Page 1

Global Information Security Survey 2017-18Finnish results17 January 2018

8:30 Registration and breakfast

9:00

Presentation of GISS 2017-18 results

Tim Best, Executive DirectorTimo Valonen, Senior Manager

10:45 Discussion

11:00 The seminar ends

Agenda

#EYGISS@EY_Suomi

Page 2 #EYGISS@EY_Suomi

Speakers

EY Global Information Security Survey 2017-18 - Respondents from Finland

Tim Best,Executive Director,CybersecurityEY Advisory Gothenburgtim.best@se.ey.com+46 73 033 20 46

Timo Valonen,Senior Manager,CybersecurityEY Advisory Helsinkitimo.valonen@fi.ey.com+358 400 379 206

Page 3 #EYGISS@EY_Suomi

Top threats that have most increased the Finnish respondents risk exposure

EY Global Information Security Survey 2017-18 - Respondents from Finland

Cyber-attacks to steal financial information

Malware

Phishing

Cyber-attacks to steal IP or data

Internal attacks

0%

10%

20%

30%

40%

50%

60%

70%

2013 2014 2015 2016 2017

Attacks to steal financial information have not reduced as a threat in Finland

Page 4 #EYGISS@EY_Suomi

Top vulnerabilities that have most increased the Finnish respondents risk exposure

EY Global Information Security Survey 2017-18 - Respondents from Finland

Careless or unaware

employees

Outdated information

security controls or architecture

Related to cloud computing use

0%

10%

20%

30%

40%

50%

60%

70%

80%

2013 2014 2015 2016 2017

Careless or unaware employees

Outdated information security controls or architecture

Related to cloud computing use

Global respondents consider careless employees as a

vulnerabilitytwice as often

compared to Finland

Page 5 #EYGISS@EY_Suomi

Board knowledge of information security in Finland

EY Global Information Security Survey 2017-18 - Respondents from Finland

26%

13%

36%

24%

0%

5%

10%

15%

20%

25%

30%

35%

40%

Board has sufficientknowledge of information

security

The person responsible forinformation security is on the

board

Finnish respondents Global respondents

In Finland, information

security is rarely on the board

Page 6 #EYGISS@EY_Suomi

Development of Finnish respondents' confidence in their cybersecurity capabilities

EY Global Information Security Survey 2017-18 - Respondents from Finland

Ad-hoc or non-existent data protection policies

No or only informal threat intelligence program

Do not have a SOC

0%

10%

20%

30%

40%

50%

60%

70%

80%

2015 2016 2017

51 % of Finnish respondents do not

have a SOC.The amount has

stayed the same in recent years.

Page 7 #EYGISS@EY_Suomi

Outsourced functions in SOCs

EY Global Information Security Survey 2017-18 - Respondents from Finland

42% 42%45%

42%

23%

16%

32%

42%

0%

37%

27%

21%

31%

25%

15%

29%

41%

10%

0%

5%

10%

15%

20%

25%

30%

35%

40%

45%

50%

Real time networksecurity monitoring

Incident investigation Digital/malwareforensics

Threat intelligencecollection/feeds

Threat intelligenceanalysis

Cybersecurityexercise creation and

delivery

Vulnerabilityscanning andmanagement

Penetration testing We fulfill all functionsin-house

Finnish respondents Global respondents

Page 8 #EYGISS@EY_Suomi

Incident response maturity in Finnish organizations

EY Global Information Security Survey 2017-18 - Respondents from Finland

5%

15%

41%

33%

5%

10%

21%

36%

24%

8%

0%

5%

10%

15%

20%

25%

30%

35%

40%

45%

We do not have an incident responsecapability

We have an incident response planthrough which we can recover frommalware and employee misbehavior.

Further investigations into root causesare not conducted.

We have a formal incident responseprogram and conduct investigations

following an incident

We have a formal incident responseprogram and established arrangements

with external vendors for more completeidentity response services and

investigations

We have a robust incident responseprogram that includes third parties andlaw enforcement and is integrated with

our broader threat and vulnerabilitymanagement function. We build

playbooks for potential incidents andtest those playbooks via table-top e

Finnish respondents Global respondents

Page 9 #EYGISS@EY_Suomi

Likely sources of attacks according to the Finnishrespondents

EY Global Information Security Survey 2017-18 - Respondents from Finland

70 % of the Finnish respondents say careless

employee is the most likely source of attack

63 % of the Finnish respondents say criminal syndicates are the most

likely source of attack

49 % of the Finnish respondents say a Lone Wolf

hacker is the most likely source of attack

(only 14% consider a malicious employee the most

likely source of attack)

Page 10 #EYGISS@EY_Suomi

State-sponsored attackers as a threat over the years

EY Global Information Security Survey 2017-18 - Respondents from Finland

Finland

Global

0%

10%

20%

30%

40%

50%

60%

2014 2015 2016 2017

Finland Global

Page 11 #EYGISS@EY_Suomi

7%

30%

27%

44%

44%

48%

22%

48%

Communicating significant cyber attacks to stakeholders

EY Global Information Security Survey 2017-18 - Respondents from Finland

Notify regulators

Global

Finland

Issue press release

Global

FinlandOn first day

On first week

On first day

On first week

Page 12 #EYGISS@EY_Suomi

Finns are much more reluctant to get cyber insurance

EY Global Information Security Survey 2017-18 - Respondents from Finland

20%

23%

45%

13%

37%

18%

23%

18%

0% 20% 40% 60%

We currently have cyber insurance that meets our organization’s needs

We do not have cyber insurance and areactively looking for appropriate cover

We do not have cyber insurance and wehave no plans to adopt it

We have never considered cyber insurance

Finnish respondents Global respondents

81% of Finnish respondents do not

have cyber insurance, compared to 59%

globally

Page 13 #EYGISS@EY_Suomi

Information security budgets in Finnish organizations

EY Global Information Security Survey 2017-18 - Respondents from Finland

68 % of the Finnish respondents say budgets have increased in the last

12 months

84 % of the Finnish respondents say they need significantly more funding

to meet requirements

15 % of the Finnish respondents expect a major

increase in their cybersecurity budget

Page 14 #EYGISS@EY_Suomi

Information security budgets in Banking sector

EY Global Information Security Survey 2017-18 - Respondents from Finland

48%

24%

10% 11%

4%2% 1%

0%

10%

20%

30%

40%

50%

60%

Less than US$1 million Between US$1 million andUS$2 million

Between US$2 million andUS$10 million

Between US$10 million andUS$50 million

Between US$50 million andUS$100 million

Between US$100 millionand US$250 million

More than US$250 million

Global Banking sector respondents, n=148

Page 15 #EYGISS@EY_Suomi

Please visit our insights on Cyber Security at ey.com/cybersecurity

EY Global Information Security Survey 2017-18 - Respondents from Finland

Cybersecurity regained:EY’s Global Information Security Survey 2017-18

ey.com/GISS

EU:n tietosuoja-asetus:oletko valmis?

ey.com/fi/gdpr

Building trust in the cloud:creating confidence in your cloud ecosystem

ey.com/cloudtrust

Identity and access management: beyond compliance

ey.com/IAM

Cybersecurityand the

Internet of Things

ey.com/IoT

Unlocking the value of your

program investments

ey.com/prm

Cyber threat intelligence:

How to get ahead

of cybercrime

ey.com/CTI

SecurityOperations

Centers:Helping you

get ahead ofcybercrime

ey.com/SOC

Cyber Program Management:

Identifying ways to get ahead of cybercrime

ey.com/CPM

Privacy trends: Can privacy really be protected anymore?

ey.com/privacy2016

Maximizing the value of a data protection program

ey.com/dataprotect

Big data: changing the way businesses compete and operate

ey.com/bigdatachange