2018 State of Cyber Resilience Insurance

1. 2018 State of Cyber Resilience GAINING GROUND ON THE CYBER ATTACKER Insurance

2. EXECUTIVE SUMMARY INSURANCE

3. Organizations are improving cyber resilience and showing they can perform better under greater pressure as the number of targeted attacks more than doubles. CLOSING THE GAP ON CYBER ATTACKS Organizations reduced the rate of successful attacks: From 30% to 13%. In the past 12 months, how many attempted / successful breaches have you identified and how many were successful? Average. 2018 240 52 Targeted attacks Security breaches Insurance

4. 14% 30% 45% 10% 24% 28% 22% 23% Less than 50% 51%-65% 66%-75% 76% or more 2017 2018 12% 23% 55% 9% 20% 31% 22% 27% Less than 50% 51%-65% 66%-75% 76% or more 2017 2018 CLOSING THE GAP ON CYBER ATTACKS Despite the rising number of cyber attacks, security teams continue to identify nearly two-thirds of all breach attempts, 63% on average, and twice as many of them are now able to detect 76% or more cyber attacks. Proportion of cyber attacks discovered by security teams Global Global mean: 63% Insurance mean: 64% Insurance

5. 5 66% 60% 58% 56% 53% 66% 62% 57% 52% 55% Internally by our employees Externally by a peer/competitor in our industry Externally by the media White hats Law enforcement Copyright © 2018 Accenture Security. All rights reserved. CLOSING THE GAP ON CYBER ATTACKS Collaboration is helping with attacks undetected by security teams. Cyber attacks discovered outside of security teams For the breaches that are not detected by your security team, how do you most frequently learn about them? (Ranked top 3) Global Insurance

6. 12% 43% 34% 11%Global Less than one day 1-7 days 1-4 weeks More than one month 9% 46% 36% 9%q16 CLOSING THE GAP ON CYBER ATTACKS The majority of security teams are also more effective at finding security breaches faster—from months and years to just days and weeks. Improvements in detection speed of security breaches Thinking about the past year, how long, on average, did it take for a successful breach to be detected? Insurance

7. IMPROVING CYBER RESILIENCE Cyber Response Readiness Cyber Response Plans Cyber Incident Escalation Plans Stakeholder Involvement Cyber Incident Communication Recovery of Key Assets Strategic Threat Context What-If Analysis Peer Situation Monitoring Business Relevant Threat Monitoring Threat Vector Monitoring Resilience Readiness Recovery Ability Design for Resilience Exposure Driven Design Continuous Improvement Threat Landscape Alignment Governance & Leadership High Value Assets & Business Processes Physical & Safety Risks Actual IT Support Scenarios of Material Impact Key Protection Assumptions Business Exposure High Value Assets & Business Processes Physical & Safety Risks IT Risk Support Cyber Attack Scenarios Extended Ecosystem Contractual Dependability Contractual Assurance Regulatory Compliance Focus Operational Cooperation Investment Efficiency Securing Future Architecture Protection of Key Assets Security in Project Funding Security in Investment Funding Risk Analysis & Budgeting Copyright © 2016 Accenture All rights reserved. Cybersecurity Strategy WE EVALUATED 33 CYBERSECURITY CAPABILITIES ACROSS SEVEN DOMAINS

8. CLOSING THE GAP ON CYBER ATTACKS Being better at detection, prevention and collaboration is not all that security teams can be proud of—they have also realized an impressive 42 percent improvement in security capabilities. Cybersecurity capabilities rated high performing Capabilities rated high performing: 2018 Global : 19 2018 Insurance: 20

9. CLOSING THE GAP ON CYBER ATTACKS In terms of delivering the next wave of improvements, it is easy to focus exclusively on counteracting external attacks, but organizations should not neglect the enemy within. Most damaging security breaches ranked by frequency and impact 28% of respondents ranked ‘External Attacks’ as having the greatest impact on their organization while 33% ranked ‘Internal Attacks’ as the most frequent.

10. 10 INTERNAL ATTACKS AND HACKER ATTACKS ARE THE MOST FREQUENT ATTACKS AND CAUSE THE GREATEST IMPACT ON THE ORGANIZATION Among the types of breaches your organization has experienced, please rank them from most to least frequent. (Ranked top 3) 70% 56% 44% 43% 39% 26% 24% 72% 51% 40% 43% 43% 28% 24% Internal attack (e.g., malicious insiders) Hacker attack Accidentally published information (e.g., insider errors/failure to follow processes and policies) Configuration error that affected security Legacy infrastructure that is challenging to secure Lost/stolen media Lost/stolen computer Copyright © 2018 Accenture Security. All rights reserved. Among the successful breaches, please indicate which of the following causes had the greatest impact on your organization. (Ranked top 3) 53% 51% 46% 39% 32% 22% 18% 53% 54% 49% 44% 33% 23% 20% Internal attack (e.g., malicious insiders) Hacker attack Accidentally published information (e.g., insider errors/failure to follow processes and policies) Legacy infrastructure that is challenging to secure Configuration error Lost/stolen media Lost/stolen computer Global Insurance

11. 11 63% 57% 56% 56% 48% 47% 32% 69% 60% 56% 54% 45% 51% 31% Corporate IT (all systems in the corporate office) Cloud service providers Customer or partner environments (i.e., hosted websites,… Operational technologies (i.e. manufacturing,… Products and services (i.e., wearables, xx) Field operations (branches, franchises, subsidiaries) Third parties Copyright © 2018 Accenture Security. All rights reserved. CLOSING THE GAP ON CYBER ATTACKS Organizations need to protect their most valuable assets, from the inside out, and across the entire value chain. Areas cybersecurity program is actively protecting Percentage of organization actively protected by cybersecurity program Global: 67% Insurance: 66% Which of the following is your cybersecurity program actively protecting? Multiple responses. Global Insurance

12. 12Copyright © 2018 Accenture Security. All rights reserved. CLOSING THE GAP ON CYBER ATTACKS Cybersecurity standards should extend beyond the organization. Degree to which ecosystem partners are held to cybersecurity standards Which of the following statements best represents the degree to which you hold your ecosystem partners and/or strategic partners to cybersecurity standards? Global Insurance 6% 14% 16% 46% 18% 10% 13% 12% 41% 24% We do not review cybersecurity standards of partners We review cybersecurity standards of partners, but do not impose any standards or requirements We hold partners to a minimum standard for cybersecurity, that is below our business standards, and audit regularly We hold partners to the same cybersecurity standards as our business, and audit regularly We hold partners to higher cybersecurity standards than our business

13. 18% 34% 59% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 2016e 2017 2018 2019e 2020e 2021e Global Measured capability average Filtered sample Log. (Global Measured capability average)Insurance CLOSING THE GAP ON CYBER ATTACKS If the current rate of progress is maintained, organizations could reach a sustainable level of cyber resilience in the next two to three years. Forecast of average cybersecurity capabilities reaching a sustainable level of cyber resilience Cyber resilience embedded into the business* *Estimate based on current rate of improvement 13

14. 14 Copyright © 2018 Accenture Security. All rights reserved. CLOSING THE GAP ON CYBER ATTACKS Cybersecurity investment is important to keep the momentum of improved security resilience Significant increase in investment (double or more) in cybersecurity 22% 31% Global Past 3 years Next 3 years 14% 27% 1 Past 3 years Next 3 years Insurance

15. 15Copyright © 2018 Accenture Security. All rights reserved. CLOSING THE GAP ON CYBER ATTACKS Focusing on the right success measures ensures security objectives are aligned with the business. Measures of success for cybersecurity programs 62% 57% 56% 53% 51% 42% 40% 38% 64% 63% 62% 55% 52% 45% 38% 34% Cyber IT resiliency (i.e., how many times an enterprise system went down and for how long) Cyber recovery/restoration time (i.e., how long it takes to restore normal activity) Cyber response time (i.e., how long it takes to identify and mobilize) Cyber OT resiliency (i.e., how many times an operational technology system stopped and for how long) Cyber compliance with national standards Trend measurement (incidents increasing/decreasing) Repetition (portion of breaches that come from repeated attempts of the same type) Business risk improvement How do you measure the success of your cybersecurity program? Multiple responses. Global Insurance

16. 16 55% 54% 48% 45% 45% 44% 43% 41% 40% 55% 56% 49% 47% 50% 49% 43% 46% 39% IoT security Security intelligence platforms Blockchain Threat hunting Continuous control monitoring and reporting Managed security services Machine learning/artificial intelligence Password-less authentication Robotic process automation (RPA) Copyright © 2018 Accenture Security. All rights reserved. CLOSING THE GAP ON CYBER ATTACKS Breakthrough technologies are essential to securing the organization’s future and driving the next round of cyber resilience. Emerging technologies organizations invest in to evolve security programs New technologies such as artificial intelligence, machine/deep learning user behavior analytics, blockchain, etc. are essential to securing the future of the organization. Global: 83% Insurance: 85% In which of the following new and emerging technologies are you investing to evolve your security program? Multiple responses. Global Insurance

17. DEMOGRAPHICS

18. Industry Global Insurance A&D Manufacturing 100 Automotive 101 Banking & Cap Markets 410 Chemicals 202 CG&S 410 Energy (Oil & Gas) 200 Healthcare (Payer) 100 Healthcare (Provider) 102 High Tech 411 Industrial Equipment 313 Insurance 411 Life Sciences 200 Media 252 Public Service (Federal) 255 Public Service (ST & Local) 198 Retail 411 Software & Platforms 221 Communications 158 Utilities 214 Location Global Insurance Australia 401 Brazil 130 Canada 150 France 401 Germany 400 Ireland 124 Italy 302 Japan 400 Netherlands 115 Norway 114 Singapore 126 Spain 250 United Arab Emirates 132 United Kingdom 450 United States 1,174 0 0 0 0 0 0 0 0 0 0 411 0 0 0 0 0 0 0 0 THIS STUDY WAS FIELDED FEBRUARY 2018 40 10 15 40 40 20 41 40 10 10 5 30 10 40 60 133 146 74 41 11 6 0 0 0 0 0 18 2 24 79 113 193 Title Global Insurance CIO 1513 Chief Security Officer 1429 Chief Compliance Officer 829 Chief Risk Officer 535 Chief Security Architect 133 Corporate Security Officer 78 Civilian - Political Appointee 50 Civilian - Senior Executive Service (SES) 49 Civilian - GS-13 to GS-15 27 Military - Officer (O-7 to O-10) 23 Military - Officer (O-4 to O-6) 3 Revenue Global Insuranc e $50 bn or more 58 $20 bn-$49.9 bn 276 $10 bn-$19.9 bn 891 $6 bn-$9.9 bn 1,432 $1 bn-$5.9 bn 2,012

19. ADDITIONAL FINDINGS INSURANCE

20. 20 INFORMATION IS A KEY COMPANY ASSET PROTECTED BY THE ORGANIZATION’S CYBERSECURITY STRATEGY Which of the following are you addressing with your cybersecurity strategy? Ranked top 3 48% 43% 35% 31% 31% 30% 30% 28% 25% 45% 40% 38% 27% 32% 36% 30% 24% 28% Protecting organization information Protecting customer information Protecting organization reputation Protecting employee privacy Preventing service disruption Mitigating against financial losses Providing customer satisfaction Protecting physical infrastructures/assets Mitigating against legal/compliance issues Copyright © 2018 Accenture Security. All rights reserved. Global Insurance

21. 21 CONFIDENCE IS GENERALLY HIGH FOR CYBERSECURITY EFFECTIVENESS How confident are you in the effectiveness of each of the following for your organization? 40% 42% 42% 43% 42% 41% 43% 43% 43% 41% 45% 43% 42% 42% 42% 40% 40% 39% 39% 35% Password Management Infrastructure security Asset management Application Management User Account Management Physical security Configuration and Change Management Training and Awareness Patch Management 3rd Party and Compliance Confident Extremely confident Copyright © 2018 Accenture Security. All rights reserved. 38% 42% 44% 45% 39% 36% 46% 44% 41% 44% 47% 43% 41% 41% 47% 42% 37% 41% 40% 35% Password Management Infrastructure security Asset management Application Management User Account Management Physical security Configuration and Change Management Training and Awareness Patch Management 3rd Party and Compliance Global Insurance

22. 43% 40% 44% 41% 41% 38% 42% 38% 39% 43% 39% 44% 43% 40% 42% 41% Monitor for breaches Identify the cause of a breach Manage reputational risk due to a cybersecurity event Measure the impact of a breach Restore normal activity after a breach Know the frequency of breaches Manage financial risk due to a cybersecurity event Minimize disruption from a cybersecurity event 22 EXECUTIVES ARE VERY CONFIDENT ABOUT THEIR CYBERSECURITY CAPABILITIES How confident are you that your organization can do the following? 40% 41% 41% 41% 41% 40% 42% 41% 42% 42% 42% 42% 42% 41% 40% 39% Monitor for breaches Identify the cause of a breach Manage reputational risk due to a cybersecurity event Measure the impact of a breach Restore normal activity after a breach Know the frequency of breaches Manage financial risk due to a cybersecurity event Minimize disruption from a cybersecurity event Confident Extremely confident Copyright © 2018 Accenture Security. All rights reserved. Global Insurance

23. Copyright © 2018 Accenture Security. All rights reserved. 23 ORGANIZATIONS RECOGNIZE THE RISKS ASSOCIATED WITH ADOPTION OF NEW BUSINESS MODELS AND THE GROWING ROLE OF NEW TECHNOLOGIES IN SECURING THE ORGANIZATION Please indicate your agreement with each of the following statements: Agree/Strongly agree 83% 83% 82% 72% 71% 85% 84% 84% 75% 77% New technologies such as artificial intelligence, machine/deep learning, user behavior analytics, blockchain, etc. are essential to securing the future of the organization. Cybersecurity at our organization is completely embedded into our culture. As companies adopt new innovative business models, ecosystems, liquid workforces, etc., the risk and security attack surface area increases exponentially. It is not possible to appear strong, prepared and competent, if my organization is the victim of a major security breach. Cyberattacks are a bit of a black box; we do not quite know how or when they will affect our organization. Global Insurance

24. 24 INTERRUPTION OF IT SERVICES IS THE MOST FREQUENTLY CITED RESULT OF A BREACH AND CAUSES THE GREATEST LOSS Which of the following has your organization experienced as a result of a breach? Multiple responses. 55% 45% 44% 41% 39% 39% 38% 37% 35% 29% 58% 46% 47% 45% 42% 43% 40% 38% 38% 28% Interruption of IT service/network down Interruption of physical operations/shutdown of assets (e.g., plants) Intellectual Property (IP) data loss Operational data loss/patent theft Brand equity/reputation loss Lost or stolen confidential information (M&A, financial, IP) Identity theft Denial of service or access to systems Financial loss Credit card theft Copyright © 2018 Accenture Security. All rights reserved. Among those checked in the previous question, which one resulted in the greatest loss to the business? 24% 13% 10% 9% 9% 9% 8% 8% 6% 3% 26% 10% 14% 9% 9% 8% 7% 8% 7% 2% Interruption of IT service/network down Interruption of physical operations/shutdown of assets (e.g., plants) Brand equity/reputation loss Lost or stolen confidential information (M&A, financial, IP) Intellectual Property (IP) data loss Operational data loss/patent theft Denial of service or access to systems Identity theft Financial loss Credit card theft Global Insurance

25. 38% 36% 23% 4%Global 30 days or less 31-60 days 61-90 days More than 90 days 33% 34% 28% 5%1 25 MOST ORGANIZATIONS ARE ABLE TO REMEDIATE A BREACH IN 60 DAYS OR LESS On average, how long does it take for you to remediate a breach? Copyright © 2018 Accenture Security. All rights reserved. Insurance

26. 19% 15% 8% 14% 19% 14% 6% 13% q20a_1 q20a_2 q20a_3 q20a_4 Copyright © 2018 Accenture Security. All rights reserved. 26 INVESTMENTS IN CYBERSECURITY TODAY WILL SECURE THE FUTURE OF THE ORGANIZATION How much does your organization spend on cybersecurity, as a percentage of each of the below? Average % of budget dedicated to security Global Insurance % of total IT budget % of total OT budget % of total annual revenue % of operational costs

27. 27 BUDGET AUTHORIZATION RESTS AT THE HIGHEST LEVELS OF THE ORGANIZATION Who authorizes your cybersecurity budget (i.e., how high in the organization do you have to go to get your budget approved)? 32% 27% 12% 11% 9% 6% 2% 32% 22% 11% 17% 5% 10% 3% CEO/Executive Committee Board of Directors Chief Financial Officer Chief Operating Officer Chief Information Security Officer/Chief Security Officer Chief Information Officer Others Copyright © 2018 Accenture Security. All rights reserved. Global Insurance

28. 28 WITH MORE BUDGET, SECURITY INVESTMENTS WOULD BE DIRECTED TOWARD TECHNOLOGIES AND INNOVATIONS OVER TRAINING If you were given more budget for cybersecurity, how would you use it? Up to three responses. 62% 59% 54% 52% 36% 13% 61% 61% 59% 60% 32% 10% Filling known gaps in cybersecurity technology Adding new innovations in cybersecurity Filling known gaps in capabilities (other than staffing and technology) Filling security staffing gaps Better reporting tools End user training Copyright © 2018 Accenture Security. All rights reserved. Global Insurance

29. 29 CYBER SECURITY SPEND IS ON THE RISE AND IS EXPECTED TO GROW OVER THE NEXT THREE YEARS How recently has your organization made a major transformational investment (expenditure) in its cybersecurity capability? 24% 45% 23% 7% 1% 25% 45% 21% 8% 1% 1 - Within the past six months 2 - Six months to one year ago 3 - Between one and two years ago 4 - Two or more years ago 5 - Not applicable, we have not yet made a major investment in cybersecurity capabilities Copyright © 2018 Accenture Security. All rights reserved. Past 3 years with regard to cybersecurity. 31% 59% 9% 0% 0% 27% 64% 9% 0% 0% 1 - Significantly increase (double or more) 2 - Increase modestly 3 - Stay the same 4 - Decrease modestly 5 - Significantly decrease (decrease by half or more) 22% 65% 13% 1% 0% 14% 71% 15% 0% 0% 1 - Increased significantly (doubled or more) 2 - Increased modestly 3 - Stayed the same 4 - Decreased modestly 5 - Decreased significantly (decreased by half or more) Next 3 years with regard to cybersecurity. Global Insurance

30. Copyright © 2018 Accenture Security. All rights reserved. 30 ORGANIZATIONS RELY ON THEIR INTERNAL SECURITY WORKFORCE BUT SUPPLEMENT WITH CONTRACTORS AND OUTSOURCED STAFF Percentage of Internal Security FTE as a percent of total employees globally Insurance Global Security FTE: Total FTE 1:34 1:35 Security FTE: Contractors/ Consultants 6:1 5:1 Security FTE: Outsourced 10:1 9:1 0.73% 0.71% 0.70% 0.67% 0.66% 0.73% 0.71% 0.66% 0.63% 0.63% Security operations Digital identity Security Strategy and leadership PMO Security architecture and engineering Risk and compliance Global Insurance

31. 31 GAPS WITHIN ORGANIZATIONS ARE MOSTLY IN CYBER THREAT ANALYTICS AND SECURITY MONITORING Which of the following capabilities/solutions are most needed in your organization to fill gaps in your cybersecurity? Multiple responses. 46% 46% 44% 40% 40% 39% 38% 35% 33% 33% 33% 31% 28% 24% 24% 48% 50% 50% 44% 38% 39% 40% 37% 35% 35% 35% 27% 27% 26% 30% Cyber threat analytics Security monitoring Network security Risk management Artificial Intelligence/security… Threat intelligence OT-related security Application security Incident response End point security Next generation Identity Encryption Vulnerability management Staffing Remediation Copyright © 2018 Accenture Security. All rights reserved. Global Insurance

32. Copyright © 2018 Accenture Security. All rights reserved. 32 EXECUTIVES RECOGNIZE THE GROWING NEED TO SPREAD RESPONSIBILITY FOR CYBERSECURITY ACROSS MULTIPLE SUPPLIERS Please indicate the way in which your organization tends to source your cybersecurity program today: Please indicate the way in which you expect your organization WILL source your cybersecurity program in three years: Please indicate the way in which you believe your organization SHOULD source your cybersecurity program in three years: 28% 26% 26% 44% 42% 40% 28% 32% 34% Today WILL in 3 years SHOULD in 3 years More than half Single supplier About equal More than half Multiple supplier 24% 26% 27% 45% 42% 35% 31% 33% 38% q29_1 q30_1 q31_1 More than half Single supplier About equal More than half Multiple supplier Today WILL in 3 years SHOULD in 3 years InsuranceGlobal

33. Copyright © 2018 Accenture Security. All rights reserved. 33 THE ROLE 0F OUTSOURCED CYBERSECURITY SERVICES IS LIKELY TO RISE AT A MODERATE PACE Please indicate the way in which your organization tends to source your cybersecurity program today: Please indicate the way in which you expect your organization WILL source your cybersecurity program in three years: Please indicate the way in which you believe your organization SHOULD source your cybersecurity program in three years: 37% 34% 34% 40% 40% 39% 23% 25% 27% Today WILL in 3 years SHOULD in 3 years More than half In-house security staff About equal More than half Outsourced providers 35% 30% 31% 39% 43% 42% 26% 27% 27% More than half In-house security staff About equal More than half Outsourced providers Today WILL in 3 years SHOULD in 3 years InsuranceGlobal

34. Copyright © 2018 Accenture Security. All rights reserved. 34 CLOUD BASED SERVICES ARE MORE FREQUENTLY USED THAN ON-SITE DEPLOYMENT; THIS TREND WILL GROW OVER NEXT 3 YEARS Please indicate the way in which your organization tends to source your cybersecurity program today: Please indicate the way in which you expect your organization WILL source your cybersecurity program in three years: Please indicate the way in which you believe your organization SHOULD source your cybersecurity program in three years: 27% 24% 24% 42% 42% 38% 31% 34% 38% Today WILL in 3 years SHOULD in 3 years More than half On-site deployment About equal More than half Cloud Services 30% 27% 20% 41% 39% 41% 29% 34% 39% More than half On-site deploymen About equal More than half Cloud Services Global Today WILL in 3 years SHOULD in 3 years Insurance

35. Copyright © 2018 Accenture Security. All rights reserved. 35 THE LICENSING MODEL IN CYBERSECURITY WILL REMAIN LARGELY UNCHANGED OVER THE NEXT THREE YEARS, ACCORDING TO RESPONDENTS Please indicate the way in which your organization tends to source your cybersecurity program today: Please indicate the way in which you expect your organization WILL source your cybersecurity program in three years: Please indicate the way in which you believe your organization SHOULD source your cybersecurity program in three years: 26% 26% 25% 44% 42% 40% 30% 32% 35% Today WILL in 3 years SHOULD in 3 years More than half Perpetual licensing About equal More than half Usage-based services 25% 26% 26% 48% 47% 37% 27% 28% 37% More than half Perpetual licensing About equal More than half Usage-based services Insurance Today WILL in 3 years SHOULD in 3 years Global

36. CAPABILITIES INSURANCE

37. Copyright © 2018 Accenture Security. All rights reserved. 37 CAPABILITIES 1/7: BUSINESS EXPOSURE Business Exposure At my organization… Top 2 Box Score– % rated high performing 60% 56% 60% 56% 59% 57% 63% 60% 58% 59% Identification of High-Value Assets & Business Processes Physical & Safety Risks IT Risk Support Cyber Attack Scenarios Cybersecurity Strategy - Key Protection Assumptions Global Insurance

38. Copyright © 2018 Accenture Security. All rights reserved. 38 Cyber Response Readiness At my organization… 61% 59% 60% 56% 58% 62% 59% 58% 60% 57% Cyber Response Plan Cyber-Incident Escalation Paths Ability to Ensure Stakeholder Involvement Cyber-Incident Communication Protection and Recovery of Key Assets CAPABILITIES 2/7: CYBER RESPONSE READINESS Global Insurance Top 2 Box Score– % rated high performing

39. Copyright © 2018 Accenture Security. All rights reserved. 39 Strategic Threat Intelligence – Anticipating Future Threats At my organization… 56% 61% 58% 62% 59% 57% 62% 65% What-If Threat Analysis Business Relevant Threat Monitoring Peer Monitoring – as a Source for Information on Threats to Your Business Threat Vector Monitoring CAPABILITIES 3/7: STRATEGIC THREAT INTELLIGENCE Global Insurance Top 2 Box Score– % rated high performing

40. Copyright © 2018 Accenture Security. All rights reserved. 40 Resilience Readiness At my organization… 61% 60% 60% 60% 60% 61% 57% 57% 61% 55% Cyber-Incident Recovery Design for Resilience (limited impact) Design for Protection of Key Assets Maintaining Resilience Readiness Threat Landscape & Resilience Alignment CAPABILITIES 4/7: RESILIENCE READINESS Global Insurance Top 2 Box Score– % rated high performing

41. Copyright © 2018 Accenture Security. All rights reserved. 41 58% 55% 59% 60% 58% 60% 55% 60% 62% 58% Cybersecurity Architecture Approach Cybersecurity Investments for Key Assets Including Cybersecurity Funding in IT Project Plans Inclusion of Cybersecurity in investments Risk Analysis and Budgeting Investment Efficiency At my organization… CAPABILITIES 5/7: INVESTMENT EFFICIENCY Global Insurance Top 2 Box Score– % rated high performing

42. Copyright © 2018 Accenture Security. All rights reserved. 42 59% 56% 57% 59% 60% 64% 59% 61% 59% 63% Cybersecurity in Chain of Command Cybersecurity Incentives Measuring and Reporting Cybersecurity Cybersecurity Accountability Security-minded Culture Governance & Leadership At my organization… CAPABILITIES 6/7: GOVERNANCE & LEADERSHIP Global Insurance Top 2 Box Score– % rated high performing

43. Copyright © 2018 Accenture Security. All rights reserved. 43 59% 57% 58% 61% 61% 60% 55% 66% Third-Party Cybersecurity Third-Party Cybersecurity Clauses Cybersecurity Regulatory Compliance Cooperation during Crisis Management Extended Ecosystem At my organization… CAPABILITIES 7/7: EXTENDED ECOSYSTEM Global Insurance Top 2 Box Score– % rated high performing

44. INDUSTRY SPECIFIC QUESTIONS INSURANCE

45. 45 INDUSTRY SPECIFIC DATA POINTS 1/7 Please indicate your agreement with each of the following statements: 1% 1% 1% 2% 1% 2% 3% 2% 4% 3% 5% 14% 18% 13% 16% 17% 20% 43% 44% 49% 46% 47% 42% 40% 34% 35% 33% 31% 32% Banking plays a role in the security of our nation. Banks/Capital Markets are really selling safety/security of the financial system. Digitization offers the opportunity to improve customer experience while at the same time meeting government anti-fraud requirements. Security breaches are becoming easier to detect Payments technology is moving too fast, leaving cracks bad actors can exploit. General Data Protection Regulation (GDPR) rules will make customer data security more complex and less safe. 1 - Strongly Disagree 2 - Disagree 3 - Neither Agree nor Disagree 4 - Agree 5 - Strongly Agree Base = Financial Services; n=821Copyright © 2018 Accenture Security. All rights reserved.

46. 46 INDUSTRY SPECIFIC DATA POINTS 2/7 Which type of fraud has been the most prevalent in payments over the past year? Base = Financial Services; n=821 26% 24% 21% 18% 9% 2% Identity theft Advanced free and wire transfer scams Merchant identity fraud Phishing Pagejacking None of the above Copyright © 2018 Accenture Security. All rights reserved.

47. 47 INDUSTRY SPECIFIC DATA POINTS 3/7 Which of the following cyber threats is going to be most damaging to Financial Services in 2018? Base = Financial Services; n=821 28% 26% 20% 14% 11% Theft of customer information Fraudulent transfers Theft of Corporate IP Distributed Denial of Service (DDoS) Extortion or ransom Copyright © 2018 Accenture Security. All rights reserved.

48. 48 INDUSTRY SPECIFIC DATA POINTS 4/7 Currently insurance companies offer cyber breach products. Do you expect the future trend will be to offer protection of digital assets much in the same way physical assets are insured today? Base = Insurance only; n=411Copyright © 2018 Accenture Security. All rights reserved. 93% 6% 1% 1 - Yes 2 - No 3 - Do not know

49. 49 INDUSTRY SPECIFIC DATA POINTS 4/7 Would your organization consider offering cybersecurity protection of digital assets in the same way physical assets are insured today? Base = Insurance only; n=411Copyright © 2018 Accenture Security. All rights reserved. 69% 30% 1% 1 - Yes, definitely 2 - Yes, maybe 3 - No

50. 50 INDUSTRY SPECIFIC DATA POINTS 5/7 If insurance companies offered cybersecurity protection of digital assets much in the same way physical assets are insured today, would your organization be interested? Base = Banking & Capital Markets; n=410Copyright © 2018 Accenture Security. All rights reserved. 71% 28% 1 - Yes, definitely 2 - Yes, maybe 3 - No

51. 51 INDUSTRY SPECIFIC DATA POINTS 7/7 Are compliance frameworks and risk assessments an effective risk management approach for Cyber Security? Base = Banking & Capital Markets; n=410Copyright © 2018 Accenture Security. All rights reserved. 93% 7% 1 - Yes 2 - No

2018 State of Cyber Resilience Insurance

Vous êtes en train de lire un aperçu.

Consultez-les par la suite

2018 State of Cyber Resilience Insurance

Plus De Contenu Connexe

Diaporamas pour vous (20)

Similaire à 2018 State of Cyber Resilience Insurance (20)

Plus par Accenture Insurance (20)

Plus récents (20)