agenda global information - ernst & young · page 1 global information security survey 2017-18...
TRANSCRIPT
Page 1
Global Information Security Survey 2017-18Finnish results17 January 2018
8:30 Registration and breakfast
9:00
Presentation of GISS 2017-18 results
Tim Best, Executive DirectorTimo Valonen, Senior Manager
10:45 Discussion
11:00 The seminar ends
Agenda
#EYGISS@EY_Suomi
Page 2 #EYGISS@EY_Suomi
Speakers
EY Global Information Security Survey 2017-18 - Respondents from Finland
Tim Best,Executive Director,CybersecurityEY Advisory [email protected]+46 73 033 20 46
Timo Valonen,Senior Manager,CybersecurityEY Advisory [email protected]+358 400 379 206
Page 3 #EYGISS@EY_Suomi
Top threats that have most increased the Finnish respondents risk exposure
EY Global Information Security Survey 2017-18 - Respondents from Finland
Cyber-attacks to steal financial information
Malware
Phishing
Cyber-attacks to steal IP or data
Internal attacks
0%
10%
20%
30%
40%
50%
60%
70%
2013 2014 2015 2016 2017
Attacks to steal financial information have not reduced as a threat in Finland
Page 4 #EYGISS@EY_Suomi
Top vulnerabilities that have most increased the Finnish respondents risk exposure
EY Global Information Security Survey 2017-18 - Respondents from Finland
Careless or unaware
employees
Outdated information
security controls or architecture
Related to cloud computing use
0%
10%
20%
30%
40%
50%
60%
70%
80%
2013 2014 2015 2016 2017
Careless or unaware employees
Outdated information security controls or architecture
Related to cloud computing use
Global respondents consider careless employees as a
vulnerabilitytwice as often
compared to Finland
Page 5 #EYGISS@EY_Suomi
Board knowledge of information security in Finland
EY Global Information Security Survey 2017-18 - Respondents from Finland
26%
13%
36%
24%
0%
5%
10%
15%
20%
25%
30%
35%
40%
Board has sufficientknowledge of information
security
The person responsible forinformation security is on the
board
Finnish respondents Global respondents
In Finland, information
security is rarely on the board
Page 6 #EYGISS@EY_Suomi
Development of Finnish respondents' confidence in their cybersecurity capabilities
EY Global Information Security Survey 2017-18 - Respondents from Finland
Ad-hoc or non-existent data protection policies
No or only informal threat intelligence program
Do not have a SOC
0%
10%
20%
30%
40%
50%
60%
70%
80%
2015 2016 2017
51 % of Finnish respondents do not
have a SOC.The amount has
stayed the same in recent years.
Page 7 #EYGISS@EY_Suomi
Outsourced functions in SOCs
EY Global Information Security Survey 2017-18 - Respondents from Finland
42% 42%45%
42%
23%
16%
32%
42%
0%
37%
27%
21%
31%
25%
15%
29%
41%
10%
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
Real time networksecurity monitoring
Incident investigation Digital/malwareforensics
Threat intelligencecollection/feeds
Threat intelligenceanalysis
Cybersecurityexercise creation and
delivery
Vulnerabilityscanning andmanagement
Penetration testing We fulfill all functionsin-house
Finnish respondents Global respondents
Page 8 #EYGISS@EY_Suomi
Incident response maturity in Finnish organizations
EY Global Information Security Survey 2017-18 - Respondents from Finland
5%
15%
41%
33%
5%
10%
21%
36%
24%
8%
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
We do not have an incident responsecapability
We have an incident response planthrough which we can recover frommalware and employee misbehavior.
Further investigations into root causesare not conducted.
We have a formal incident responseprogram and conduct investigations
following an incident
We have a formal incident responseprogram and established arrangements
with external vendors for more completeidentity response services and
investigations
We have a robust incident responseprogram that includes third parties andlaw enforcement and is integrated with
our broader threat and vulnerabilitymanagement function. We build
playbooks for potential incidents andtest those playbooks via table-top e
Finnish respondents Global respondents
Page 9 #EYGISS@EY_Suomi
Likely sources of attacks according to the Finnishrespondents
EY Global Information Security Survey 2017-18 - Respondents from Finland
70 % of the Finnish respondents say careless
employee is the most likely source of attack
63 % of the Finnish respondents say criminal syndicates are the most
likely source of attack
49 % of the Finnish respondents say a Lone Wolf
hacker is the most likely source of attack
(only 14% consider a malicious employee the most
likely source of attack)
Page 10 #EYGISS@EY_Suomi
State-sponsored attackers as a threat over the years
EY Global Information Security Survey 2017-18 - Respondents from Finland
Finland
Global
0%
10%
20%
30%
40%
50%
60%
2014 2015 2016 2017
Finland Global
Page 11 #EYGISS@EY_Suomi
7%
30%
27%
44%
44%
48%
22%
48%
Communicating significant cyber attacks to stakeholders
EY Global Information Security Survey 2017-18 - Respondents from Finland
Notify regulators
Global
Finland
Issue press release
Global
FinlandOn first day
On first week
On first day
On first week
Page 12 #EYGISS@EY_Suomi
Finns are much more reluctant to get cyber insurance
EY Global Information Security Survey 2017-18 - Respondents from Finland
20%
23%
45%
13%
37%
18%
23%
18%
0% 20% 40% 60%
We currently have cyber insurance that meets our organization’s needs
We do not have cyber insurance and areactively looking for appropriate cover
We do not have cyber insurance and wehave no plans to adopt it
We have never considered cyber insurance
Finnish respondents Global respondents
81% of Finnish respondents do not
have cyber insurance, compared to 59%
globally
Page 13 #EYGISS@EY_Suomi
Information security budgets in Finnish organizations
EY Global Information Security Survey 2017-18 - Respondents from Finland
68 % of the Finnish respondents say budgets have increased in the last
12 months
84 % of the Finnish respondents say they need significantly more funding
to meet requirements
15 % of the Finnish respondents expect a major
increase in their cybersecurity budget
Page 14 #EYGISS@EY_Suomi
Information security budgets in Banking sector
EY Global Information Security Survey 2017-18 - Respondents from Finland
48%
24%
10% 11%
4%2% 1%
0%
10%
20%
30%
40%
50%
60%
Less than US$1 million Between US$1 million andUS$2 million
Between US$2 million andUS$10 million
Between US$10 million andUS$50 million
Between US$50 million andUS$100 million
Between US$100 millionand US$250 million
More than US$250 million
Global Banking sector respondents, n=148
Page 15 #EYGISS@EY_Suomi
Please visit our insights on Cyber Security at ey.com/cybersecurity
EY Global Information Security Survey 2017-18 - Respondents from Finland
Cybersecurity regained:EY’s Global Information Security Survey 2017-18
ey.com/GISS
EU:n tietosuoja-asetus:oletko valmis?
ey.com/fi/gdpr
Building trust in the cloud:creating confidence in your cloud ecosystem
ey.com/cloudtrust
Identity and access management: beyond compliance
ey.com/IAM
Cybersecurityand the
Internet of Things
ey.com/IoT
Unlocking the value of your
program investments
ey.com/prm
Cyber threat intelligence:
How to get ahead
of cybercrime
ey.com/CTI
SecurityOperations
Centers:Helping you
get ahead ofcybercrime
ey.com/SOC
Cyber Program Management:
Identifying ways to get ahead of cybercrime
ey.com/CPM
Privacy trends: Can privacy really be protected anymore?
ey.com/privacy2016
Maximizing the value of a data protection program
ey.com/dataprotect
Big data: changing the way businesses compete and operate
ey.com/bigdatachange