Information security has always been a high-stakes game. One that demands a smart strategy, the right technology moves, and an unblinking eye on adversaries. For many businesses, however, it has become a pursuit that is almost impossible to win. That’s because the rules have changed, and opponents—old and new—are armed with expert technology skills. As a result, the risks are greater than ever.
Businesses are fighting back by adopting new detection and prevention technologies. At the same time, governments around the world are enacting legislation to combat cyber threats. And regulatory bodies are issuing new guidance on disclosure obligations for cyber incidents. Yet risks to data security continue to intensify – and show no signs of abating. Those keeping score agree that the bad guys appear to be in the lead.
Nonetheless, many businesses believe they are winning. The Global State of Information Security Survey 2013 shows that most executives in the global industrial products industry are confident in the effectiveness of their information security practices. They believe their strategies are sound and many consider themselves to be leaders in the field.
The odds, however, are not in their favor: Diminished budgets have resulted in degraded security programs, reported security incidents are on the rise, and new technologies are being adopted faster than they can be safeguarded. Given today’s elevated threat environment, businesses can no longer afford to play a game of chance. They must prepare to play a new game, one that requires advanced levels of skill and strategy to win.
PwC US released the 2013 Global State of Information Security Survey with key findings on information security issues facing the industrial products industry. The report includes 775 respondents from the industrial products industry, which shows that most industrial products executives are feeling good about their approach to information security, and many consider themselves to be leaders in the field.
Industrial products respondents are confident in their security practices. 40 percent of industry respondents say their organization has a strategy in place and is proactive in executing it—exhibiting two distinctive attributes of a leader.
Many industrial products respondents are over-confident in their organization’s security program. 70 percent of respondents are confident that they have instilled effective security behaviors into their organization’s culture, yet most do not have a process in place to handle third-party breaches.
Security plans for manufacturing control systems have declined significantly. The number of industrial products respondents who have security policies for manufacturing control systems dropped 23 percent over last year.
Technology adoption is moving faster than security implementation. Industrial products companies are struggling to keep pace with the adoption of cloud computing, social networking, mobility, and use of personal devices. These new technologies often are not included in overall security plans even though they are widely used.
What You Can Do To Improve Your Performance
Information security today is a rapidly evolving game of advanced skill and strategy. As a result, the security models of the past decade are no longer effective. Effective security requires a new way of thinking. The very survival of the business demands that security leaders understand, prepare for, and quickly respond to security threats. Businesses seeking to strengthen their security practice must:
- Implement a comprehensive risk-assessment strategy and align security investments with identified risks.
- Understand their organization’s information, who wants it, and what tactics adversaries might use to get it.
- Understand that information security requirements—and, indeed, overall strategies for doing business—have reached a turning point.
- Embrace a new way of thinking in which information security is both a means to protect data as well as an opportunity to create value to the business.
See the full report at www.pwc.com.