impact of breaches on reputation and shareholder value
TRANSCRIPT
1
IMPACT OF BREACHES ON REPUTATION AND
SHAREHOLDER VALUE
Ponemon 2017 Study
2
In March alone
129 BREACHES
3
YTD increase in breaches
65% INCREASE
4
2/3 of companies report experiencing 5 or more
data breaches within the past two years
66% BREACHED
5
THERE’S NO SINGLE ENTRY POINTHackers have no common path in where they decide to breach
MOBI LE / ENDPOI NT
DATABASES
N E T W O R K
ON-PREM A N D
SAAS A P P S
SERVERS 4.7
6.6
5.2
5.8
6.4
# OF DATA BREACHES IN 2 YEARS
6
after Chipotle reported better than expected Q1 results but gains chopped in half when it revealed it had a breach
$400 MILLIONLOSS TO SHAREHOLDERS
7
TODAY’S SECURITY IS NOT SECURE
8
RETHINK SECURITY
Enterprises breached 5+ times
in last two years (Forrester)66%
IT security spend in 2016(Gartner)$80B
THE ENTERPRISE TODAY HAS NO PERIMETER
150,000Enterprise cloud apps
90% Enterprises using cloud
50BIoT devices
8Bmobile devices
PROTECTED BY ONLY A PASSWORD
breaches involve privileged
credential misuse (Forrester)80%
breaches involve weak, default
or stolen passwords (Verizon)81%
NO USER IS SAFE
Hackers target all users whether customers,
partners, employees or privileged IT users
THE IMPACTS OF A DATA BREACH
ON REPUTATION AND SHARE VALUE
Ponemon Institute surveyed three groups that
influence companies brand and reputation:
• IT operations and information security (448 professionals)
• CMOs and corporate communications (334 professionals)
• Consumers (549 individuals)
Ponemon also studied the affect on stock
value and customer churn after a breach of
113 COMPANIES
MISCALCULATION OF SECURITY RISK
ON SHAREHOLDER VALUE
12
Avg stock price decline after breach announced
5% DROP
13
AVERAGE STOCK INDEX DROPS THE DAY
A BREACH IS ANNOUNCED
14
LOW SECURITY POSTURE COMPANIES
DROPS UP TO 7% & RECOVERS SLOWER
15
In customer churn for companies with poor security posture(lack of response plan, inadequate investment in security — especially IAM, frequent turnover of security personnel, etc.)
Up to 7% INCREASE
16
Impacted consumers stated intent to
discontinue relationship with breached organization30%+
BLIND SPOTS IN THE C-SUITE
WITH COSTLY CONSEQUENCES
18
IT leaders are not confident in their ability
to prevent, detect and resolve data breaches
56% NOT CONFIDENT
19
Marketing and IT leaders have a blind spot
regarding the impact of a breach on stock price
80+% HAVE BLIND SPOT
20
CMOs & IT professionals disagree with consumers
who say companies have an obligation to control
access to personal information
50%+ DISAGREE
21
MISCALCULATION of security risk on shareholder value
BLIND-SPOTSin C-suite have costly consequences
DATA BREACHESare a board and C-suite challenge not just an IT issue
RETHINK SECURITY
HOW DO ENTERPRISES REDUCE RISK?
23
MATURITY
Mitigate VPN Risk
Automate App Provisioning
Require Access Approvals
BETTER
Limit Lateral Movement
Grant Just Enough Privilege
Grant Just-in-Time Privilege
GREAT
EnforceLeast
Privilege
Risk Analytics
Complete automation
OPTIMAL
Log & Monitor
DANGER
Too Many Passwords
Too Much Privilege
REDUCING RISK IN HYBRID ENTERPRISE
MFA Everywhere
Risk-based Access
Consolidate Identities
SSO Everywhere
GOOD
Establish Identity Assurance
RISK
24
HOW CUSTOMERS USE CENTRIFY
STOP BREACHES THAT
Target Application
Single Sign-on
Adaptive MFA
Workflow & Lifecycle
Device Management
App Gateway
STOP BREACHES THAT
Start on Endpoints
Device Management
Adaptive MFA
App Management
Endpoint Privilege
Smartcard & Derived Credentials
STOP BREACHES THAT
Abuse Privileged Access
Least Privilege
Adaptive MFA
Identity Consolidation
Shared Password Management
Secure Remote Access
Session Recording & Monitoring
Auditing & Reporting
25
A RECOGNIZED LEADER
LEADER FORRESTER PIM WAVE
The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave
are trademarks of Forrester’s call on a market and is plotted using a detailed spreadsheet with
exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or
service depicted in the Forrester Wave. Information is based on best available resources. Opinions
reflect the judgement at the time and are subject to change.
NETWORK WORLD
CLEAR CHOICE WINNERLEADER GARTNER IDAAS MQ
Gartner “Magic Quadrant for Identity and Access Management as a Service” by Gregg
Kreizman, June 2016. Gartner does not endorse any vendor, product or service depicted in
its research publications, and does not advise technology users to select only those vendors
with the highest ratings or other designation. Gartner research publications consist of the
opinions of Gartner's research organization and should not be construed as statements of
fact. Gartner disclaims all warranties, expressed or implied, with respect to this research,
including any warranties of merchantability or fitness for a particular purpose. .
GARTNER CRITICAL CAPABILITIES
TOP VENDOR
Gartner does not endorse any vendor, product or service depicted in its research
publications, and does not advise technology users to select only those vendors
with the highest ratings or other designation. Gartner research publications consist
of the opinions of Gartner's research organization and should not be construed as
statements of fact. Gartner disclaims all warranties, expressed or implied, with
respect to this research, including any warranties of merchantability or fitness for a
particular purpose.
26
THANK YOU