Make your third-party risk management process extremely efficient by using these tools and techniques.
PwC recently published The Global State of Information Security Survey 2016, which highlights security trends in a number of industries and key themes across all industries.
We’ve dissected three major industries—finance, retail, and the public sector—and several key themes from the survey below. Take a look!
Note: It’s impossible to completely prevent data breaches from happening in any industry—but you can employ a number of best practices to help with data breach prevention and protection.
Trends In Data Breach Prevention & Protection
Finance
A Security Manager's Guide To Third-Party Risk Management
A Security Manager's Guide To Third-Party Risk Management
Survey respondents noted that their biggest security challenge is third party security—but only 59% had security baselines or standards for their third party vendors. While this is more than half, we would hope to see more companies with these standards in place.
That being said, this industry has historically performed very well in protecting against bank data breaches, and it has been known as a top-performing industry in cybersecurity. In fact, 92% of what have a risk-based security framework. This is likely because of the heavy regulation in the industry, but it is a positive sign nonetheless.
Retail
Addressing the risk posed by business partners and third parties is also an issue concerning in retailers—it’s mentioned along with securing risk from payment channels. But only 51% of respondents in retail have cybersecurity baselines and standards for third parties.
68% of respondents said they assess third-party cloud providers to ensure security, and many of them perform security assessments twice a year or more. As you can imagine, it’s very hard to mitigate risk when you’re only looking at a snapshot in time of an organization’s security every 90-180 days. This is where continuous monitoring comes into play—a far better alternative to addressing vendor cybersecurity so infrequently.
Looking to streamline your vendor risk management process? Take a look at these tools and techniques.
Public Sector
The survey shows that the public sector is doing well with risk-based security frameworks, but is lagging in security monitoring and third party security.
A few of the important statistics for the public sector in the survey are as follows:
- 56% of respondents “now employ cloud-enabled cybersecurity for services such as real-time monitoring and analytics, threat intelligence, advanced authentication, and identity and access management.”
- Less than half (47%) of survey respondents are “actively monitoring using analysis of security intelligence.”
- Only 52% of respondents have security standards for third parties.
Interestingly, the survey lists five information security priorities in the public sector for the next 12 months—and number one is continuous monitoring. Placing such emphasis on this critical area is a great sign for the public sector—and we’ll be watching next year’s results to see what comes of it.
Big-Picture Takeaways
- 59% of organizations are leveraging big data in their security programs. This is a positive trend that companies are investing in. Big data solutions like continuous monitoring can benefit nearly every industry, by helping organizations monitor security threats in real time.
- 45% of boards participate in the overall security strategy for an organization. This is a huge increase from the year before. That being said, we expect a far greater increase in years to come, as more boards find it critical to participate in the security strategy at their organization.
Is your board actively involved in cybersecurity? Download the offer below to find out how you can present cybersecurity to board members in a more effective way.
Get the Weekly Cybersecurity Newsletter
Subscribe to get security news and industry ratings updates in your inbox.