- Rapidly proliferating technologies and data have increased security risk – in Australia, detected incidents have risen by 109%.
- PwC’s Global State of Information Security Survey 2016 shows that organisations are now treating cyber risk as a serious concern.
- Savvy executives are leveraging innovation, such as cloud computing, to turn risk into opportunity.
In the space of just one week, two high-profile security breaches in Australia (of major retailers Kmart and David Jones) and one worldwide (of credit data agency Experian) would suggest that major organisations are losing the battle against cyber threats.
However, PwC’s latest report on the cyber security industry paints a different picture.
The Global State of Information Security Survey 2016, conducted by PwC, CIO magazine and CSO, has found that in the last year, business leaders have increasingly taken the lead to tackle security threats by investing in prevention, detection and, perhaps most significantly, innovation.
Australia enhances its detective capability
The imperative for business leaders to act is clear. The major business trends of the moment, such as digitisation and data analytics, have led to rapidly proliferating technologies and data, which in turn have increased the security risk. The report shows a 38.5% rise in detected incidents globally – and in Australia, that becomes a phenomenal 109% increase. However, these statistics equally point to the enhanced capability of organisations to detect those incidents in the first place, not necessarily a steep rise in the number of attacks.
Spending on security has gone up by nearly a quarter across the globe – a remarkable about-turn from last year’s figures, which showed that budgets had actually decreased by 4%. Australia’s security spend, at 4.02% of the total IT budget, sits slightly higher than the global average of 3.75%.
Better detection doesn’t just rely on dollar investment. It also comes down to the new approaches that organisations are taking. The Global State of Information Security Survey 2016 – which assessed the responses of 10,000 CEOs, CFOs, CIOs, CISOs, CSOs, VPs and directors of IT and security practices – reveals that business focus has shifted to explore innovation-led strategies and practices. And with more than nine out of ten organisations saying they have now adopted standard security frameworks, which help businesses measure goals and gauge the maturity of their security practices, all the signs are pointing to organisations finally treating this important risk area with the seriousness and consideration that it demands.
Collaboration for security
With the potential to affect finances, reputation and operations, cyber security is increasingly being addressed as a cross-functional, business-oriented concern at the board level. This is being reflected in the fact that 45% of boards now participate in security discussions (itself perhaps a contributing factor in the surge in allocated budgets).
It’s not just collaboration at board level that’s helping build resilience. More and more, businesses are swapping intelligence with industry peers on threats and responses, reporting that doing so has improved their threat awareness and intelligence.
While the benefits are extensive, there are still some issues to be addressed for collaboration to succeed. Firstly, the speed at which it occurs may not be sufficient; second, there is a lack of information-sharing framework, which in turn discourages more participants; and finally the risk of data sharing across organisational and global boundaries presents issues around data privacy violation.
Cyber security and the cloud
Savvy executives are spearheading an approach to cyber security that leverages the latest innovations to both minimise risk and (sometimes even inadvertently) improve business performance.
Taking a central role in this evolution of cyber is the proliferation of cloud computing, which is marching forward apace, underpinning some of the greatest advances in enterprise technology.
While there are many facets of the cloud that have increased the security risks for enterprise, it also presents incredible opportunity – and it is this prospect that forward-leaning executives are tapping into.
Not only is the cloud being used to store data, 69% of surveyed organisations are utilising cloud-based security services to safeguard that information – service providers that are largely making heavy investments in advanced protection, authentication, and identity and access management. This trend shows no signs of abating, with 27% of Australian organisations saying that investment in cloud-based security solutions is their top priority.
How well protected is the internet of things?
Connected to the cloud, the internet of things exerts a greater level of security concern. As devices increasingly generate and share vast amounts of data, security and privacy risks also rise. This concern becomes acute as the IoT moves further into civic environments, for example in ‘smart city’ projects.
The number of survey respondents reporting exploits to their IoT components doubled this year – yet only 36% of respondents say they have implemented a security strategy for this type of technology.
Making the most of big data
While big data was formerly considered a liability, it is now proving to offer far-reaching solutions.
An interesting trend this year is the growing number of organisations that are leveraging big data analytics to improve their security function. Whereas previously, security focussed on an organisation’s perimeter-based defences, monitoring and modelling real-time information offers another way to detect attacks. This is such a substantial innovation that 59% of respondents are now using data-powered analytics to identify and respond to security incidents.
A by-product of investing in and monitoring big data is how it can identify network performance issues, as some organisations have reported, allowing them to improve systems more holistically.
The obstacles ahead
While collaboration at board level and with industry peers is a positive, Australian security executives identified their greatest concern as third party suppliers when it comes to security efforts. Organisations that rely on such arrangements often require access and connectivity in order to share and process information, which is rarely adequately monitored or secured.
Other major concerns include the speed of innovation, which is making it hard for experts to keep up with the ability to secure new technologies. Mobility, the need to access information from any device and managing those controls from a centralised level are also issues that sit high on the agenda.
With greater involvement from the board, however, the overall trajectory for organisations this year looks promising. Globally, financial losses due to security incidents have decreased by 5% and acumen at C-level is certainly rising. If strategic and innovative approaches continue, the investment in cyber could show rewards much more far reaching than security.
Read the Australian report on cyber security, the Global State of Information Security Survey 2016, here.
All graphics in this article reflect global survey figures.