Presentation is loading. Please wait.

Presentation is loading. Please wait.

(ISC) 2 2015 Global Workforce Study Results Overview Regional Report: Europe, Middle East & Africa March 23, 2015.

Similar presentations


Presentation on theme: "(ISC) 2 2015 Global Workforce Study Results Overview Regional Report: Europe, Middle East & Africa March 23, 2015."— Presentation transcript:

1 (ISC) 2 2015 Global Workforce Study Results Overview Regional Report: Europe, Middle East & Africa March 23, 2015

2 2 Project Background and Objectives

3 3 Research Background and Objectives Background The information security profession continues to undergo shifts as a result of constantly changing regulatory environment and increasingly sophisticated and emerging new threats. (ISC) 2 has committed itself to maintaining its leadership role and growing its membership base in key geographic regions in which it is currently under represented. Study Objectives To obtain feedback from the (ISC) 2 members regarding certification, training and educational requirements for their organizations and their professional development. To identify trends and issues related to information security from both members and non-member security professionals. To understand potential gaps in organizational security. To forecast what positions will be most highly sought after in the next 3 to 5 years.

4 4 Methods

5 5 Methods: (ISC) 2 Members Survey Conducted using an on-line web based survey using the (ISC) 2 membership list. Email invitations to complete the survey were sent out to (ISC) 2 members between October 2014 and January 2015. Respondents are currently employed directly by a company or organization, employed as a contractor or work as an independent security consultant. A total of 11,208 (ISC) 2 members were surveyed between October 2014 and January 2015.

6 6 Methods: (ISC) 2 Members Survey (Continued) Sample Size Care was taken to ensure that the sample taken from the (ISC) 2 membership is representative of the current (ISC) 2 membership. An analysis of the (ISC) 2 membership list by country population proportions was undertaken and compared to country level sample sizes for the (ISC) 2 membership survey. The sample sizes by country are representative of the total population proportions by country. Technical Note The sample in this study is not designed to reflect the universe of all public and private organizations for security professionals, and the results should not be projected across the entire population. Note: Due to rounding errors, percentages in charts and tables, may not sum to 100.

7 7 Methods: (ISC) 2 Members Survey (Continued) A total of 11,208 (ISC) 2 members were surveyed between October 2014 and January 2015 by Frost & Sullivan. The table below shows the sample size by region. Sub-RegionWorldwide Region (Horizontal %) AmericasEMEAAPAC Number of Respondents 11,2086,7932,7361,679 Percentage 100%61%24%12% Americas Latin America 282 3%4% -- North America 6,511 58%96% -- EMEA Africa 1391%- 5% - Europe 2,36521%- 86% - Middle East 2322%- 9% - APAC Asia 1,43113%--85% Oceania 2482%--15%

8 8 Methods: Non-Members Survey Respondents had the following roles and responsibilities related to IT security: Hire or manage IT security professionals and look for security related credentials in their candidates Provide input to IT security-related policies and procedures, or execute their companies IT security related policies and procedures Hold security related credentials or a member of a security-related organization excluding (ISC) 2 A total of 2,722 non-members were surveyed between October 2014 and January 2015 by Frost & Sullivan.

9 9 Methods: Non-Members Survey (Continued) A total of 2,722 non-members were surveyed between October 2014 and January 2015 by Frost & Sullivan. The table below shows the sample size by region. Sub-RegionWorldwide Region (Horizontal %) AmericasEMEAAPAC Number of Respondents2,7221536701485 Percentage100%56%26%18% Americas Latin America178 7% 12%-- North America1,358 50% 88%-- EMEA Africa152 6% -22%- Europe453 17% -65%- Middle East96 4% -14%- APAC Asia435 16% --90% Oceania50 2% --10%

10 10 Respondent Profile

11 11 Source: Frost & Sullivan Job Function Q1a. Which of the following most closely represents your present job function? Information security professional is the most common job function globally, and the largest proportion from across EMEA identify this role as their primary job function. Base: All 2015 worldwide respondents (n=13,930). `

12 12 Source: Frost & Sullivan Job Title Q7c. Which one of the following job titles or categories best describes your current position? While globally security analysts and security consultants are equally common, in EMEA the security consultant job title is most common. This trend is driven by the UK, where this title is more than twice as common than any others. Base: All 2015 worldwide respondents (n=13,930).

13 13 Source: Frost & Sullivan Satisfaction With Current Position Q10c. Overall, how satisfied are you in your current position? Overall, satisfaction levels are relatively consistent throughout EMEA, with France more likely to report that they are somewhat satisfied and less likely to be very satisfied compared with other countries in the region. Base: All 2015 worldwide respondents (n=13,930).

14 14 Source: Frost & Sullivan Professional Area Q8. Would you consider yourself to be a professional in any of the following areas? Please select all that apply to you. Globally, information security is the most commonly reported professional area. The trend is slightly less common in Germany, where professionals are less likely to report that they work in information security. Base: All 2015 worldwide respondents (n=13,930). `

15 15 Source: Frost & Sullivan Professional Activities Q9a. Which of the following activities consume a significant amount of your time? Please select all that apply to you. EMEA professionals are equally likely to engage in GRC and security management activities, while GRC activities are more common globally. Base: All 2015 worldwide respondents (n=13,930). `

16 16 Source: Frost & Sullivan GRC Activities Q9b. Which of the following GRC activities consume a significant amount of your time? Please select all that apply to you. Base: Filtered respondents (n=6,975).

17 17 Source: Frost & Sullivan Security Leadership Activities Q9c. Which of the following security leadership activities consume a significant amount of your time? Please select all that apply to you. Base: Respondents involved in security leadership activities (n=4,074).

18 18 Source: Frost & Sullivan Security Management Activities Q9d. Which of the following security management activities consume a significant amount of your time? Please select all that apply to you. Base: Filtered respondent (n=6,334).

19 19 Source: Frost & Sullivan Security Operations Activities Q9e. Which of the following security operations activities consume a significant amount of your time? Please select all that apply to you. Base: Respondents involved in security operations activities (n=5,895).

20 20 Source: Frost & Sullivan Incident Response Activities Q9f. Which of the following incident response activities consume a significant amount of your time? Please select all that apply to you. Base: Respondents involved in incident response activities (n=5,895).

21 21 Source: Frost & Sullivan New Research Technology Activities Q9g. Which of the following new technology research activities consume a significant amount of your time? Please select all that apply to you. Base: Respondents involved in new technology research activities (n=4,474).

22 22 Source: Frost & Sullivan Current Primary Responsibility Q7a. Which one of the following best describes your current primary functional responsibility? Globally, professionals are equally likely to be primarily responsible for managerial, consulting or operational duties, however professionals in EMEA lean more heavily toward security consulting. Base: All 2015 worldwide respondents (n=13,930).

23 23 Source: Frost & Sullivan Future Primary Responsibility Q7b. Which one of the following best describes what you expect your primary functional responsibility to be in the next two to three years? Professionals in EMEA expect to transition into managerial roles or stay in their security consulting roles. Base: All 2015 worldwide respondents (n=13,930).

24 24 Source: Frost & Sullivan Reporting Structure Q10a. Which one functional area of your organization do you primarily report to? Across EMEA, most report to the IT department or executive management. Base: All 2015 worldwide respondents (n=13,930).

25 25 Source: Frost & Sullivan C-Level Reporting Q10b. Which C-level executive do you primarily report to? Among those who report to a C-level manager, most report to a CIO. This is particularly common in South Africa. Base: Filtered respondents (n=3,102).

26 26 Source: Frost & Sullivan Years of Experience Q6. How many years have you been actively involved with information or IT security? The largest proportion indicate that they have between 11 and 15 years of experience. Base: All 2015 worldwide respondents (n=13,930).

27 27 Source: Frost & Sullivan Industry Q4a. Which one of the following industry sectors best describes your company? Information technology and professional services are the most common industries in EMEA. Base: All 2015 worldwide respondents (n=13,930).

28 28 Source: Frost & Sullivan Government Professional Services Q4b. Are you providing professional services exclusively to government? The prevalence of respondents who provide professional services exclusively to the government is the highest in the Middle East. Base: Filtered respondents (n=2,067).

29 29 Source: Frost & Sullivan Government Contractor Q5a. Are you currently employed as a government contractor? The numbers reporting that they are a government contractor are considerably lower in EMEA compared to global levels. Base: Filtered respondents (n=3,047).

30 30 Source: Frost & Sullivan Government Organization Q5b. Which of the following best describes the government organization for which you currently work? In Germany, those who work for the government are most commonly involved in national defense. This trend does not apply in other EMEA regions. Base: Filtered respondents (n=3,047).

31 31 Source: Frost & Sullivan Employment Status Q2. Which of the following best describes your employment status? Most in EMEA are employed directly by a company or organization. Base: All 2015 worldwide respondents (n=13,930)

32 32 Source: Frost & Sullivan Organizational Revenue Q62. What is your organization's global annual revenue? As best you can, please provide the total annual revenues for your organization in U.S. dollars. Overall, the largest proportion are unable to provide their organizational revenues. Base: All 2015 worldwide respondents (n=13,930)

33 33 Source: Frost & Sullivan Total Employees Q17. What is the total number of employees across your entire organization worldwide, including all of its branches, divisions, and subsidiaries? The largest proportion of respondents work for large organizations with 10,000 or more employees. Base: All 2015 worldwide respondents (n=13,930)

34 34 Source: Frost & Sullivan Age Q64. Which of the following categories contains your age? The numbers reporting that they are a government contractor are considerably lower in EMEA compared to global levels. Base: All 2015 worldwide respondents (n=13,930)

35 35 Source: Frost & Sullivan Gender Q63. What is your gender? Across the EMEA region, the profession is overwhelmingly male-dominated. Base: All 2015 worldwide respondents (n=13,930)

36 36 Source: Frost & Sullivan Salary Change Q67. Did you receive a salary increase, including benefits and incentives, in 2014? The majority received a salary increase in 2014, including 47% of South Africans whose salary increase exceeded 5%. Base: All 2015 worldwide respondents (n=13,930)

37 37 Source: Frost & Sullivan Change in Employment Status Q68. Did you change your employer or employment status in 2014? Base: All 2015 worldwide respondents (n=13,930)

38 38 Source: Frost & Sullivan Education Q65a. What is your highest level of education completed? Base: All 2015 worldwide respondents (n=13,930)

39 39 Source: Frost & Sullivan Undergraduate Major Q65b. What was your undergraduate major? Base: Filtered respondents (n=12,512).

40 40 Hiring and Workforce Issues

41 41 Source: Frost & Sullivan Hiring Q19a. Are you responsible for hiring your organization's information security staff? More Middle Eastern respondents are responsible for hiring than their regional counters counterparts. Base: All 2015 worldwide respondents (n=13,930)

42 42 Source: Frost & Sullivan Important Skills Q19b. When making hiring decisions for information security staff how important is each of the following? - Top two box scores Across the EMEA region, relevant experience is the most important skill sought in new hires, however security certifications take on special importance in South Africa and the Middle East. Base: Filtered respondents (n=12,512).

43 43 Source: Frost & Sullivan Require Security Certifications Among Staff Q20a. Does your organization require its IT staff to have information security certifications? French firms are by far the least likely to require a security certification among their staff, and the EMEA region generally is less likely to require them. Base: All 2015 worldwide respondents (n=13,930)

44 Reasons For Requiring Staff to Hold Security Certifications Q20b. What are all the reasons your organization requires staff to have information security certifications? Select as many as apply. Among those who require a security certification, employee competence is the most commonly cited reason in most areas of the EMEA region, however Middle Eastern professionals are more likely to cite quality of work. Base: Filtered respondents (n=5,946):

45 45 Source: Frost & Sullivan Factors Contributing to Success Q21. How would you rate the importance of each of the following in contributing to being a successful information security professional? - Top two box scores Consistently in all countries, communication skills, a broad understanding of the security field and an awareness of the latest security threats are the most important skills. Base: All 2015 worldwide respondents (n=13,930)

46 46 Source: Frost & Sullivan Employment Gaps Q22. Thinking of your organization, at what experience level is there the most demand for new hires? Across the EMEA region, entry level positions are in highest demand. Base: All 2015 worldwide respondents (n=13,930)

47 47 Source: Frost & Sullivan Demand for Training and Education Q23. In which areas of information security do you see growing demand for training and education within the next three years? Select as many as apply. In most regions in the EMEA region, cloud computing is the area requiring the most training and education, however in the UK, South Africa and the Middle East, training on BYOD is ranked a close second. Base: Filtered respondents (n=7,985).

48 48 Source: Frost & Sullivan Significant Skills for Achieving Success Q24. How significant were each of the following skills and competencies in information security in achieving your current position or level? - Top two box scores Communication skills are the most important for achieving success in all regions, followed by analytical skills and risk assessment and management skills. Base: Filtered respondents (n=7,985).

49 49 Source: Frost & Sullivan Future Skills and Competencies Q25. What are the skills and competencies that you will need to acquire or strengthen to be in position to respond to the threat landscape over the next three years? Select all that apply. Risk assessment and management ranks as the top overall future skill among professionals in the EMEA. Generally, professionals in the Middle East and South Africa are more likely to place emphasis on any given skill or competency. Base: Filtered respondents (n=7,985).

50 50 Source: Frost & Sullivan Future Skills and Competencies in New Recruits Q26. How important are each of the following skills and competencies when recruiting new entry to mid-level information security professionals to your organization? - Top two box scores Communication skills and analytical skills are nearly unanimously seen as important skills in new recruits. Base: Filtered respondents (n=7,534)

51 51 Source: Frost & Sullivan Employee Retention Activities Q27. How important are each of the following initiatives for the retention of information security professionals at your organization? - Top two box scores Training programs, paying for professional development and offering flexible work schedules are among the most important employee retention activities in each country. Base: Filtered respondents (n=7,985).

52 52 Source: Frost & Sullivan Number of Security Workers Q28a. Would you say that your organization currently has the right number of information security workers, too few, or too many? A majority from each country indicate that there are too few security workers in their organization. Base: Filtered respondents (n=7,985).

53 53 Source: Frost & Sullivan Number of Security Workers Increase Q28b. How many MORE information security staff should there be? A third indicate that they would like to see a 15% or greater increase in the security workforce in their organization. Base: Filtered respondents (n=4,969).

54 54 Source: Frost & Sullivan Number of Security Workers Decrease Q28b. How many LESS information security staff should there be? Of the small number who would like to see a decrease in the number of security workers, the largest proportion indicate that 6 to 10% cut would suffice. That said, 63% of UK professionals would prefer a 15% or more cut to their workforce. Base: Filtered respondents (n=154).

55 55 Source: Frost & Sullivan Organizational Gaps Q28c. Of which of the following job titles or categories are there currently not enough of within your organization? Security analysts are in shortest supply in most countries, however South African firms report a shortage of forensic analysts in greater numbers than the rest of the region. Base: Filtered respondents (n=7,985).

56 56 Source: Frost & Sullivan Reasons for Worker Shortage Q28d. What are the reasons that your organization has too few information security workers? Select as many as apply. Most often, businesses cannot support additional personnel, or report that it is difficult to find qualified personnel. Businesses in France are the most likely to report that they cannot find the qualified personnel that they require. Base: Filtered respondents (n=4,969).

57 57 Source: Frost & Sullivan Impact of Worker Shortage Q28e. What is the impact of your organization's shortage of information security workers on each of the following? - Top two box scores In most cases, workers in the Middle East are more likely to report that the worker shortage they experience has an impact on multiple facets of their jobs. Base: Filtered respondents (n=4,969).

58 58 Certification and Training

59 59 Source: Frost & Sullivan Vendor Neutral Certifications Q11a. Which of the following vendor-neutral certifications and designations have you acquired and maintain? Please read carefully and select all that apply to you. Base: All 2015 worldwide respondents (n=13,930). :

60 60 Source: Frost & Sullivan Lapsed Vendor Neutral Certifications Q11b. Which of the following vendor-neutral certifications and designations have you acquired but have allowed to lapse or expire? Please read carefully and select all that apply to you. Base: All 2015 worldwide respondents (n=13,930).

61 61 Source: Frost & Sullivan Vendor Specific Certifications Q12a. To date, which of the following vendor-specific certifications and designations have you acquired and maintain? Please read carefully and select all that apply to you. Base: All 2015 worldwide respondents (n=13,930).

62 62 Source: Frost & Sullivan Lapsed Vendor Specific Certifications Q12b. Which of the following vendor-specific certifications and designations have you acquired but have allowed to lapse? Please read carefully and select all that apply to you. Base: All 2015 worldwide respondents (n=13,930).

63 63 Source: Frost & Sullivan Additional Security Certifications Q13a. Are you planning to acquire additional security certifications in the next 12 months? Professionals in South Africa and the Middle East are the most likely to seek out additional certifications in the next year. Base: All 2015 worldwide respondents (n=13,930).

64 64 Source: Frost & Sullivan Additional Security Certifications Q13b. Which of the following certifications are you planning to acquire in the next 12 months? Please read carefully and select all that apply to you. Base: Filtered Respondent (n=8,285)

65 65 Source: Frost & Sullivan Current Certifications Q14a. From which of the following security organizations have you received certification or hold a membership? Please select all that apply to you. Base: All 2015 worldwide respondents (n=13,930).

66 66 Source: Frost & Sullivan Critical Security Organizations Q14b. Thinking about your own career and role within your organization, how critical is each of the following security organizations to your career development? - Top two box scores In each country and throughout the region as a whole, (ISC)2 is considered to be the most critical for career development. Base: Filtered sample (n=12,568)

67 67 Source: Frost & Sullivan Training and Education (Past 12 Months) Q15a. In the past 12 months has the amount of information security training and education you received increased, decreased, or remained the same? Please include both internal and external training and education. European professionals are the least likely to have seen an increase in training in 2014, while African and Middle Eastern professionals are the most likely to have seen an increase. Base: Filtered sample (n=12,568)

68 68 Source: Frost & Sullivan Training and Education (Next 12 Months) Q15b. Over the next 12 months do you expect the amount of information security training and education you receive to increase, decrease, or remain the same? Please include both internal and external training and education. South African and Middle Eastern professionals are the most likely to expect an increase in training in 2015. Base: Filtered sample (n=12,568)

69 69 Source: Frost & Sullivan Training and Education (Increase) Q15c. What percentage [INCREASE] are you expecting in the amount of information security training and education that you will receive in the next 12 months? Please provide your best estimate below. In every country, the largest proportion of professionals expect a 6 to 10% increase in training. Base: Filtered respondents (n=6,252).

70 70 Source: Frost & Sullivan Training and Education (Decrease) Q15c. What percentage [DECREASE] are you expecting in the amount of information security training and education that you will receive in the next 12 months? Please provide your best estimate below. Of the few who expect a decrease in training, most expect it will drop dramatically by 25% or more. Base: Filtered respondents(n=975).

71 71 Source: Frost & Sullivan Training and Education Resources Q15d. Does your organization provide adequate resources for training and professional development opportunities for your information security workforce? Professionals are split as to whether their organization offers sufficient training and professional development opportunities. Generally, a majority or close to a majority believes that the resources are sufficient. Base: All 2015 worldwide respondents (n=13,930).

72 72 Source: Frost & Sullivan Payment for Training Q15e. How is your information security training and education currently paid? Overall, Middle Eastern professionals are the most likely to pay for their training entirely themselves. European countries fare better, with more than half reporting that their employer paid for their training. Base: All 2015 worldwide respondents (n=13,930).

73 73 Source: Frost & Sullivan Preferred Training Channel Q15f. How would you rate the relevance of each of the following methods of receiving information security training and education? - Top two box scores Where European and Middle Eastern countries prefer face-to face training, South Africa reports the highest approval of online training. Base: All 2015 worldwide respondents (n=13,930).

74 74 Source: Frost & Sullivan Success of Cyber-Range Based Training Q15g. You indicated that you think cyber-range based training is at least somewhat relevant. Please rate how successful you believe that cyber- range training has been in developing skills and techniques to meet ever-evolving security threats? In each country, reviews of cyber-range based training are positive, with a large majority in each region rating it at least somewhat successful. Base: Filtered respondents (n=5,658).

75 75 Security Importance and Incident Response

76 76 Source: Frost & Sullivan Factors Driving Effective Security Q29. How would you rate the importance of each of the following in effectively securing your organization? - Top two box scores The top three factors driving effective security are qualified staff, adherence to policy and support from management. Base: All 2015 worldwide respondents (n=13,930).

77 77 Source: Frost & Sullivan Top Security Threats Q30. Thinking about your own organization, please rate the following potential security threats on the degree of concern you have for each. - Top two box scores Overall, application vulnerabilities and malware are the top security threats identified by professionals in the EMEA region. Surprisingly, South African and Middle Eastern professionals identify internal employees as a top threat. Base: Filtered respondents (n=7,985).

78 78 Source: Frost & Sullivan Organizational Priorities Q31. Please rate the following in terms of their priority to your organization. - Top two box scores Consistently, protecting the organization’s reputation is an important priority in each country. Typically, South African and Middle Eastern professionals place greater emphasis on each priority. Base: Filtered respondents (n=7,985).

79 79 Source: Frost & Sullivan Assessment of Performance Under Attack Scenarios (Perform Better) Q32. Compared to a year ago, please indicate how your organization would perform if its systems or data were compromised by a targeted attack? - Perform better In each scenario, South Africans and Middle Eastern firms believe they would perform better in greater numbers than their European counterparts. Base: All 2015 worldwide respondents (n=13,930).

80 80 Source: Frost & Sullivan Threat Response Time Q33a. If your organization's systems or data were compromised by a targeted attack, how quickly do you predict it would take to remediate the damage? The largest proportion in each country indicate that they would be able to remediate a threat within a week. Base: Filtered respondents (n=7,985).

81 81 Source: Frost & Sullivan Factors Improving Security Activities Q33b. What security technologies do you believe will provide significant improvements to the security of your organization? Select as many as you feel apply. In most countries in the region, network monitoring and intelligence coupled with improved intrusion detection are highlighted as technologies that will improve security activities. Base: Filtered respondents (n=7,985).

82 82 Source: Frost & Sullivan Security Threats Q33c. Please indicate how common each of the security threats listed below are for your organization. - Top two box scores Across all regions, phishing is the most common security threat. Base: Filtered respondents (n=7,985).

83 83 Source: Frost & Sullivan Security Breaches Attributable to Known Vulnerabilities Q33d. Approximately what percentage of all detected security breaches in your organization over the past year can you attribute to known vulnerabilities? Known vulnerabilities account for less than 25% of breaches in the largest proportion of nations in the EMEA region. Base: Filtered respondents (n=7,985).

84 84 Source: Frost & Sullivan Security Breaches Attributable to Insecure Software Q33e. Approximately what percentage of all detected security breaches in your organization over the past year can you attribute to insecure software applications? Insecure software accounts for less than 25% of breaches in the largest proportion of nations in the EMEA region. Base: Filtered respondents (n=7,985).

85 85 Source: Frost & Sullivan Effectiveness of Global Government Initiatives Q33f. Please rate the effectiveness of each of the following government initiatives in providing security guidance and standards. Global government initiatives garner much more favorable reviews among South African and Middle Eastern professionals than they do among other EMEA countries. Base: Filtered respondents (n=7,985).

86 86 Source: Frost & Sullivan Adoption of Framework for Improving Infrastructure Cybersecurity Q33h. In 2014, the United States government released the Framework for Improving Infrastructure Cybersecurity. Has your company adopted any of the measured outlined in this framework? No more than one tenth of organizations in EMEA countries have adopted FIIC. Base: Filtered Respondents (n=7,985)

87 87 Source: Frost & Sullivan Internet Governance Q33j. Do you believe there is a need to implement a form of governance on the Internet? The majority of South African, French and UK professionals favor internet governance, while their counterparts in Germany do not. Base: Filtered Respondents (n=7,985)

88 88 Source: Frost & Sullivan Approaches to Internet Governance Q33k. In your opinion, which of the following is the best approach to Internet governance? Among those who favor internet governance, the largest proportion from each country save France advocate a collaborative approach among global governments. France, on the other hand, endorse a proscribed approach from an international organization such as the UN. Base: Filtered Respondents (n=3,385)

89 89 Source: Frost & Sullivan Confidence in Legislators Q33l. How confident are you that your country's legislators understand the importance of security enough to provide sufficient funding to support your key information security initiatives? Professionals in the EMEA region are divided regarding their confidence in legislators' understanding of information security. Notably, more than half of professionals in South Africa are not confident in their legislators. Base: Filtered Respondents (n=3,385)

90 90 Source: Frost & Sullivan Government Information Security QG5a. Overall, is the government's information security better or worse off than a year ago? Overall in the EMEA region, slightly more believe that government information security is better off now than it was a year ago, however one in five believe that it is worse off. This trend is reversed in France, however, where three in ten believe government security is worse off. Base: Filtered Respondents (n=1,615).

91 91 Source: Frost & Sullivan Government Information Security (Better) QG5b. Why do you say that government security is better off than a year ago? The largest proportion who believe that government security is better than it was a year ago indicate that awareness has improved and that risk management has improved. Base: Filtered respondents (n=441).

92 92 Source: Frost & Sullivan Government Information Security (Worse) QG5c. Why do you say that government security is worse off than a year ago? Those who believe that government security is worse than it was a year ago most commonly cite an inability to keep pace with threats. Base: Filtered respondents (n=271).

93 93 Source: Frost & Sullivan Important Factors in Securing Organizational Infrastructure QG6. How would you rate the importance of each of the following in effectively securing your organization's infrastructure? - Top two box scores Professionals in EMEA agree that hiring and retaining qualified information security professionals is the most important influencer in securing organizational infrastructure. Base: Filtered respondents (n=1,615).

94 94 Source: Frost & Sullivan Attitudes Toward Strict Government Requirements QG7. How much do you agree that the government should include specific, mandatory security requirements in every major IT procurement? The majority of information security professionals in the EMEA region agree that there should be specific, mandatory security requirements in every major IT procurement. Nowhere is the belief held more firmly than in France and the UK, where three quarters strongly agree with this sentiment. Base: Filtered Sample (n=1,615)

95 95 Source: Frost & Sullivan Impact of Security Posture QG9. How would you rate your own impact on the security posture of your department or agency? In each country, the majority report having an impact on security posture. Base: Filtered Sample (n=1,615)

96 96 Source: Frost & Sullivan Outsourcing

97 97 Source: Frost & Sullivan Outsourcing Security Operations Overall, firms in the EMEA are the least likely to outsource risk and compliance management. As a proportion, the French outsource the most threat intelligence, research, detection, forensics and remediation. Q34a. Which areas of your security operations do you outsource today? Please select the percent outsourced for each operation Base: Filtered respondents (n=7,985)

98 98 Source: Frost & Sullivan Future Outsourcing of Security Asset Management Q34b_1. How will your outsourcing change over the next 12 months? - Security asset management and monitoring (e.g., firewall, IPS) Base: Filtered respondents (n=2,925)

99 99 Source: Frost & Sullivan Future Outsourcing of Risk and Compliance Management Q34b_2. How will your outsourcing change over the next 12 months? - Risk and compliance management Base: Filtered respondents (n=2,274)

100 100 Source: Frost & Sullivan Future Outsourcing of Threat Intelligence, Research, Detection and Remediation Q34b_3. How will your outsourcing change over the next 12 months? - Threat intelligence, research, detection and remediation Base: Filtered respondents (n=3,268)

101 101 Source: Frost & Sullivan Outsourcing Professional Services Q35a. Please indicate whether you or your organization outsources any of the following professional services In each case, France and firms in the Middle East are the most likely to outsource professional services. Base: Filtered respondents (n=7,985)

102 102 Source: Frost & Sullivan Future Outsourcing of Security Advisory Q35b_1. How will your outsourcing change over the next 12 months? - Security advisory Base: Filtered respondents (n=2,083)

103 103 Source: Frost & Sullivan Future Outsourcing of Technical Services Q35b_2. How will your outsourcing change over the next 12 months? - Technical services Base: Filtered respondents (n=2,668)

104 104 Source: Frost & Sullivan Future Outsourcing of Implementation Services Q35b_3. How will your outsourcing change over the next 12 months? - Implementation services Base: Filtered respondents (n=2,687)

105 105 Source: Frost & Sullivan Reasons for Outsourcing Q36. What are all of your reasons for outsourcing? Lack of in-house skills is the most common reason for outsourcing services. Base: Filtered respondents (n=5,070)

106 106 Source: Frost & Sullivan Criteria for Service Provider Selection Q37. What criteria do you use in selecting a managed or professional security services provider? Please select all that apply. Price is among the most important criteria for selecting a service provider, particularly in South Africa. Service level agreements are also highly important in South Africa and the Middle East. Base: Filtered respondents (n=7,985)

107 107 Source: Frost & Sullivan Single Most Important Criterion for Service Provider Selection Q38. Please select the single most important criterion that you use when selecting a managed or professional security services provider? When forced to choose the most important criterion influencing service provider selection, most agree that quality is the single most important determinant. Base: Filtered respondents (7,985)

108 108 Source: Frost & Sullivan Permanency of Service Provider The largest proportion describe their relationship with their service provider as somewhat permanent. Base: Filtered respondents (n=5,070) Q39. Would you describe your use of a managed security service provider as temporary or permanent? Please indicate the level of permanence using the scale below.

109 109 Secure Software Development

110 110 Source: Frost & Sullivan Frequency of Security Scans on Applications (Always) Q40. Please indicate the frequency with which security scans are conducted on the following applications. - Always In each case, French firms are less likely to always perform scans on applications. Base: Filtered respondents (n=8,849)

111 111 Source: Frost & Sullivan Frequency of Security Scans on Applications (Never) Q40. Please indicate the frequency with which security scans are conducted on the following applications. - Never In each case, firms in France and South Africa are among the most likely to never perform scans on applications. Base: Filtered respondents (n=8,849)

112 112 Source: Frost & Sullivan Frequency of Security Scans by Organizational Group Q41. Please indicate the frequency with which the following groups within your organization conduct application security scans? - Top two box scores Generally, the security operations group is the most likely to perform security scans in each country. Base: Filtered respondents (n=8,849)

113 113 Source: Frost & Sullivan Security Scans on Internally Developed Applications Q42. How frequently are security scans conducted on internally developed applications? - Top two box scores Professionals in each country are the least likely to perform a scan during code development, and the most likely to perform a scan after a breach has been detected. Base: Filtered respondents (n=8,849):

114 114 Source: Frost & Sullivan Reasons for Not Conducting Application Security Scans Q43. Which of the following reasons explains why application security scans are NOT conducted in your organization? Select all that apply Base: Filtered respondents (n=8,849)

115 115 Source: Frost & Sullivan Sowtware Development Concerns Q44. Please indicate your level of concern for each secure software development issue. - Top two box scores Overall, concern among professionals in the EMEA region is highest for changes introduced by ill- informed or careless developers or with the adoption of out of date third-part libraries that contain vulnerabilities. In each case, South Africa and Middle Eastern professionals are more likely to express concern over these software development issues than their European counterparts. Base: Filtered respondents (n=8,849)

116 116 Source: Frost & Sullivan Procedures for Screening External Applications Q45. Does your organization have a procedure in place to screen external appliances and applications for flawed programming or malicious software? Firms in the UK have procedures in place to screen external applications in greater numbers than firms outside of the UK. Base: Filtered respondents (n=8,849)

117 117 Source: Frost & Sullivan Protocols for Screening External Applications Q46. Please indicate the procedures or protocols that your organization follows to ensure that external appliances and applications do not contain flawed programming or malicious code. Most often, organizations ensure that they purchase only from trusted vendors in order to avoid vulnerabilities in applications. The notable exception in this trend is France, where purchasing from trusted vendors is less prevalent. Base: Filtered respondents (n=5,115)

118 118 Sprawl

119 119 Source: Frost & Sullivan Information Security Architecture Q47a. Does your organization have an information security architecture? The majority in each country have an information security architecture. Base: Filtered respondents (n=8,849)

120 120 Source: Frost & Sullivan Frequency of Information Security Architecture Update Q47b. How often is your security architecture updated? UK organizations are the most vigilant in updating their security architecture; nearly half update their systems every year. Base: Filtered respondents (n=5,911).

121 121 Source: Frost & Sullivan Concern About Architecture Sprawl Q48. Overall, how concerned are you about ineffective architecture or sprawl? Middle Eastern firms have the greatest concern regarding infrastructure sprawl, with nearly two in five reporting they are very concerned, and two thirds indicating they are at least somewhat concerned. Base: Filtered respondents (n=8,849)

122 122 Source: Frost & Sullivan Implications of Sprawl Q49. Please indicate your level of concern for each of the following implications of technology sprawl. - Top two box scores Base: Filtered respondents (n=6,999)

123 123 Source: Frost & Sullivan Reasons For Sprawl Q50. Please indicate which, if any, of the reasons below explain why your organization has security architecture sprawl? Select all that apply. In all countries in the region save for the UK, professionals cite the ever evolving nature of security threats as the primary reason for sprawl, however in the UK professionals indicate that their organization has undertaken mergers and acquisitions that has resulted in architecture sprawl. Base: Filtered respondents (n=8,849).

124 124 Source: Frost & Sullivan Strategies to Combat Sprawl Q51. Please indicate how likely you or your organization is to use the following strategies to combat security technology sprawl? - Top two box scores In most cases, South Africa and Middle Eastern countries are more likely to adopt measures to combat sprawl. Base: Filtered respondents (n=5,630).

125 125 Source: Frost & Sullivan Active Security Contracts Q52. With how many security product vendors do you or your organization have an active contract? Base: Filtered respondents (n=8,849)

126 126 Source: Frost & Sullivan Active Security Consoles Q53. How many security management consoles does your security organization use? Base: Filtered respondents (n=8,849)

127 127 Proactive Security Analytics

128 128 Source: Frost & Sullivan Implementation of Advanced Analytics Solutions Q54. What is your organization's status on implementing advanced analytics solutions for the detection of advanced malware? Advanced analytics solution adoption is highest in Germany, while Middle Eastern and British professionals are the most likely to have no plans to implement these solutions. Base: Filtered respondents (n=7,985)

129 129 Source: Frost & Sullivan Approaches for Advanced Analytics Implementation Q55. In implementing an advanced analytics solutions, how likely is it that your organization will utilize each of the following approaches? - Top two box scores In each country, respondents are most likely to prefer a solution using internal staff, relying on the provider for technical assistance when needed. Base: Filtered respondents (n=7,985)

130 130 Source: Frost & Sullivan Anticipated Change in Required Skills Q56. How do you anticipate that the skills requirements of security teams will change as advanced analytics solutions are implemented? - Top two box scores Additional training is the expected consequence of implementing advanced analytics solutions. Base: Filtered respondents (n=7,985)

131 131 Cloud Computing

132 132 Source: Frost & Sullivan Prioritizing Cloud Computing Q57. To what extent is cloud computing a priority for your organization now and in the future? - Top two box scores In each country, prioritization of cloud computing is expected to increase. Base: Filtered respondents (n=8,849)

133 133 Source: Frost & Sullivan Cloud Usage Q58a. For which of the following services are you using cloud? Select all that apply. Base: Filtered respondents (n=7,553)

134 134 Source: Frost & Sullivan Cloud Usage Q58b. Considering all of your cloud computing usage, how is this proportioned according to the different approaches shown below? - Mean scores Base: Filtered respondents (n=7,553)

135 135 Source: Frost & Sullivan Cloud Usage Q58c. Considering all of your cloud computing usage, how is this proportioned according to the different approaches shown below? - Mean scores Base: Filtered respondents (n=7,553)

136 136 Source: Frost & Sullivan Top Concerns About Cloud Computing Q60a. Thinking about the different security aspects of cloud computing, how much of a security concern is each of the following for your organization? - Top two box scores Base: Filtered respondents (n=8,305)

137 137 Source: Frost & Sullivan Cloud Service Alliance Threats Q60b. Thinking of the Cloud Security Alliance's recently identified 'Notorious 9 Security Threats', how much of a concern are each of the following? - Top two box scores In most cases, South African respondents report greater concern with Service Alliance Threats. Base: Filtered respondents (n=8,849).

138 138 Source: Frost & Sullivan Cloud Security Certification Q60c. If it were offered by a credible organization, how relevant do you believe that a Cloud Security and Certification program would be to you? For the majority in the EMEA region, a cloud security certification would be at least somewhat relevant. Base: Filtered respondents (n=8,849)

139 139 Source: Frost & Sullivan Elevating Cloud Assurance Q60d. Which one of the following offers the greatest chance of elevating information assurance in the cloud? Strong data encryption is the top overall choice for elevating cloud information assurance, particularly in Germany. Base: Filtered respondents (n=8,849)

140 140 Source: Frost & Sullivan Cloud Security Concerns in Government Agencies QG10. How much of a security concern is each of the following for your government department agency when implementing cloud computing? - Top two box scores In each case, South African respondents indicate that they have the most concern about each security issue. Base: Filtered respondents (n=1,783)

141 141 Source: Frost & Sullivan Elevating Information Assurance Q61a. Which one of the following offers the greatest chance of elevating information assurance in the cloud? In the greatest proportion of cases in each country, all of the listed information assurance measures are an important facet of cloud security. Base: Filtered respondents (n=8,849)

142 142 Source: Frost & Sullivan New Skill Development for Cloud Q61b. In your opinion, does cloud computing require information security professionals to develop new skills not previously required? The majority of respondents in each country believe that new skills are important for mastering cloud security. Base: Filtered respondents (n=8,849)

143 143 Source: Frost & Sullivan New Skills Needed for Cloud Q61c. What skills will be required for dealing with cloud computing? Select as many as apply. Base: Filtered respondents (n=8,849)

144 144 The Frost & Sullivan Story

145 145 The Frost & Sullivan Story Pioneered Emerging Market & Technology Research Global Footprint Begins Country Economic Research Market & Technical Research Best Practice Career Training MindXChange Events Partnership Relationship with Clients Growth Partnership Services GIL Global Events GIL University Growth Team Membership™ Growth Consulting Visionary Innovation Mega Trends Research CEO 360 Visionary Perspective GIL Think Tanks GIL Global Community Communities of Practice

146 146 What Makes Us Unique All services aligned on growth to help clients develop and implement innovative growth strategies Continuous monitoring of industries and their convergence, giving clients first mover advantage in emerging opportunities More than 40 global offices ensure that clients gain global perspective to mitigate risk and sustain long term growth Proprietary Team Methodology integrates 7 critical research perspectives to optimize growth investments Career research and case studies for the CEOs’ Growth Team to ensure growth strategy implementation at best practice levels Close collaboration with clients in developing their research based visionary perspective to drive GIL Focused on Growth Focused on Growth Industry Coverage Global Footprint Career Best Practices 360 Degree Perspective Visionary Innovation Partner

147 147 TEAM Methodology Frost & Sullivan’s proprietary TEAM Methodology ensures that clients have a complete 360 Degree Perspective TM from which to drive decision making. Technical, Econometric, Application, and Market information ensures that clients have a comprehensive view of industries, markets, and technology. T echnical Real-time intelligence on technology, including emerging technologies, new R&D breakthroughs, technology forecasting, impact analysis, groundbreaking research, and licensing opportunities. E conometric In-depth qualitative and quantitative research focused on timely and critical global, regional, and country-specific trends, including the political, demographic, and socioeconomic landscapes. A pplication Insightful strategies, networking opportunities, and best practices that can be applied for enhanced market growth; interactions between the client, peers, and Frost & Sullivan representatives that result in added value and effectiveness. M arket Global and regional market analysis, including drivers and restraints, market trends, regulatory changes, competitive insights, growth forecasts, industry challenges, strategic recommendations, and end-user perspectives.

148 148 Our Global Footprint 40+ Offices Scanning the Globe for Opportunities and Innovation


Download ppt "(ISC) 2 2015 Global Workforce Study Results Overview Regional Report: Europe, Middle East & Africa March 23, 2015."

Similar presentations


Ads by Google