The 2018 Global State of Information Security SurveyTM (GSISS) is conducted by PwC, CIO and CSO to understand how security practices and incidents are impacting the broader market.

1. 2018 Global State of
Information Security Survey™
Strengthening digital society against cyber shocks
IDG Communications, Inc.

2. 22018 Global State of Information Security Survey™ conducted by PwC, CSO and CIO.

3. 3
Number of Security Incidents* Detected Continues to Drop
Q. What is the number of security incidents detected in the past 12 months? AND How confident are you that your organization has the ability to
correctly assign attribution to the attack?
* A security incident is defined as any adverse incident that threatens some aspect of computer security.
3,741
4,948
4,782
2018 Global State of Information Security Survey™ conducted by PwC, CSO and CIO.
6,853
4,782
3,458
2016 2017 2018

4. 4
But Losses Per Incident Continue to Climb
Q. What is the number of security incidents detected in the past 12 months? AND What is the estimated total financial losses as a result of all security
incidents?
$364
$501
$578
2016 2017 2018
Are investing in
a security strategy
for the Internet
of Things
+58%
Increase in average
financial losses
per incident
since 2016
2018 Global State of Information Security Survey™ conducted by PwC, CSO and CIO.

5. 5
Current Employees – #1 Source of Security Incidents
Q. Estimated likely source of incidents (Not all factors shown.)
2018 Global State of Information Security Survey™ conducted by PwC, CSO and CIO.
30%
26%
23%
20% 19% 19%
17% 17%
Current
employees
Former
employees
Unknown
hacker
Competitors Current service
providers/
consultants/
contractors
Organized
crime
Former service
providers/
consultants/
contractors
Activists/
activist
organizations/
hacktivistsInsider Outsider

6. 6
To Strengthen Digital Ecosystems, Organizations
Plan to Address Security Safeguards
Q. What types of security safeguards does your organization plan to invest in over the next 12 months? AND What impact has digitization of the
business ecosystem had on your organization’s security spending?
49%
46% 45% 45% 43%
Improved
collaboration among
business,
digital & IT
Biometrics &
advanced
authentication
Security for the
Internet of Things
New security needs
related to evolving
business models
Digital enterprise
architecture
Say digitization
has increased
information
security spending
59%
2018 Global State of Information Security Survey™ conducted by PwC, CSO and CIO.

7. 7
Adoption of Internet of Things Requires
Cybersecurity & Privacy Safeguards
Q. What policies, technologies and people skills does your organization plan to implement over the next 12 months to address the cybersecurity and privacy risks
associated with the Internet of Things (IoT)? AND Does your organization have a security strategy for the convergence of information, operational, and consumer
technologies (also known as the Internet of Things)?
2018 Global State of Information Security Survey™ conducted by PwC, CSO and CIO.
36%
34% 34%
32%
31%
Uniform cybersecurity
standards and policies for
IoT devices and systems
Assess device and system
interconnectivity and
vulnerability across the
business ecosystem
New data collection,
retention and destruction
policies
Employee training on IoT
security practices
Policies and technologies
to safeguard against
consumer privacy
violations

8. 8
Board Leadership Must Be Further Engaged
Q. In which of the following areas does your organization’s Board of Directors actively participate?
19%
26%
31%
36%
39%
44%
45%
Review of security and privacy testing
Review roles and responsibilities
of security organization
Review of current security and privacy risks
Security technologies
Security policies
Overall security strategy
Security budget
2018 Global State of Information Security Survey™ conducted by PwC, CSO and CIO.

9. 9
Continue the
Conversation
www.idg.com
Bob Bragdon
SVP/Publisher, CSO
EMAIL: bob_bragdon@idg.com
TWITTER: @BobOnSecurity