Ankura Publishes Results of Survey on Cybersecurity, Data Governance, and Compliance

Ankura cybersecurity and data experts, working with industry analyst Ari Kaplan, created the survey to examine how security professionals are handling today's complicated cyber and data information landscape. The survey queried 30 corporate security officials on how the perception of security is changing and the ways corporations are adapting to an evolving threat landscape.

Seventy percent of respondents were from organizations with more than $1 billion in annual revenue, and 50 percent were from organizations with annual revenues of more than $5 billion. The majority were from companies with more than 5,000 employees and hailed from a diverse group of industries, including financial services, healthcare, technology, insurance, manufacturing, telecommunications, and media.

"Over the past four years, interest in benchmarking cybersecurity hygiene has continued to expand, and I am honored by the caliber of participation in this year's report," said Kaplan. "The perspectives it highlights reflect an incredible collective dedication to data protection tempered by an acknowledgement of its challenges."

Notable statistics in the report include:

• Seventy-three percent of security budgets are still driven by regulators versus 53 percent based on the value of data assets.
• Eighty percent of the respondents were somewhat concerned or very concerned that they had already been breached.
• Thirty-seven percent were most concerned about an employee mistake, followed by 27 percent focused on cyberattacks and 17 percent most worried about ransomware or malware.
• Although 77 percent of respondents claimed to have a data map of their organization's information landscape, 30 percent described it as "ineffective or out of date."
• Seventeen percent of the respondents noted that Office 365 is a common impetus for moving to the cloud.
• While 97 percent formally evaluate the security practices of their vendors, partners, law firms, and third parties that interact with their data, 60 percent of respondents do not extend this level of inquiry to the partners of their third parties.
• While 93 percent reported focusing their messaging on being part of the solution, 20 percent still claimed to leverage fear to grab the attention of their employees.
• Seventy-six percent ranked user threats as their greatest area of weakness for enterprise security visibility.

Jessica Block, an Ankura Senior Managing Director who focuses on data governance and privacy and spearheaded this project, said, "The results show security leaders around the world are thinking about how to build and sustain cross-functional programs to drive effective information management. We saw organizations acting to improve both processes and technologies in the face of increased regulatory risk and other threats. Regulations such as the General Data Protection Regulation and 23 NYCRR Part 500 are targeting previously unregulated industries and having great impact on existing planned corporate initiatives and budgets beyond what can be absorbed by internal resources."

Scott Corzine, an Ankura Senior Managing Director who focuses his work on cybersecurity compliance and program maturity issues, added, "We were interested in the evolution of cybersecurity reporting relationships in large organizations and the perceptible trend toward security leaders reporting to someone with compliance or oversight responsibilities rather than technical responsibilities. We also looked at the fascinating perspective of CISOs around their frustration with reporting about cybersecurity to boards that may still widely lack cyber-aware members with grounding and experience in the complexities of security as an enterprise risk, and that still fund cyber initiatives in reaction to widely publicized breaches. With 35 percent of CISOs lacking confidence or unsure of the security of their data exposed to their third-party providers, we received some good insights into the complexity of security assurance in the CISOs' information supply chain."

Luke Tenery, an Ankura Senior Managing Director with more than 15 years of experience handling complex cyber issues covering investigations and forensics, data privacy and security, and security management issues, noted, "The survey is an incredibly useful overview of what cybersecurity leaders are grappling with as they adapt to mitigating risks and maximizing opportunities in the cloud and emergent technologies. They are forced to take on more and more third-, fourth-, and even fifth-party vendor platforms, and continue to see an evolution of data security and incident response issues that require strategic reconsiderations of cyber risk management, including incident management and threat detection. For me, it was worth noting that only 37 percent of respondents answered that they were confident that their managed services providers could provide legally defensible investigations if respective organizations were victims of a breach or other cyber incident."

About Ari Kaplan Advisors:  Ari Kaplan Advisors provides market research, ghostwriting, and benchmarking on trends associated with legal technology, cybersecurity, law department management, and law firm growth. For more information, please visit: www.arikaplanadvisors.com.

About Ankura:  Ankura is defined by HOW we solve challenges. Our expert services focus on designing, developing, and executing solutions for clients, whether they are facing immediate demands, increasing value, or protecting against risks. We create innovative strategies for the ever-changing business environment, giving clients unparalleled insight into economic, governance, and regulatory issues. Assembling the right expertise for each client and situation, we know that collaboration drives results. For more information, please visit www.ankura.com.

SOURCE Ankura

Related Links

http://www.ankura.com