The Global State of Information Security Survey 2016 released in conjunction with CIO and CSO examines how executives are looking towards new innovations and frameworks to improve security and mitigate enterprise risk. At global level, there was a 38% increase in detected information security incidents, as well as a 24% boost in security budgets observed in 2015.

New tools are helping to transform cybersecurity frameworks, yielding holistic, integrated safeguards against cyberattacks

As cyber-risks become increasingly prominent concerns in the C-suite and boardroom, business leaders are increasingly rethinking cybersecurity practices, focusing on a nexus of innovative technologies that can reduce enterprise risks and improve performance. The vast majority of organisations – 91% – have adopted a security framework, or more often, an amalgam of frameworks such as ISO 27001 or NIST. These technologies are yielding considerable opportunities to improve cybersecurity and produce holistic, integrated safeguards against cyber-attacks.

"We are seeing more of what we once saw as a risk, being turned into possible solutions," said Vincent Villers, partner and Cybersecurity Leader at PwC Luxembourg. "For example, many organisations are embracing advanced authentication as a cloud service in place of solely password based authentication."

The adapting of traditional cybersecurity measures to an increasingly cloud-based world is an example of this effort with considerable investments being made to develop new network infrastructure capabilities that enable improved intelligence gathering, threat modeling, defence against attacks and incident response. According to the report, 69% of respondents said they use cloud-based security services to help protect sensitive data and ensure privacy and the protection of consumer information.

“This global trend is also true for Luxembourg. Opinions on Cloud technologies are changing. Will such a change in the Financial sector be the surprise of 2016? ” asks Vincent Villers.

Ascendant technologies are expected to increase the stakes for securing cloud-based networks

Connected to the emergence of cloud-based systems, Big Data and the Internet of Things are each ascendant technologies that present a host of cyber challenges and opportunities. In the case of Big Data, often considered a cyber liability, 59% of respondents are leveraging data-powered analytics to enhance security by shifting security away from perimeter-based defences and enable organisations to put real-time information to use in ways that create real value.

As the number of internet connected devices continues to surge, the Internet of Things will inevitably increase the stakes for securing cloud-based networks. Investment intended to address these issues doubled in 2015, but at this point only 36% of survey respondents have a strategy specifically addressing the Internet of Things.

“There is no one-size-fits-all model for effective cybersecurity. It’s a journey toward a future state that starts with the right mix of technologies, processes, and people skills,” added Vincent Villers. “With those components in place, cybersecurity potentially serve as an indispensable ongoing business enabler.”

Over the past three years, the number of organisations that embrace external collaboration has steadily increased. Sixty-five percent of respondents report they are collaborating with others to improve security. As more businesses share more data with an expanding roster of partners and customers, it makes sense that they also would swap intelligence on cybersecurity threats and responses.

“An advanced and enhanced information security program will not only enable companies to better defend against cyberthreats, it will also help create competitive advantages and foster trust among customers and business partners,” said Vincent Villers.

The results of the Global State of Information Security Survey 2016 and the latest cybersecurity trends will be the focus of a conference organised by PwC Luxembourg on 26 November. The firm’s cybersecurity experts will discuss the challenges faced by organisations, and present five innovative solutions in the fields of fraud detection, identity management, authentication and cloud security that have been designed to effectively tackle current and future risks: ThetaRay, BIT, BehavioSec, Brainwave and IBM.

Additional notable findings this year include:

• Information security spending increases: Respondents boosted information security spending significantly, reversing last year’s slight drop in security spending. This year respondents boosted their information security budgets by 24% in 2015.
• Evolving Cybersecurity Roles: 54% of respondents have a CISO in charge of the security program. The most frequently cited reporting structure is the CEO, CIO, Board and CTO, in that order. 
• Increasing Board Involvement: 45% of boards participate in the overall security strategy. This deepening of Board involvement has helped improve security practices in numerous ways.
• Mobile Payments Going Mainstream: 57% of respondents have adopted mobile payments systems - but the ecosystem continues to rapidly evolve as new partnerships are formed among a constellation of technology, financial, retail and telecommunications firms.
• Investing in Insurance: Technically adept adversaries will always find new ways to circumvent security safeguards. That's why many businesses (59%) are purchasing cybersecurity insurance to help mitigate the financial impact of cybercrimes when they do occur.
• Government Surveillance Impacting Buying Decisions: Purchases in certain countries are either under review (34%) or happening less frequently (22%) as a result of hearing about reports that the government is conducting surveillance on hardware, software and/or services from certain countries.

To explore the survey findings, visit: www.pwc.lu/en/information-risk-management/publications-global.html