2018 Global State of

Information Security Survey

Strengthening digital society against cyber shocks

IDG Communications, Inc.

2018 Global State of Information Security Survey conducted by PwC, CSO and CIO. 2
Number of Security Incidents* Detected Continues to Drop

6,853

4,782
3,458

4,782
4,948
3,741
2016 2017 2018
* A security incident is defined as any adverse incident that threatens some aspect of computer security.

Q. What is the number of security incidents detected in the past 12 months? AND How confident are you that your organization has the ability to
correctly assign attribution to the attack?

2018 Global State of Information Security Survey conducted by PwC, CSO and CIO. 3
But Losses Per Incident Continue to Climb

$578
$501

$364
+58%

Are investing
Increase in
in average
a security strategy
financial losses
forper
theincident
Internet
ofsince
Things
2016
2016 2017 2018

Q. What is the number of security incidents detected in the past 12 months? AND What is the estimated total financial losses as a result of all security
incidents?

2018 Global State of Information Security Survey conducted by PwC, CSO and CIO. 4
Current Employees #1 Source of Security Incidents

30%
26%
23%
20% 19% 19%
17% 17%

Current Former Unknown Competitors Current service Organized Former service Activists/
employees employees hacker providers/ crime providers/ activist
consultants/ consultants/ organizations/
Insider Outsider contractors contractors hacktivists

Q. Estimated likely source of incidents (Not all factors shown.)

2018 Global State of Information Security Survey conducted by PwC, CSO and CIO. 5
To Strengthen Digital Ecosystems, Organizations
Plan to Address Security Safeguards

49%
46% 45% 45% 43%

59%

Say digitization
has increased
information
Improved Biometrics & Security for the New security needs Digital enterprise
security spending collaboration among advanced Internet of Things related to evolving architecture
business, authentication business models
digital & IT

Q. What types of security safeguards does your organization plan to invest in over the next 12 months? AND What impact has digitization of the
business ecosystem had on your organizations security spending?

2018 Global State of Information Security Survey conducted by PwC, CSO and CIO. 6
Adoption of Internet of Things Requires
Cybersecurity & Privacy Safeguards
36%

34% 34%

32%
31%

Uniform cybersecurity Assess device and system New data collection, Employee training on IoT Policies and technologies
standards and policies for interconnectivity and retention and destruction security practices to safeguard against
IoT devices and systems vulnerability across the policies consumer privacy
business ecosystem violations

Q. What policies, technologies and people skills does your organization plan to implement over the next 12 months to address the cybersecurity and privacy risks
associated with the Internet of Things (IoT)? AND Does your organization have a security strategy for the convergence of information, operational, and consumer
technologies (also known as the Internet of Things)?

2018 Global State of Information Security Survey conducted by PwC, CSO and CIO. 7
Board Leadership Must Be Further Engaged

Security budget 45%

Overall security strategy 44%

Security policies 39%

Security technologies 36%

Review of current security and privacy risks 31%

Review roles and responsibilities
of security organization 26%

Review of security and privacy testing 19%

Q. In which of the following areas does your organizations Board of Directors actively participate?

2018 Global State of Information Security Survey conducted by PwC, CSO and CIO. 8
Continue the
Conversation
Bob Bragdon
SVP/Publisher, CSO
EMAIL: bob_bragdon@idg.com
TWITTER: @BobOnSecurity

www.idg.com