04 Mar GRC Report Q3 2015
A SPECIAL REPORT FROM THE EDITORS AT CYBERSECURITY VENTURES
The GRC Report provides governance, risk and compliance trends, statistics, best practices, and resources for chief information security officers (CISOs) and IT security staff.
GOVERNANCE, RISK & COMPLIANCE
Risk consulting shifting from Big Four to cyber consultancies and the cloud.
- An alarming finding in a 2015 Ponemon Institute report commissioned by Dell SecureWorks was that 58 percent out of the 1,825 IT security and IT leaders surveyed said they did not think or were unsure if their organization possessed sufficient resources to achieve compliance with security standards and laws.
- Fortune conducted a poll of CEOs at Fortune 500 companies and got dozens of responses when asking them what they thought their greatest threats were, or challenges. The No. 1 response was the pace of technological change. Cybersecurity was the No. 2 response.
- The “2015 Travelers Business Risk Index” identifies computer-related issues as the second concern for all businesses (58 percent), as opposed to 2014 when it was ranked fifth. 70 percent of large businesses now see cyber risk as a major threat, compared with 60 percent of mid-sized businesses, and 45 percent of small businesses.
- The global enterprise governance, risk and compliance (GRC) market is expected to grow from $5.81 billion in 2014 to $11.50 billion by 2019, at a CAGR of 14.6 percent for the period 2014 to 2019, according to MicroMarketMonitor.
- Gartner ranked “Risk based security and self-protection” as a top 10 strategic trend for 2015. Compliance and risk management tasks are a huge burden on corporate resources. Automated tools can save time and money, and reduce the number of staff dedicated to GRC.
- “Significant operational improvements and cost reduction are a direct result of automating security and compliance efforts” says JD Sherry, CEO at Cavirin and an industry expert on corporate security. “All organizations, regardless of size are looking for innovative platforms that allow them to automate how they analyze operational risk across their infrastructure without adding significant headcount and resource drain. This includes streamlined GRC solutions that continuously assess operational risk for both the traditional data center as well as public cloud infrastructures.”
- ”As organizations leverage third parties for growing their business, assessing the compliance/risk of those partners and providers on a continuous basis will be paramount” says JD Sherry, CEO at Cavirin, who advises CISOs at corporations globally on risk and compliance. In the end, compliance liability almost always is the responsibility of the end-user.
- EMC’s inaugural “RSA Cybersecurity Poverty Index” that compiled survey results from more than 400 security professionals across 61 countries, states the greatest weakness of the organizations surveyed is the ability to measure, assess and mitigate cybersecurity risk with 45 percent of those surveyed describing their capabilities in this area as “non-existent,” or “ad hoc,” and only 21 percent reporting that they are mature in this domain.
- A recent survey of more than 1,000 directors at public companies conducted by the National Association of Corporate Directors (NACD) showed more than half (52.1 percent) of directors say they are not satisfied with the quantity of the information provided by management on cybersecurity and IT risk.
- A new report from Source Information Services (Source) has found that the global market for risk consulting has risen by over $1 Billion (9 percent) to just under $14 billion in 2014. The report says that although regulation and compliance work has been the driver of most of the (risk consulting) growth to date, cybersecurity is set to have a significant impact in the near future.
- Big Four firms carry out the majority of global risk consulting, accounting for 61 percent. However, Source warns that they may be set to miss out on the next stage of growth if they don’t react to the growing demand for cybersecurity expertise. Dr. Fiona Czerniawska, founder of Source, said: “Big Four firms aren’t seen by clients to have the specialist expertise required to capitalize on this wave of increased investment in cyber security. These firms now have a limited window of opportunity to either recruit or acquire organisations with these skills.”
Steven C. Morgan, Editor-In-Chief
- is Founder and CEO at Cybersecurity Ventures, and Editor-In-Chief of the Cybersecurity Market Report and the Cybersecurity 500 list of the world’s hottest and most innovative cybersecurity companies. Steve writes the weekly Cybersecurity Business Report for IDG’s CSO, and he is a contributing writer for several business, technology, and cybersecurity media properties.
© 2015 Cybersecurity Ventures. All rights reserved. Federal copyright law prohibits unauthorized reproduction of this Report by any means and imposes fines up to $150,000 for violations. Reproduction in whole or in part in any form or medium without expressed written permission of Cybersecurity Ventures is prohibited.