Cyber Insurance

How Different Industries Have Fared In Data Breach Prevention

Melissa Stevens | July 14, 2016

PwC recently published The Global State of Information Security Survey 2016, which highlights security trends in a number of industries and key themes across all industries.

We’ve dissected three major industries—finance, retail, and the public sector—and several key themes from the survey below. Take a look!

Note: It’s impossible to completely prevent data breaches from happening in any industry—but you can employ a number of best practices to help with data breach prevention and protection.

Trends In Data Breach Prevention & Protection

Finance security

Survey respondents noted that their biggest security challenge is third party security—but only 59% had security baselines or standards for their third party vendors. While this is more than half, we would hope to see more companies with these standards in place.

That being said, this industry has historically performed very well in protecting against bank data breaches, and it has been known as a top-performing industry in cybersecurity. In fact, 92% of what have a risk-based security framework. This is likely because of the heavy regulation in the industry, but it is a positive sign nonetheless.

Retail

Addressing the risk posed by business partners and third parties is also an issue concerning in retailers—it’s mentioned along with securing risk from payment channels. But only 51% of respondents in retail have cybersecurity baselines and standards for third parties.

68% of respondents said they assess third-party cloud providers to ensure security, and many of them perform security assessments twice a year or more. As you can imagine, it’s very hard to mitigate risk when you’re only looking at a snapshot in time of an organization’s security every 90-180 days. This is where continuous monitoring comes into play—a far better alternative to addressing vendor cybersecurity so infrequently.

Looking to streamline your vendor risk management process? Take a look at these tools and techniques.

Public Sector

The survey shows that the public sector is doing well with risk-based security frameworks, but is lagging in security monitoring and third party security.

A few of the important statistics for the public sector in the survey are as follows:

  • 56% of respondents “now employ cloud-enabled cybersecurity for services such as real-time monitoring and analytics, threat intelligence, advanced authentication, and identity and access management.”
  • Less than half (47%) of survey respondents are “actively monitoring using analysis of security intelligence.”
  • Only 52% of respondents have security standards for third parties.

Interestingly, the survey lists five information security priorities in the public sector for the next 12 months—and number one is continuous monitoring. Placing such emphasis on this critical area is a great sign for the public sector—and we’ll be watching next year’s results to see what comes of it.

Big-Picture Takeaways

  1. 59% of organizations are leveraging big data in their security programs. This is a positive trend that companies are investing in. Big data solutions like continuous monitoring can benefit nearly every industry, by helping organizations monitor security threats in real time.
  1. 45% of boards participate in the overall security strategy for an organization. This is a huge increase from the year before. That being said, we expect a far greater increase in years to come, as more boards find it critical to participate in the security strategy at their organization.

Is your board actively involved in cybersecurity? Download the offer below to find out how you can present cybersecurity to board members in a more effective way.

security-managers-guide-to-VRM

Suggested Posts

As Cyber Insurance Claims Soar, Businesses Need to Demonstrate a Standard of Care

Hardly a day goes by without the emergence of a disturbing new trend in cyber crime or headline-grabbing hack. Hackers are getting smarter and threat vectors are constantly evolving. The escalating threat is forcing businesses to file more

READ MORE »

BitSight EXCHANGE Sound Bites: Transferring Risk Through Cyber Insurance

In the months since BitSight’s inaugural EXCHANGE forum inaugural EXCHANGE forum, we have been digesting and processing the incredible sessions and discussions that came about from this forum. It was a great event that brought together...

READ MORE »

Silent Cyber: What It Is & How You Can Avoid It

Companies typically buy several lines of insurance—from property, to general liability, to professional liability. When something goes wrong, it’s common for a company to run to its insurance provider and claim that it has coverage. But...

READ MORE »

Subscribe to get security news and updates in your inbox.