Upload
leon-fouche
View
216
Download
0
Embed Size (px)
Citation preview
Board and Cyber Security
CYBER SECURITY BREAKFAST #001Board and Cyber SecurityLEON FOUCHE22 March 2016
Page 1
CYBER SECURITY Some statistics….
Page 2Board and Cyber Security
CYBER SECURITY
Page 3
WEF - 2016
Board and Cyber Security Source: The Global Risk Report 2016 – World Economic Forum
CYBER SECURITY
CEOs’ fastest-growing concern61% of CEO’s around the globe are concerned about cyber threats
Protecting Intellectual Property and Customer data70% of organisations expressed concern about their inability to protect intellectual property or confidential customer data
Cyber attacks are on the riseThe estimated annual cost of cyber-attacks to the global economy is more than $400 billion
Australia is not immune to cyber attacksIn 2013 cyber attacks affected 5 million Australians at an estimated cost of $1.06 billion
Page 4
Global and Australian statistics
61%
70%
$400bn
$1bn
Board and Cyber Security
Source: Various Internet sources
CYBER SECURITY
Page 5
Data breaches: 2012-2015
Board and Cyber Security
Source: California Data Breach Report – February 2016
CYBER SECURITY
Page 6Board and Cyber Security
CYBER SECURITY
Page 7Board and Cyber Security
Critical assets and risk assessments • Less than a third (32%) of organisations
have identified their critical digital assets (‘crown jewels’)
• Approximately one fifth (19%) are still working on identifying critical assets
• 15% have done no work at identifying critical assets
• Just over a third (34%) of organisations have completed risk assessments of critical assets
• Only 35% of organisations have completed cyber security risk requirement for 3rd parties
• 5% changed 3rd party vendors as a result of cyber security risks
CYBER SECURITY
Page 8Board and Cyber Security
Lacking cyber incident response plans• Majority of organisations (59%)
use internal resources to mitigate cyber risks
• Only 45% have cyber security incident response plans in place
• 34% have no cyber security incident response plans in place
CYBER SECURITY What is expected from the Board
Page 9Board and Cyber Security
CYBER SECURITY
Page 10Board and Cyber Security
Cyber security expectations• What should the Board be responsible for?• What should management be responsible for?• What should practitioners be responsible for?
CYBER SECURITY
Page 11Board and Cyber Security
Questions the Board should be asking themselves • Do we know what our cyber risk profile is – who,
what, why, impact?• Do we know what our critical digital assets (‘crown
jewels’) are?• Have we done proper risk assessments on these? Is
this within our risk appetite?• What are we doing about managing our security
gaps – mitigation (investment) and transfer (cyber insurance)?
• Are we able to respond to a cyber security incident? When was the last time we have tested this?
CYBER SECURITY
Page 12Board and Cyber Security
Cyber resilience checklist