bridging the data security chasm - knowledgeleader · data is the lifeblood of organizations today....
TRANSCRIPT
To learn more, visit Protiviti.com/ITSecuritySurvey.
© 2014 Protiviti Inc. An Equal Opportunity Employer M/F/D/V. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
Level of Board Engagement in Information Security Risks High engagement and level of 30%understanding by the board
Medium engagement and level 41% of understanding by the board
Low engagement and level of 20%understanding by the board
Don’t know 9%
Many organizations lack high confidence in their ability to prevent a cyberattack or data breachRate your level of confidence that your organization is able to prevent a targeted external attack by a well-funded attacker (1-10 scale where 10 = high level of confidence)
Not all data is equal Percentage of organizations with a clear data classification scheme and policy
7.8 High BoardEngagement
7.2 All Core InfoSecurity Policies
6.0 “Other” BoardEngagement
6.3 Not All Core InfoSecurity Policies
High BoardEngagement
“Other” BoardEngagement
All Core InfoSecurity Policies
Not All Core InfoSecurity Policies
79%Scheme
87%Policy
49%Scheme
64%Policy
78%Scheme
95%Policy
48%Scheme
59%Policy
Still unprepared for a crisisIf your organization experienced a data breach or hacking incident, does it have a formal and documented crisis response plan that would be activated and executed?
High Board “Other” Board All Core Info Not All Core Info Engagement Engagement Security Policies Security Policies
YES 77% 47 % 80% 44%
NO 18% 41% 11% 46%
Bridging the DataSecurity Chasm Assessing the Results of Protiviti’s2014 IT Security and Privacy Survey
Data is the lifeblood of organizations today. Data powers companies, pumping “fuel” in the form of information, knowledge and insight to virtually every function of their business. It therefore must be managed -- and managed well. Common wisdom suggests companies are working diligently to enhance the security of their precious data assets. But the results of Protiviti’s 2014 IT Security and Privacy Survey suggest there is still plenty of work to do.
Core Info Security Policies 2014 2013 2012
Acceptable use policy 76% 87% 86%
Record retention/ 76% 86% 81%destruction policy
Written information 66% 78% 75%security policy (WISP)
Data encryption policy 59% 68% 66%
Social media policy 59% na na
All of the above 32% na na
How would you rate your management’s understanding of what comprises its “sensitive” data and information?
High Board “Other” Board All Core Info Not All Core Info Engagement Engagement Security Policies Security Policies
46% 13% 37% 16%
45% 53% 54% 50%
7% 28% 9% 28%
ExcellentUnderstanding
LimitedUnderstanding
GoodUnderstanding
The Top Performers: Critical Success Factors in IT Security andPrivacy ManagementIn this survey, we compare the findings among “top performing “ companies to other organizations. Top performers:
• Organizations with high board engagement in information security; OR • Organizations with all core information security policies in place