www.pwc.com/ca/security

Insights from The Global State of Information Security® Survey 2016

Ottawa, OntarioApril 13, 2016

Trends in Cybersecurity and Privacy

PwC

Your speakers today

2

April 2016Canadian Insights – The Global State of Information Security® Survey 2016

Anthony DiasDavid Craig

PwC

The digital world just got bigger

Canadian Insights – The Global State of Information Security® Survey 2016

3

April 2016

The evolution:

• Technology-led innovation is transforming business models.

• Organizations operate in a dynamic environment that is increasingly hyper-connected and interdependent.

Leading to:

• Traditional threats are manifesting increasingly through digital channels.

• Benefits of same technological advances are being exploited by an increasing number of global cyber adversaries.

• Adversaries are actively targeting critical assets throughout the ecosystem.

• Data is distributed and disbursed, increasing the potential for loss and exposure.

PwC

Canadian insights

April 2016Canadian Insights – The Global State of Information Security® Survey 2016

4

PwC

Methodology

5

• Readers of CSO and CIO and clients of PwC from 127 countries

• 37% respondents from North America, 30% from Europe, 16% from Asia Pacific, 14% from South America and 3% from the Middle East and Africa

The Global State of Information Security® Survey 2016, a worldwide study by PwC, CIO and CSO, was conducted online from May 7, 2015 to June 12, 2015.

Canadian Insights – The Global State of Information Security® Survey 2016 April 2016

www.pwc.com/gsiss

PwC

The Global State of Information Security® Survey 2016

6

Respondents

• 51% C-suite level

• 15% Director level

• 34% Other (e.g. Manager, Analyst, etc.)

• 39% Business and 61% IT (18% increase compared to 2014)

10,040 17Industries represented

Top 5

• 22% Technology

• 10% Financial Services

• 8% Consulting/Prof. Services

• 7% Engineering/ Construction

• 7% Consumer Products & Retail

Reported annual revenues

• 34% at least US$1B

• 48% US$25 to $999M

• 26% less than US$100M

• 3% non-profit

Canadian Insights – The Global State of Information Security® Survey 2016 April 2016

PwC

Profile of Canadian respondents

7

Respondents

• 35% C-suite level

• 25% Director level

• 40% Other (e.g. Manager, Analyst, etc.)

• 34% Business and 66% IT (17% increase compared to 2014)

157 17Industries represented

Top 5

• 19% Technology

• 12% Financial Services

• 9% Engineering/ Construction

• 9% Government Services

• 8% Agriculture

Reported annual revenues

• 31% at least US$1B

• 52% $25 to US$999M

• 21% less than US$100M

• 4% non-profit

Canadian Insights – The Global State of Information Security® Survey 2016 April 2016

PwC

Top 4 global cybersecurity trends

8

Rise of state-directed capitalism: New threats and actors

Technology as a tool:Risks and opportunities

Global instability: Cybersecurity as a top strategic priority

Competition for resources: Talent is key

Canadian Insights – The Global State of Information Security® Survey 2016

1

2

3

4

April 2016

PwC

Organizations today face four main types of cyber adversaries

9

Nation state

Insiders &Former Insiders

Organized crime

Hacktivists

• Military, economic or political advantage

• Immediate financial gain• Collect information for

future financial gains

• Personal advantage, monetary gain

• Professional revenge• Bribery or coercion

• Influence political and /or social change

• Pressure business to change their practices

MotivesAdversary

• Trade secrets• Sensitive business information• Emerging technologies• Critical infrastructure

• Financial / payment systems• Personally Identifiable

Information• Payment Card Information• Protected Health Information

• Critical infrastructure• Operational technologies• Highly visible venues

• Corporate secrets• Sensitive business information• Information related to key

executives, employees, customers & business partners

Targets

• Loss of competitive advantage• Disruption to critical

infrastructure

• Costly regulatory inquiries and penalties

• Consumer and shareholder lawsuits

• Loss of consumer confidence

• Destabilize, disrupt, and destroy physical and logical assets

• Disruption of business activities• Brand and reputation• Loss of consumer confidence

Impact

Adversary motives and tactics evolve as business strategies change and business activities are executed; ‘crown jewels’ must be identified and their protection prioritized, monitored and adjusted accordingly.

Canadian Insights – The Global State of Information Security® Survey 2016 April 2016

PwC

2016 Canadian insights at a glance

10

160% increase in detected incidents in Canada (over 2014)

Incidents attributed to foreign nation-states increased the most ( up 67%over 2014) while employeescontinue to be the most cited source of incidents (66%)

Averagefinancial loss due to detected incidents is $1M (18%decrease from 2014)

Attacks on IoT devices and systems are on the rise

Customer records continue to be the most targeted data (36%)

Security spending increased by 82% over 2014, currently at 5%of IT spend

Canadian Insights – The Global State of Information Security® Survey 2016 April 2016

PwC

Board participation in cybersecurity programs continues to grow

11

Security budget

Overall security strategy

Security policies

Security technologies

Review of security & privacy risks

Board participation in cybersecurity

20142015

20142015

25%50%40%46%

38%40%42%45%

25%37%36%41%

16%36%30%37%

25%34%25%32%

Canadian Insights – The Global State of Information Security® Survey 2016 April 2016

PwC

Organizations are investing in core safeguards to better defend their ecosystems against evolving threats

12

Canadian Insights – The Global State of Information Security® Survey 2016

Have an overall information security strategy

65% 58%

Have a CISO in charge of security

50% 54%

Employee training and awareness programs

57% 53%

Conduct threat assessments

50% 49%

Have security baselines / standards for third parties

55% 52%

Active monitoring analysis of security intelligence

54% 48%

April 2016

PwC

Public sector insights

April 2016Canadian Insights – The Global State of Information Security® Survey 2016

13

PwC

2016 public sector insights at a glance

14

137% increase in detected incidents in Canada (over 2014)

Incidents attributed to service providers increased the most while employeescontinue to be the most cited source of incidents

Estimated financial losses increased 27%over last year

Citizen and employee records continue to be the most targeted data

Security spending increased by 23% over 2014, currently at 5%of IT spend

April 2016Public Sector Insights – The Global State of Information Security® Survey 2016

PwC

Public sector organizations are also investing in new and innovative safeguards

15

April 2016Public Sector Insights – The Global State of Information Security® Survey 2016

Use cloud-based cybersecurity services

56%

of respondents use big data analytics for cybersecurity44%

of respondents formally collaborate with others in on cybersecurity62%

of respondents have purchased cybersecurity insurance46%

of respondents used risk-based security frameworks92%

PwC

Top five priorities for public sector agencies

16

April 2016Public Sector Insights – The Global State of Information Security® Survey 2016

24/7 monitoring for incidents1Enhancing cybersecurity with cloud computing2

3

4

5

Making mobile devices more secure

Better ways to manage access

Compliance is key

PwC

Internal Audit Messaging

April 2016Canadian Insights – The Global State of Information Security® Survey 2016

17

PwC

Emerging issues in regulation

18

Insider Risk Program maturity

Collaboration with others

Privacy

Mandatory breach notification

Canadian Insights – The Global State of Information Security® Survey 2016 April 2016

PwC

Key messages for Audit Professionals

19

Keep a Risk focus, and monitor maturity improvement

Cybersecurity & Privacy are business issues - avoid the

technology trap

Expand your network –collaboration extends to audit as

well

Talent issues – recruitment, retention, training, certifications, engagement

now more critical

InternalAudit

Canadian Insights – The Global State of Information Security® Survey 2016April 2016

PwC

What are the areas of Audit Committees focus?

1. Data(what, where, who)

2. Insiders(current & former)

3. Third Parties(connected 3rd parties)

4. Incident Response Plans(written, rehearsed,collaboration partners)

20

Canadian Insights – The Global State of Information Security® Survey 2016 April 2016

PwC

For more information, please contact:

Visit www.pwc.com/gsiss to explore the data further.

21

The Global State of Information Security® is a registered trademark of International Data Group, Inc.

© 2016 PricewaterhouseCoopers LLP, an Ontario limited liability partnership. All rights reserved. PwC refers to the Canadian member firm, and may sometimes

refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details. The content of this presentation is

for general information purposes only, and should not be used as a substitute for consultation with professional advisers.

www.pwc.com/ca/security

April 2016Canadian Insights – The Global State of Information Security® Survey 2016

Anthony Dias, Partner, Risk Assurance613 755 5945anthony.j.dias@ca.pwc.com

David Craig, Partner, Risk Assurance416 814 5812 david.craig@ca.pwc.com