Protiviti
2015 IA survey - Protiviti2015 IA survey - Protiviti
2015 IA survey - Protiviti
 
Security Priorities 2022 Sample Slides.pdf
Security Priorities 2022 Sample Slides.pdfSecurity Priorities 2022 Sample Slides.pdf
Security Priorities 2022 Sample Slides.pdf
 
Please read the instructions and source that provided, then decide.docx
Please read the instructions and source that provided, then decide.docxPlease read the instructions and source that provided, then decide.docx
Please read the instructions and source that provided, then decide.docx
 
2015 Scalar Security Study Executive Summary
2015 Scalar Security Study Executive Summary2015 Scalar Security Study Executive Summary
2015 Scalar Security Study Executive Summary
 
ISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochureISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochure
 
Cybersecurity Quarterly Benchmarks Q1 2022
Cybersecurity Quarterly Benchmarks Q1 2022Cybersecurity Quarterly Benchmarks Q1 2022
Cybersecurity Quarterly Benchmarks Q1 2022
 
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdfCyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
 
Chapter 7 Managing Secure System.pdf
Chapter 7 Managing Secure System.pdfChapter 7 Managing Secure System.pdf
Chapter 7 Managing Secure System.pdf
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Security Priorities Sample Slides 2023.pdf
Security Priorities Sample Slides 2023.pdfSecurity Priorities Sample Slides 2023.pdf
Security Priorities Sample Slides 2023.pdf
 
NEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdfNEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdf
 
Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk Analysis
 
Top CISO Concerns Relating to Data Security
Top CISO Concerns Relating to Data SecurityTop CISO Concerns Relating to Data Security
Top CISO Concerns Relating to Data Security
 
CYBER SECURITY audit course report
CYBER SECURITY audit course reportCYBER SECURITY audit course report
CYBER SECURITY audit course report
 
Evolving State of the Endpoint Webinar
Evolving State of the Endpoint WebinarEvolving State of the Endpoint Webinar
Evolving State of the Endpoint Webinar
 
BRG_CSP_Study-Summary-nofees
BRG_CSP_Study-Summary-nofeesBRG_CSP_Study-Summary-nofees
BRG_CSP_Study-Summary-nofees
 
Presentation to GFCE 2019 in Addis Ababa, Ethiopia
Presentation to GFCE 2019 in Addis Ababa, EthiopiaPresentation to GFCE 2019 in Addis Ababa, Ethiopia
Presentation to GFCE 2019 in Addis Ababa, Ethiopia
 

Mehr von Tony Moroney

DIGITITIS - EXISTE UMA CURA?
DIGITITIS - EXISTE UMA CURA?DIGITITIS - EXISTE UMA CURA?
DIGITITIS - EXISTE UMA CURA?Tony Moroney
 
DIGITITIS - ¿HAY UNA CURA?
DIGITITIS - ¿HAY UNA CURA?DIGITITIS - ¿HAY UNA CURA?
DIGITITIS - ¿HAY UNA CURA?Tony Moroney
 
Culture - Hard to Build, Easy to Destroy, Or
Culture - Hard to Build, Easy to Destroy, OrCulture - Hard to Build, Easy to Destroy, Or
Culture - Hard to Build, Easy to Destroy, OrTony Moroney
 
Mortgage Market Digital Innovation
Mortgage Market Digital InnovationMortgage Market Digital Innovation
Mortgage Market Digital InnovationTony Moroney
 
Key Risk Indicators - Changing the Reference Points
Key Risk Indicators - Changing the Reference PointsKey Risk Indicators - Changing the Reference Points
Key Risk Indicators - Changing the Reference PointsTony Moroney
 
Achieving Income Growth in a Consumer Regulated Environment - May 2016
Achieving Income Growth in a Consumer Regulated Environment - May 2016Achieving Income Growth in a Consumer Regulated Environment - May 2016
Achieving Income Growth in a Consumer Regulated Environment - May 2016Tony Moroney
 
Learning lessons from regulation changes in the mortgage market
Learning lessons from regulation changes in the mortgage marketLearning lessons from regulation changes in the mortgage market
Learning lessons from regulation changes in the mortgage marketTony Moroney
 
Credit Risk Issues for Lenders - CML Conference Oct 2013
Credit Risk Issues for Lenders - CML Conference Oct 2013Credit Risk Issues for Lenders - CML Conference Oct 2013
Credit Risk Issues for Lenders - CML Conference Oct 2013Tony Moroney
 
Buy to Let and Let to Buy Misuse - CML Conference_19 June 2013
Buy to Let and Let to Buy Misuse - CML Conference_19 June 2013Buy to Let and Let to Buy Misuse - CML Conference_19 June 2013
Buy to Let and Let to Buy Misuse - CML Conference_19 June 2013Tony Moroney
 
Managing Mortgage Arrears - Insights from the USA
Managing Mortgage Arrears - Insights from the USAManaging Mortgage Arrears - Insights from the USA
Managing Mortgage Arrears - Insights from the USATony Moroney
 
Managing Conduct and Behavioural Risk
Managing Conduct and Behavioural RiskManaging Conduct and Behavioural Risk
Managing Conduct and Behavioural RiskTony Moroney
 
The future of mortgage regulation
The future of mortgage regulation The future of mortgage regulation
The future of mortgage regulation Tony Moroney
 
Managing conduct and behavioural risk
Managing conduct and behavioural riskManaging conduct and behavioural risk
Managing conduct and behavioural riskTony Moroney
 

Mehr von Tony Moroney (13)

DIGITITIS - EXISTE UMA CURA?
DIGITITIS - EXISTE UMA CURA?DIGITITIS - EXISTE UMA CURA?
DIGITITIS - EXISTE UMA CURA?
 
DIGITITIS - ¿HAY UNA CURA?
DIGITITIS - ¿HAY UNA CURA?DIGITITIS - ¿HAY UNA CURA?
DIGITITIS - ¿HAY UNA CURA?
 
Culture - Hard to Build, Easy to Destroy, Or
Culture - Hard to Build, Easy to Destroy, OrCulture - Hard to Build, Easy to Destroy, Or
Culture - Hard to Build, Easy to Destroy, Or
 
Mortgage Market Digital Innovation
Mortgage Market Digital InnovationMortgage Market Digital Innovation
Mortgage Market Digital Innovation
 
Key Risk Indicators - Changing the Reference Points
Key Risk Indicators - Changing the Reference PointsKey Risk Indicators - Changing the Reference Points
Key Risk Indicators - Changing the Reference Points
 
Achieving Income Growth in a Consumer Regulated Environment - May 2016
Achieving Income Growth in a Consumer Regulated Environment - May 2016Achieving Income Growth in a Consumer Regulated Environment - May 2016
Achieving Income Growth in a Consumer Regulated Environment - May 2016
 
Learning lessons from regulation changes in the mortgage market
Learning lessons from regulation changes in the mortgage marketLearning lessons from regulation changes in the mortgage market
Learning lessons from regulation changes in the mortgage market
 
Credit Risk Issues for Lenders - CML Conference Oct 2013
Credit Risk Issues for Lenders - CML Conference Oct 2013Credit Risk Issues for Lenders - CML Conference Oct 2013
Credit Risk Issues for Lenders - CML Conference Oct 2013
 
Buy to Let and Let to Buy Misuse - CML Conference_19 June 2013
Buy to Let and Let to Buy Misuse - CML Conference_19 June 2013Buy to Let and Let to Buy Misuse - CML Conference_19 June 2013
Buy to Let and Let to Buy Misuse - CML Conference_19 June 2013
 
Managing Mortgage Arrears - Insights from the USA
Managing Mortgage Arrears - Insights from the USAManaging Mortgage Arrears - Insights from the USA
Managing Mortgage Arrears - Insights from the USA
 
Managing Conduct and Behavioural Risk
Managing Conduct and Behavioural RiskManaging Conduct and Behavioural Risk
Managing Conduct and Behavioural Risk
 
The future of mortgage regulation
The future of mortgage regulation The future of mortgage regulation
The future of mortgage regulation
 
Managing conduct and behavioural risk
Managing conduct and behavioural riskManaging conduct and behavioural risk
Managing conduct and behavioural risk
 

Cybersecurity Preparedness Trends and Best Practices

  • 2. 2 BRG Overview Over 1,000 professionals in 37 offices Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study
  • 3. 3 Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study Study Background Why the need for cybersecurity benchmarking? • Financial and non-financial consequences of a successful cyber attack • Governance and Technology • Gain understanding how other peers implement Information Security • Study results from two different points of view: – overall results across all participants to provide a thorough and balanced view of the current state of Cybersecurity – an individual assessment for each participant where individual answers are discussed and compared against other study respondents
  • 4. 4 Study Background Target group: Executive Management and Board of Directors from different sectors Survey: 103 Questions, approximately 60 minutes. Online questionnaire; select phone interviews Timeline: Q1 and Q2 2016 Results: Q3 2016 Participants received: Anonymized evaluation of participant data including indication of their individual answers Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study
  • 5. 5 Objectives Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study
  • 6. 6 Country of Origin Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study
  • 7. 7 Study Participants Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study Primary Industry of Organization Title or Level in Organization Total Employees with Average FTE IT Employees
  • 8. 8 Strategic Insights Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study
  • 9. 9 Who does the CISO/CSO report to? Growing Importance of CISO Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study 54% of organizations report an Information Security Officer is in place
  • 10. 10 How would you rate your organization’s information security culture? Security Culture Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study CISO 73% of organizations have a formal cybersecurity training and awareness program
  • 11. 11 Rate the effectiveness of your organization’s cyber security program Cybersecurity Effectiveness Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study CISO 80% of organizations report that senior managers approach information security as an enterprise risk-management issue
  • 12. 12 How would you rate your organization’s cyber security incident response capabilities? Incident Response Capability Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study CISO 60% of organizations inform governments and regulators of cybersecurity breaches
  • 13. 13 What strategic initiatives has your organization adopted in its security program? Strategic Initiatives Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study 90% of organizations do not have a cybersecurity strategy for the Internet of Things
  • 14. 14 Board and Executive Leadership Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study
  • 15. 15 Areas in which the Board of Directors actively participate: Board Engagement Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study CISO 55% of organizations report that the Board of Directors actively participate in overall cybersecurity strategy
  • 16. 16 Areas board participation has helped improve your organization’s information security program: Board Influence Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study
  • 17. 17 How does the board oversee cyber security-related issues? Board Oversight Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study
  • 18. 18 How would you rate the organizational leadership support for cybersecurity? Rate senior management focus on information security Leadership Support & Focus Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study
  • 19. 19 How do you measure the effectiveness of the organization’s cyber security program? Feedback Mechanisms Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study 69% of organizations rely on auditors, both internal and external as a measure of their cybersecurity effectiveness
  • 20. 20 Managing Security Risk Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study
  • 21. 21 Has your organization performed a cyber risk appetite assessment? Has your organization performed a cyber threat assessment? Cybersecurity Risk Assessments Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study CISO CISO 47% of organizations do not believe that leadership has a functional understanding of their network security
  • 22. Are there formal security and operational procedures documented? 22 Documented Procedures Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study 91% of organizations document their cybersecurity policies and procedures
  • 23. 23 Areas for improvement and awareness programs? Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study Improvement & Awareness
  • 24. 24 How often does executive management receive periodical briefings on the state of your organization’s network security system? Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study Executive Briefings 30% of executive management receive a briefing once every six months or less
  • 25. 25 Systems and Controls Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study
  • 26. Which information security standard and best practice does your organization follow? 26 Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study Security Standards 37% of organizations used ISO27001, with financial services at 43%
  • 27. Security controls and business continuity plans are tested on a regular basis? 27 Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study Controls Testing
  • 28. How often are the security controls of the enterprise systems and interconnected systems reviewed? 28 Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study System Reviews 24% of organizations do not routinely test security controls and business continuity plans on a regular basis
  • 29. How often are self-assessments conducted? 29 Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study Self-assessments 30% of organizations do not routinely undertake self-assessments CISO
  • 30. How often are external security assessments conducted? 30 Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study External Assessments CISO
  • 31. What steps has your organization taken in order to obtain assurances from external service providers and vendors that their security meets standards? 31 Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study External Service Providers & VendorsCISO 63% of organizations have ensured external service providers and vendor contracts include provisions for security
  • 32. 32 Governance and Reporting Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study
  • 33. Rate your organization’s cyber security risk management program 33 Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study Risk Management Effectiveness 42% of organizations somewhat agree that cybersecurity risks are being considered in business decision making 7% of organizations strongly agree that cybersecurity risks are being considered in business decision making
  • 34. Rate your organization’s cyber security Information Governance capabilities 34 Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study Information Governance Capabilities 56% of organizations rate their Information Governance capabilities as ‘slightly’ or ‘somewhat effective’
  • 35. Rate your company’s information security governance maturity level 35 Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study IS Governance Maturity CISO
  • 36. Rate your company’s IT risk management maturity level 36 IT Risk Management Maturity Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study CISOCISO
  • 37. Rate your company’s cloud computing maturity level 37 Cloud Computing Maturity Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study 57% of organizations do not allow use of public cloud services
  • 38. 38 Does the organization incident response plan outline regulatory and governmental notification protocols for breaches? Regulatory & Government Reporting Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study 57% of organizations are required by regulatory and government agencies to disclose system breaches
  • 39. 39 Breaches and Incidents Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study
  • 40. What type of breaches did your organization experience? 40 Type of Cybersecurity Breaches Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study 51% of organizations do not believe they are well equipped to handle a breach 46% of organizations report having experienced a cybersecurity breach
  • 41. 45% of organizations report current employees as the most likely source of cybersecurity breach incidents 41 What was the estimated source of data breach incidents? Sources of Breaches Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study
  • 42. Type of staff-related incidents the organization experienced? 42 Staff-related Incidents Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study
  • 43. 43 Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study Key Observations Despite a strong focus on cybersecurity culture, many organizations do not believe their cybersecurity programs are fully effective 45% of respondents reported that they needed to improve security awareness and training Current employees are the likely cause behind most cybersecurity breaches Respondents reported that current employees were the likely source of 45% of data breach incidents, followed by 22% of incidents caused by hackers and 13% by former employees Viruses and malicious software are the most common breaches. Respondents reported that infections from viruses or malicious software accounted for 39% of all data breaches, followed by system failures or data corruption accounting for 35% of breaches
  • 44. 44 Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study Key Observations Most organizations do not have strategies for the emerging fields of the Internet of Things or Big Data 90% of respondents do not have a cybersecurity strategy for the Internet of Things, and 86% do not have a strategy for Big Data Organizations lack confidence in their cybersecurity incident response capability 65% of respondents reported having a formal cyber incident response plan, and 60% incorporated regulatory and government notification protocols for breaches. However, when asked if their organization was well equipped to handle a cyber breach, 51% of respondents were neutral or disagreed Organizations anticipate an increase in information security budgets 54% of respondents reported that they expected an increase in their 2016 cybersecurity budget. However, 48% of respondents reported they were neutral or disagreed when asked if leadership allocated adequate budget for cybersecurity efforts
  • 45. 45 Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study Recommendations 1. Hire Experts 2. Establish a Plan of Action 3. Train Your Staff 4. Identify Problems 5. Learn from your mistakes 5 Steps to Prepare for a Data Breach
  • 46. 46 Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study Recommendations Board & Executive Leadership Engagement and By-In • Review and approve the cyber risk appetite and tolerance at board level • Ensure the board has sufficient cybersecurity expertise and/or access to such expertise Security Culture • Build cybersecurity in to all activities and develop enterprise-wide cyber risk management strategies and procedures • Incorporate cybersecurity within business strategy and risk management frameworks Documented Vendor Protocols • Develop procedures to identify and manage cyber risks associated with outside vendors, suppliers, customers, utilities, and other external organizations and service providers • Include provisions to conduct cybersecurity audits External Audits • Undertake testing to include the potential for multiple attacks and the impact of interruptions on critical infrastructure • Ensure there is a robust cyber resilience and incident response program Qualified Talent • Pro-actively undertake cyber threat intelligence gathering and ongoing security analytics • Invest in your people to ensure there is high awareness and ownership for cybersecurity across the organization
  • 47. 47 Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study • Needs to be early stages of collaboration to show the connection points between Corporate and Academic institutions • National Cybersecurity Framework and Cybersecurity Education needs to be aligned • Anticipate use cases for – Organizing academic curriculum – Workforce roles and responsibilities – Professional certifications Cybersecurity Workforce Development National Cybersecurity Education Initiative National Cybersecurity Awareness Formal Cybersecurity Education Cybersecurity Workforce Structure Cybersecurity workforce training & professional development Recommendations
  • 48. 48 The full study is available at: http://www.thinkbrg.com/media/publication/828_CSPBS_Report.pdf Berkeley Research Group - Cybersecurity Preparedness Benchmarking Study Tony Moroney | Managing Director | International Financial Services Berkeley Research Group, LLC 6 New Street Square, 15th Floor | London, EC4A 3BF D +44 (0) 20 3597 5167 | M +353 87 2556947 | F +44 (0)20 3808 2784 tmoroney@thinkbrg.com | thinkbrg.com Faisal Amin | Director | Benchmarking & Strategic Research Berkeley Research Group, LLC 700 Louisiana Street, Suite 2600 | Houston, TX 77002 D 713.493.2552 | O 713.481.9410 | M 281.788.9573 | F 832.862.2284 famin@thinkbrg.com | thinkbrg.com