Key findings from PwC’s Global State of Information Security Survey 2015 show that security incidents have risen significantly in Europe, having increased 41% since 2013.
As smartphones and mobile devices become ubiquitous in the organisation, 54% of companies have now implemented a mobile device security strategy, compared to only 42% in 2013.
The study also shows that about 51% of companies have taken cyber insurance to insulate themselves from the damage caused by cyber threats.
The Centre for Strategic and International Studies has recently estimated that the annual cost of cyber crime to the global economy ranges from £247 billion to as much as £378 billion.
The survey shows that cyber insurance premiums are forcing organisations to improve their cyber security programmes, with 36% saying they have taken security measures in order to lower their insurance premiums.
Companies most likely to purchase cyber insurance are from the following industries:
- Aerospace and defence
- Entertainment and media
- Financial services
Interestingly, South America leads the adoption of cyber insurance, with 58% holding policies, while the US, at 44%, has the lowest rate of investment in cyber insurance.
Cyber risks will never be completely eliminated
As security incidents continue to proliferate, it is becoming increasingly clear that cyber risks will never be completely eliminated. Experts agree that companies must shift their security focus from a preventative approach to a risk-based approach that prioritises the most valuable information assets and its most relevant threats.
“It’s rare that organisations have the practioners [sic], tools, and executive leadership required to understand and respond to security challenges,” says William Boni, corporate information security officer for T-Mobile USA.
Information security is not only a technical problem
“Too many people still see information security as a principally technical problem,” says Boni. “Information security involves people, processes, and technologies—getting all three in the right measure is the real art of a successful security programme.”
A risk assessment that focuses on people, processes and technology is imperative for effective information security. vsRisk™ provides an effective solution for automating the risk assessment process, enabling compliance with the international information security standard, ISO 27001.
Get 50 % off the regular price of vsRisk this month by purchasing now!