SGV holds EY Global Information Security Survey briefing

SGV recently held a special briefing with business leaders to discuss the findings of the EY Global Information Security Survey (GISS), Path to cyber resilience: Sense, resist, react. EY has been conducting the annual survey since 1998.

The survey of 1,735 organizations globally examines some of the most compelling cybersecurity issues facing businesses today in the digital ecosystem. “The report also offers valuable insights on how organizations can develop effective cybersecurity strategies, which is particularly relevant to us given that many Philippine companies are still in the process of developing and deploying their own cybersecurity programs. It is important for us all to remember, however, that cybersecurity is not just an IT concern. It needs to become part of an organization’s corporate culture, permeating from the management down to the staff,” said Advisory Head Rossana Fajardo, before the invited Chief Information or Security Officers and representatives.

Advisory Partner Warren Bituin discussed the results of the survey among respondents from the Philippines. The survey indicated that 60% do not have a security operation center and have no or informal threat intelligence programs. A significant majority also consider careless employees and criminal syndicates to be the most likely source of an attack. In addition, more than 50% of the survey participants said they have not experienced a major attack while 25% of those that experienced attacks said they do not know the extent of the financial damage to their organizations.

These findings are consistent with the overall global results presented by EY Asia-Pacific Cyber Leader Richard Watson. Findings show that nearly two-thirds (64%) of organizations do not have a formal threat intelligence program or only have an informal one. Despite this, half (50%) of those surveyed said they could detect a sophisticated cyber-attack – the highest level of confidence since 2013 – due to investments in cyber threat intelligence to anticipate attacks, continuous monitoring mechanisms, security operations centers and active defense mechanisms.