Path to cyber resilience: Sense, resist, react

EY’s 19th Global Information Security Survey 2016-17

  • Share

EY's 19th Global Information Security Survey - Nordic key findings

  • 97% in the Nordics say that their cyber security function did not fully meet their organization’s need.
  • 70% of respondents in the Nordics have had a recent significant cyber security incident
  • 92% of organisations do not evaluate the financial impact of every significant breach
  • 43% of organisations rated business continuity management their joint top priority, alongside data leakage and data loss prevention
  • 37% do not have an agreed communications strategy or plan in place in the event of a significant attack
  • 75% do not have, or only have an informal, threat intelligence program.
  • 82% would not increase their cyber security spending after experiencing a breach which did not appear to do any harm.

Cyber risks are growing and changing rapidly. Every day, hackers work on new techniques for getting through the security of organizations − in the Nordics and beyond. Actively defending against cyber attacks is the only way to get ahead of cyber criminals and gain the trust of your customers.

Traditional defense mechanisms — perimeter controls and end-point antivirus protection — cannot keep pace with the increasingly innovative and sophisticated threats. Because cyber attacks are no longer a matter of if, but a question of when, an intelligent, complementary approach is necessary to quickly identify intruders and contain their impact.

Our trust-based Nordic societies make us vulnerable. Cyberthreats continue to challenge our assets, business, services and privacy as we go digital. New thinking is needed to tackle these challenges. Me and my team assist clients in the Nordics every day to improve their cyber security response. We believe in a better and more robust digital working world.
Tone Thingbø
Nordic Cyber Security Leader

How can EY help you gain trust in a digital world?

In EY’s Global Information Security Survey 2016-2017, 70% of Nordic respondents have had a recent significant cybersecurity incident, but only 8% have evaluated the financial impact of every significant breach. At EY, we help you create a robust and agile cyber security setup. Our experienced advisors can help you build an active defense system along with clear response procedures aimed at minimizing breach impacts and protecting your business. We operate as one unified Nordic team, and through our local presence, we make insights and specialists from around the world available to your organization.

We can help you in the following areas:

EY - Cybersecurity

Cyber transformation
Security program transformation services help companies tackle the many security challenges they face on a daily basis, and develop effective solutions using people, processes and technology, while enabling better security and risk decisions and reducing costs related to managing security risk.
Read more


EY - Cybersecurity

Cyber threat management
Cyber threat management services, delivered through our Advanced Security Centers, help clients detect and respond to real world cyber attacks in the context of their own business, while improving their overall cyber security posture. To help solve our Nordic clients' issues related to IT/information security and information management with special shielding requirements, EY has established a Nordic Security Center (NSC) in Oslo.
Read more


EY - Cybersecurity

Data protection and privacy
Data protection and privacy services enable organizations to deploy processes and tools to help detect and prevent data breaches that result from internal user activity. 
Read more


EY - Cybersecurity

Cyber threat intelligence
Cyber threat intelligence (CTI) is an advanced process that enables the organization to gather valuable insights based on the analysis of contextual and situational risks and can be tailored to the organization’s specific threat landscape, its industry and markets.
Read more


EY - Cybersecurity

Business resilience
Business resilience services comprise business continuity management (BCM) and disaster recovery tactics that provide organizations with an ongoing risk-based, proactive approach for maintaining critical business functions and ensuring their continuity (and the recovery of people, processes and technology) after business disruptions in an optimized manner. 
Read more