Business Leaders Gaining on Cybersecurity Risks, According to the PwC, CIO and CSO Global State of Information Security® Survey 2016

●24% boost in security budgets observed in 2015from $4.1million to $5.1million globally. In Singapore security budgets increased 46% from $4.0million to $5.9million.

●There was a 38% increase in detected information security incidents globally and a 15% increase in Singapore.

●The Internet of Things are expected to increase the stakes for securing cloud-based networks as the number of internet connected devices globally continues to surge to greater than 30 billion by 2020

Singapore, 5 November2015 – Year after year, cyberattacks continue to escalate in frequency, severity and impact. However, prevention, detection methods and cybersecurity innovation are on the rise as forward-leaning business leaders focus on solutions that reduce cybersecurity risks and improve business performance. The Global State of Information Security^® Survey 2016 by PwC in conjunction with CIO and CSO examines how executives are looking towards new innovations and frameworks to improve security and mitigate enterprise risk.

As cyber-risks become increasingly prominent concerns in the C-suite and boardroom, business leaders are increasingly rethinking cybersecurity practices, focusing on a nexus of innovative technologies that can reduce enterprise risks and improve performance. Globally, the vast majority of organisations – 91% – have adopted a security framework, or more often, an amalgam of frameworks. In Asia, 87% of organisations indicated that they had a risk-based framework. These technologies are yielding considerable opportunities to improve cybersecurity and produce holistic, integrated safeguards against cyber-attacks.

"With the insights from both business and technology leaders in this survey, we are seeing more of what we once saw as a risk, being turned into possible solutions, what we saw as a IT priority to aligned business boardroom focus on cyber security," said Vincent Loy, Financial Crime & Cyber Leader, PwC Singapore. "89% of Asian organisations surveyed indicated embracing advanced authentication as a cloud service in place of solely password based authentication. Having said that, technology is only part of the solution, people and process would be equally critical to leverage these technologies.”

The adapting of traditional cybersecurity measures to an increasingly cloud-based world is an example of this effort with considerable investments being made to develop new network infrastructure capabilities that enable improved intelligence gathering, threat modelling, defence against attacks and incident response. According to the report, 69% of respondents globally (66% in Asia and 73% in Singapore), said they use cloud-based security services to help protect sensitive data and ensure privacy and the protection of consumer information.

Connected to the emergence of cloud-based systems, Big Data and the Internet of Things are each ascendant technologies that present a host of cyber challenges and opportunities. In the case of Big Data, often considered a cyber liability, globally, 59% of respondents (49% in Asia) are leveraging data-powered analytics to enhance security by shifting security away from perimeter-based defences and enable organisations to put real-time information to use in ways that create real value. Organisations agree that data driven security capabilities help improve understanding in three key areas – external security threats (62% globally, 69% in Asia, 55% in Singapore), internal security threats (49% globally, 60% in Asia, 55% in Singapore) and user behaviour (41% globally, 50% in Asia, 59% in Singapore).

Tan Shong Ye, IT & Data Risk Leader, PwC Singapore says:

“Asian companies are slower to adopt Big Data analytics for cyber-security because of talent shortage as well as less mature data aggregation and analytics infrastructure. With current employees cited as the likeliest source of causing security incidents at 43% in Singapore, companies should look into incorporating predictive analytics to detect possible behavioural threats and put in place governance and risk management to proactively mitigate possible insider threats.”

As the number of internet connected devices continues to surge, the Internet of Things will inevitably increase the stakes for securing cloud-based networks. Investment intended to address these issues doubled in 2015, but at this point only 36% of survey respondents, both globally and in Asia, have a strategy specifically addressing the Internet of Things. However, only 23% of respondents in Singapore indicated that they had a security strategy.

Over the past three years, the number of organisations that embrace external collaboration has steadily increased. Globally, 65% of respondents report they are collaborating with others to improve security. In Asia, 63% reflected that they had collaborated externally. As more businesses share more data with an expanding roster of partners and customers, it makes sense that they also would swap intelligence on cybersecurity threats and responses. When asked for reasons why the organisation does not collaborate with others, globally, 23% of organisations noted concerns about the privacy of individuals’ personal data. In contrast, the figure is 62% in Singapore.

Jimmy Sng, Technology Partner, PwC South East Asia Consulting concludes:

“The findings from our GSISS 2016 indicate that many companies are aware that cybersecurity is necessary for protecting their digital assets and data, as well as an essential business enabler and competitive advantage. Senior management and boards are generally supportive in enhancing their cybersecurity capabilities in Singapore and across South-East Asia. It is impossible in today’s digital world to protect against all threats with limited time and resources. The challenge over the next 12 months for such companies is two-fold: (1) how to prioritise its investments allocated to cybersecurity and (2) finding the right balance between technologies, processes and people to support their cybersecurity capabilities build.”

Additional notable findings this year include:

●Information security spending increases: Respondents boosted information security spending significantly, reversing last year’s slight drop in security spending. This year, respondents globally boosted their information security budgets by 24% in 2015. In Singapore, respondents indicated an increase in security budgets by 46% in 2015 as compared to 2014.

●Evolving Cybersecurity Roles: 54% of respondents globally, and 57% in Asia and 69% in Singapore have a CISO in charge of the security program. The most frequently cited reporting structure is the CEO, CIO, Board and CTO, in that order.

●Increasing Board Involvement: Globally, 45% of boards participate in the overall security strategy. This deepening of Board involvement has helped improve security practices in numerous ways. This statistic is even greater in Asia with 54% of respondents indicating that their board participated in the security strategy. However, this is only true for 48% of respondents in Singapore.

●Mobile Payments Going Mainstream: In mobile payment systems, 57% of respondents, globally, 52% in Asia and 41% in Singapore have indicated adopting these systems - but the ecosystem continues to rapidly evolve as new partnerships are formed among a constellation of technology, financial, retail and telecommunications firms.

●Investing in Insurance: Technically adept adversaries will always find new ways to circumvent security safeguards. That's why many businesses (59% globally, 51% in Asia, 55% in Singapore) are purchasing cybersecurity insurance to help mitigate the financial impact of cybercrimes when they do occur.

●Government Surveillance Impacting Buying Decisions: Purchases in certain countries are either under review (34% globally, 36% in Asia and 32% in Singapore) or happening less frequently (22% globally, 19% in Asia, 27% in Singapore) as a result of hearing about reports that the government is conducting surveillance on hardware, software and/or services from certain countries.

To explore the survey findings by industry and region, visit: www.pwc.com/gsiss.

ENDS

NOTE TO EDITORS: Please reference the study as “The Global State of Information Security^® Survey 2016, a worldwide survey by CIO, CSO and PwC.” Source line must include CIO, CSO and PwC. Survey results will be covered in depth on CIO.com and CSOonline.com in October.

METHODOLOGY

The Global State of Information Security® Survey 2016 is a worldwide study by PwC, CIO and CSO. It was conducted online from May 7, 2015, to June 12, 2015. Readers of CIO and CSO and clients of PwC from around the globe were invited via email to take the survey. The results discussed in this report are based on the responses of more than 10,000 executives including CEOs, CFOs, CISOs, CIOs, CSOs, vice presidents, and directors of IT and information security from more than 127 countries. Thirty-seven percent (37%) of respondents were from North America, 30% from Europe, 16% from Asia Pacific, 14% from South America, and 3% from the Middle East and Africa. The margin of error is less than 1%.

About CIO

CIO is the content and community resource for information technology executives and leaders thriving and prospering in this fast-paced era of IT transformation in the enterprise. The award-winning CIO portfolio—CIO.com, CIO magazine (launched in 1987), CIO executive programs, CIO strategic marketing services, CIO Forum on LinkedIn, CIO Executive Council and CIO primary research—provides business technology leaders with analysis and insight on information technology trends and a keen understanding of IT’s role in achieving business goals. Additionally, CIO provides opportunities for IT solution providers to reach this executive IT audience. CIO is published by IDG Enterprise, a subsidiary of International Data Group (IDG), the world’s leading media, events, and research company. Company information is available at http://www.idgenterprise.com/.

About CSO

CSO is the content and community resource for security decision-makers leading “business risk management” efforts within their organisation. For more than a decade, CSO’s award-winning web site (CSOonline.com), executive conferences, strategic marketing services and research have equipped security decision-makers to mitigate both IT and corporate/physical risk for their organisations and provided opportunities for security vendors looking to reach this audience. To assist CSOs in educating their organisations’ employees on corporate and personal security practices, CSO also produces the quarterly newsletter Security Smart. CSO is published by IDG Enterprise, a subsidiary of International Data Group (IDG), the world’s leading media, events and research company. Company information is available at www.idgenterprise.com.

About PwC

PwC helps organisations and individuals create the value they’re looking for. We’re a network of firms in 157 countries with more than 195,000 people who are committed to delivering quality in assurance, tax and advisory services. Tell us what matters to you and find out more by visiting us at www.pwc.com.

PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.

Press contact

Natalie Choo
PwC Singapore
Tel: +65 6236 4309
Mobile: +65 9738 1415
E-mail: natalie.yl.choo@sg.pwc.com