Date post: | 12-Jan-2016 |
Category: |
Documents |
Upload: | gladys-booth |
View: | 213 times |
Download: | 1 times |
(ISC)2 2015 Global Workforce Study ResultsOverview
Regional Report:Europe, Middle East & Africa
March 23, 2015
2
Project Background and Objectives
3
Research Background and Objectives
Background
The information security profession continues to undergo shifts as a result of constantly changing regulatory environment and increasingly sophisticated and emerging new threats. (ISC)2 has committed itself to maintaining its leadership role and growing its membership base in key geographic regions in which it is currently under represented.
Study Objectives
• To obtain feedback from the (ISC)2 members regarding certification, training and educational requirements for their organizations and their professional development.
• To identify trends and issues related to information security from both members and non-member security professionals.
• To understand potential gaps in organizational security.
• To forecast what positions will be most highly sought after in the next 3 to 5 years.
4
Methods
5
Methods: (ISC)2 Members Survey
• Conducted using an on-line web based survey using the (ISC)2 membership list.
• Email invitations to complete the survey were sent out to (ISC)2 members between October 2014 and January 2015.
• Respondents are currently employed directly by a company or organization, employed as a contractor or work as an independent security consultant.
• A total of 11,208 (ISC)2 members were surveyed between October 2014 and January 2015.
6
Methods: (ISC)2 Members Survey (Continued)
Sample Size
Care was taken to ensure that the sample taken from the (ISC)2 membership is representative of the current (ISC)2 membership.
An analysis of the (ISC)2 membership list by country population proportions was undertaken and compared to country level sample sizes for the (ISC)2 membership survey. The sample sizes by country are representative of the total population proportions by country.
Technical Note
The sample in this study is not designed to reflect the universe of all public and private organizations for security professionals, and the results should not be projected across the entire population.
Note: Due to rounding errors, percentages in charts and tables, may not sum to 100.
7
Methods: (ISC)2 Members Survey (Continued)
A total of 11,208 (ISC)2 members were surveyed between October 2014 and January 2015 by Frost & Sullivan. The table below shows the sample size by region.
Sub-Region Worldwide
Region
(Horizontal %)
Americas EMEA APAC
Number of Respondents 11,208 6,793 2,736 1,679
Percentage 100% 61% 24% 12%
Americas
Latin America 282 3% 4% - -
North America 6,511 58% 96% - -
EMEA
Africa 139 1% - 5% -
Europe 2,365 21% - 86% -
Middle East 232 2% - 9% -
APAC
Asia 1,431 13% - - 85%
Oceania 248 2% - - 15%
8
Methods: Non-Members Survey
Respondents had the following roles and responsibilities related to IT security:
• Hire or manage IT security professionals and look for security related credentials in their candidates
• Provide input to IT security-related policies and procedures, or execute their companies IT security related policies and procedures
• Hold security related credentials or a member of a security-related organization excluding (ISC)2
A total of 2,722 non-members were surveyed between October 2014 and January 2015 by Frost & Sullivan.
9
Methods: Non-Members Survey (Continued)
A total of 2,722 non-members were surveyed between October 2014 and January 2015 by Frost & Sullivan. The table below shows the sample size by region.
Sub-Region Worldwide
Region
(Horizontal %)
Americas EMEA APAC
Number of Respondents 2,722 1536 701 485
Percentage 100% 56% 26% 18%
Americas
Latin America 178 7% 12% - -
North America 1,358 50% 88% - -
EMEA
Africa 152 6% - 22% -
Europe 453 17% - 65% -
Middle East 96 4% - 14% -
APAC
Asia 435 16% - - 90%
Oceania 50 2% - - 10%
10
Respondent Profile
11
Source: Frost & Sullivan
Job Function
Q1a. Which of the following most closely represents your present job function?
Information security professional is the most common job function globally, and the largest proportion from across EMEA identify this role as their primary job function.
Base: All 2015 worldwide respondents (n=13,930). `
Info
rma
tion
...
Info
rma
tion
...
Se
curi
ty/IT
...
Info
rma
tion
...
Cyb
er
secu
ri...
Info
rma
tion
...
Info
rma
tion
...
So
ftwa
re d
e...
Info
rma
tion
s...
Da
ta p
riva
c...
40
%
17
%
13
%
9%
9%
4%
3%
3%
2%
1%
44
%
13
% 19
%
7% 7%
2% 4%
2%
1%
1%
46
%
11
% 16
%
10
%
9%
0%
7%
1%
1%
1%
41
%
9%
32
%
5% 6%
2%
2%
1%
1% 1%
47
%
11
% 17
%
5% 9
%
5%
2%
2%
2%
1%
51
%
16
%
14
%
5%
5%
1% 3%
3%
2%
0%
37
%
18
%
17
%
7% 8%
3% 7
%
1% 2%
0%
Job FunctionWorldwide EMEA France Germany United Kingdom South Africa Middle East
12
Source: Frost & Sullivan
Job Title
Q7c. Which one of the following job titles or categories best describes your current position?
While globally security analysts and security consultants are equally common, in EMEA the security consultant job title is most common. This trend is driven by the UK, where this title is more than twice as common than any others.
Base: All 2015 worldwide respondents (n=13,930).
Se
curi
ty a
na
...
Se
curi
ty c
o...
CS
O/C
ISO
...
Se
curi
ty a
ud
...
Info
rma
tio...
Se
curi
ty a
rc...
Se
curi
ty e
n...
Se
curi
ty a
rch
...
Se
curi
ty a
dv.
..
Ne
two
rk a
dm
...
10
%
9%
6%
5%
4%
4%
4%
4%
4%
3%
6%
13
%
8%
5%
3%
7%
3% 5
% 6%
3%
3%
11
% 13
%
7%
1%
5%
1%
11
%
7%
3%
8% 1
0%
9%
2%
6% 7
%
3% 3%
9%
2%
8%
18
%
5%
3% 5
%
9%
2% 3
% 6%
1%
7%
15
%
7%
4%
1% 3
% 5%
5%
3%
1%
4%
13
%
9%
8%
4% 5
%
5%
4%
2%
5%
Job TitleWorldwide EMEA France Germany United Kingdom South Africa Middle East
13
Source: Frost & Sullivan
Satisfaction With Current Position
Q10c. Overall, how satisfied are you in your current position?
Overall, satisfaction levels are relatively consistent throughout EMEA, with France more likely to report that they are somewhat satisfied and less likely to be very satisfied compared with other countries in the region.
Base: All 2015 worldwide respondents (n=13,930).
Very satisfied Somewhat satisfied Neither satisfied nor dissatisfied
Somewhat dissatis-fied
Very dissatisfied
30
%
46
%
11
%
9%
3%
28
%
47
%
11
%
9%
2%
18
%
56
%
14
%
8%
4%
33
%
43
%
10
%
10
%
1%
26
%
47
%
11
%
11
%
3%
25
%
47
%
16
%
6%
3%
29
%
46
%
11
%
9%
2%
Satisfaction With Current PositionWorldwide EMEA France Germany United Kingdom South Africa Middle East
14
Source: Frost & Sullivan
Professional Area
Q8. Would you consider yourself to be a professional in any of the following areas? Please select all that apply to you.
Globally, information security is the most commonly reported professional area. The trend is slightly less common in Germany, where professionals are less likely to report that they work in information security.
Base: All 2015 worldwide respondents (n=13,930). `
Info
rma
tion
...
IT o
pe
ratio
ns
IT m
an
ag
e...
IT c
on
sulta
nt
Sys
tem
s a
dm
...
IT a
ud
itor
En
gin
ee
rin
g
Te
leco
mm
un
...
Bu
sin
ess
op
...
Se
curi
ty s
ol..
.
So
ftwa
re d
...
Sa
les/
bu
si...
Fin
an
ce
Ma
rke
ting
82%
46%
41%
35%
35%
27%
19%
18%
17%
16%
14%
5% 4% 2%
82%
43%
39% 42
%
30%
30%
17% 22
%
17% 22
%
12%
6% 5% 2%
92%
33%
19%
38%
25%
39%
33%
28%
9%
25%
12%
4% 3% 2%
70%
46%
38% 46
%
31%
25%
22% 31
%
16% 20
%
12%
7%
2% 1%
85%
38%
33% 38
%
27%
23%
13% 17
%
14%
17%
11%
5% 5%
1%
89%
54%
46%
36% 41
%
24%
8%
19%
22% 32
%
14%
9% 7%
3%
80%
50%
49%
44%
32% 36%
17%
20%
22% 26
%
8% 6% 6% 3%
Professional AreaWorldwide EMEA France Germany United Kingdom South Africa Middle East
15
Source: Frost & Sullivan
Professional Activities
Q9a. Which of the following activities consume a significant amount of your time? Please select all that apply to you.
EMEA professionals are equally likely to engage in GRC and security management activities, while GRC activities are more common globally.
Base: All 2015 worldwide respondents (n=13,930). `
GR
C
Se
curi
ty m
...
Se
curi
ty o
p...
Pro
vid
e a
dv.
..
Re
sea
rch
in...
Se
curi
ty le
...
Vu
lne
rab
ili...
Inci
de
nt r
e...
Se
curi
ty s
ol..
.
So
ftwa
re d
...
Sa
les
con
su...
50
%
45
%
42
%
39
%
32
%
29
%
27
%
26
%
12
%
10
%
5%
50
%
50
%
38
% 43
%
29
%
28
%
25
%
26
%
16
%
8%
7%
54
%
49
%
29
%
44
%
21
%
25
%
19
%
20
%
13
%
4% 6%
43
%
58
%
34
%
50
%
29
%
28
%
23
%
23
%
17
%
8%
5%
59
%
52
%
39
%
50
%
31
%
35
%
28
%
25
%
14
%
7%
5%
60
%
49
%
45
%
44
%
43
%
25
%
26
%
28
%
22
%
11
%
11
%
50
% 55
%
47
%
30
%
30
%
32
%
28
%
30
%
18
%
6%
5%
Professional ActivitiesWorldwide EMEA France Germany United Kingdom South Africa Middle East
16
Source: Frost & Sullivan
GRC Activities
Q9b. Which of the following GRC activities consume a significant amount of your time? Please select all that apply to you.
Base: Filtered respondents (n=6,975).
Au
diti
ng
IT g
...
Au
diti
ng
IT s
ec.
..
Ce
rtify
ing
an
d...
De
velo
pin
g in
te...
Me
etin
g r
eg
ula
...
37
%
57
%
43
%
67
%
55
%
37
%
61
%
32
%
70
%
53
%
24
%
64
%
23
%
71
%
43
%47
%
66
%
31
%
72
%
44
%
36
%
57
%
39
%
72
%
60
%
44
%
60
%
39
%
72
%
53
%
51
%
69
%
39
%
65
%
49
%
GRC ActivitiesWorldwide EMEA France Germany United Kingdom South Africa Middle East
17
Source: Frost & Sullivan
Security Leadership Activities
Q9c. Which of the following security leadership activities consume a significant amount of your time? Please select all that apply to you.
Base: Respondents involved in security leadership activities (n=4,074).
Se
curi
ty le
ad
...
Se
curi
ty li
fec.
..
Se
curi
ty c
om
p...
Co
ntin
ge
ncy
...
La
w, e
thic
s, a
...
83
%
41
%
65
%
22
% 29
%
85
%
41
%
62
%
20
% 29
%
83
%
35
% 40
%
10
%
28
%
87
%
41
%
59
%
10
%
12
%
83
%
41
%
66
%
19
% 29
%
92
%
63
%
67
%
25
%
46
%
84
%
40
%
65
%
27
% 33
%
Security Leadership ActivitiesWorldwide EMEA France Germany United Kingdom South Africa Middle East
18
Source: Frost & Sullivan
Security Management Activities
Q9d. Which of the following security management activities consume a significant amount of your time? Please select all that apply to you.
Base: Filtered respondent (n=6,334).
Ga
the
rin
g m
etr
i...
Pa
rtic
ipa
ting
i...
Ma
na
gin
g in
tern
...
Ma
na
gin
g in
ter.
..
Ma
na
gin
g e
xte
r...
Ma
na
gin
g in
form
...
Se
llin
g s
ecu
ri...
39
%
62
%
48
%
49
%
16
%
47
%
37
%
38
%
62
%
48
%
48
%
15
%
43
%
41
%
34
%
65
%
47
%
42
%
11
%
23
%
43
%
38
%
63
%
33
%
42
%
11
%
41
%
31
%40
%
63
%
57
%
51
%
15
%
46
%
45
%
43
%
55
%
38
%
60
%
17
%
57
%
47
%
46
% 54
%
41
%
53
%
23
%
56
%
40
%
Security Management ActivitiesWorldwide EMEA France Germany United Kingdom South Africa Middle East
19
Source: Frost & Sullivan
Security Operations Activities
Q9e. Which of the following security operations activities consume a significant amount of your time? Please select all that apply to you.
Base: Respondents involved in security operations activities (n=5,895).
De
skto
p o
r m
o...
Eve
nt m
an
ag
...
Mo
nito
rin
g th
e...
Pa
tch
ing
sys
...
Ph
ysic
al s
ecu
rity
Re
setti
ng
pa
s...
35
%
62
%
64
%
41
%
21
%
12
%
35
%
61
%
60
%
40
%
23
%
9%
30
%
74
%
55
%
30
%
13
%
6%
24
%
59
%
63
%
36
%
13
%
3%
33
%
52
% 59
%
42
%
26
%
6%
47
%
70
%
67
%
51
%
21
%
9%
44
%
61
%
79
%
45
%
35
%
16
%
Security Operations ActivitiesWorldwide EMEA France Germany United Kingdom South Africa Middle East
20
Source: Frost & Sullivan
Incident Response Activities
Q9f. Which of the following incident response activities consume a significant amount of your time? Please select all that apply to you.
Base: Respondents involved in incident response activities (n=5,895).
Forensics Remediating attacks and malware
41
%
85
%
40
%
86
%
50
%
72
%
35
%
93
%
34
%
92
%
52
%
74
%
52
%
88
%
Incident Response ActivitiesWorldwide EMEA France Germany United Kingdom South Africa Middle East
21
Source: Frost & Sullivan
New Research Technology Activities
Q9g. Which of the following new technology research activities consume a significant amount of your time? Please select all that apply to you.
Base: Respondents involved in new technology research activities (n=4,474).
Researching new technologies Security testing new tech-nologies
Implementing new security technologies
Securing the use of emerging technologies adopted by your
organization (e.g., BYOD, social media)
85
%
44
% 55
%
50
%
81
%
40
%
54
%
52
%
74
%
35
%
62
%
41
%
70
%
51
% 62
%
42
%
84
%
37
%
52
% 58
%
88
%
34
% 41
% 49
%
85
%
45
% 55
%
58
%
New Research Technology ActivitiesWorldwide EMEA France Germany United Kingdom South Africa Middle East
22
Source: Frost & Sullivan
Current Primary Responsibility
Q7a. Which one of the following best describes your current primary functional responsibility?
Globally, professionals are equally likely to be primarily responsible for managerial, consulting or operational duties, however professionals in EMEA lean more heavily toward security consulting.
Base: All 2015 worldwide respondents (n=13,930).
Mo
stly
ma
na
...
Mo
stly
se
cur.
..
Mo
stly
op
er.
..
Mo
stly
GR
C...
Mo
stly
ne
two
...
Mo
stly
au
di..
.
Mo
stly
thre
...
Mo
stly
da
ta ..
.
Mo
stly
so
ft...
Mo
stly
re
gu
...
Mo
stly
se
cur.
..
18
%
18
%
17
%
12
%
10
%
5%
5%
5%
4%
3%
2%
18
%
25
%
14
%
13
%
10
%
5%
4%
4%
3%
2%
1%
14
%
24
%
10
%
21
%
13
%
4%
2%
6%
1% 2% 3%
14
%
29
%
11
%
13
%
13
%
5% 6%
2% 3%
2%
1%
17
%
31
%
14
%
13
%
8%
4%
3% 4%
2%
2% 2%
15
% 20
%
19
%
14
%
11
%
6%
3%
3%
7%
1%
0%
22
%
18
%
18
%
12
%
10
%
8%
4%
4%
2%
1% 2%
Current Primary ResponsibilityWorldwide EMEA France Germany United Kingdom South Africa Middle East
23
Source: Frost & Sullivan
Future Primary Responsibility
Q7b. Which one of the following best describes what you expect your primary functional responsibility to be in the next two to three years?
Professionals in EMEA expect to transition into managerial roles or stay in their security consulting roles.
Base: All 2015 worldwide respondents (n=13,930).
Mo
stly
ma
na
...
Mo
stly
se
cur.
..
Mo
stly
GR
C...
Mo
stly
op
er.
..
Mo
stly
ne
two
...
Mo
stly
thre
...
Mo
stly
da
ta ..
.
Mo
stly
au
di..
.
Mo
stly
se
cur.
..
Mo
stly
so
ft...
Mo
stly
re
gu
...
Mo
stly
ma
in...
27
%
18
%
14
%
10
%
8%
5%
4%
4%
3%
3%
3%
0%
28
%
25
%
14
%
7% 7%
4%
3% 4%
3%
2% 2%
0%
22
%
23
%
22
%
3% 6
%
4% 8
%
4% 6%
1% 2%
0%
20
%
27
%
16
%
8%
8%
6%
2% 4% 4%
1% 1%
1%
23
%
31
%
14
%
9%
6%
3% 4%
3%
2%
2%
2%
0%
34
%
23
%
19
%
3% 6
%
3%
1% 4
%
1% 3%
1%
1%
39
%
16
%
14
%
7% 8%
3%
3% 4%
2%
1% 2%
0%
Future Primary ResponsibilityWorldwide EMEA France Germany United Kingdom South Africa Middle East
24
Source: Frost & Sullivan
Reporting Structure
Q10a. Which one functional area of your organization do you primarily report to?
Across EMEA, most report to the IT department or executive management.
Base: All 2015 worldwide respondents (n=13,930).
IT d
ep
art
me
nt
Exe
cutiv
e m
...
Se
curi
ty d
e...
Op
era
tion
s o
...
Co
nsu
ltin
g
Bo
ard
of d
ir...
Ris
k m
an
a...
Go
vern
an
ce...
Sa
les
ma
n...
Inte
rna
l au
di..
.
25
%
24
%
17
%
7%
6%
4%
4%
3%
2%
2%
23
%
25
%
15
%
5% 7
% 7%
4%
3% 3%
2%
26
%
18
%
13
%
7% 9
%
3%
7%
4% 5%
2%
23
% 26
%
17
%
3%
12
%
3%
2% 4
% 5%
1%
20
% 23
%
18
%
5% 8
%
8%
4%
4%
3%
2%
22
%
33
%
13
%
3% 5% 8
%
6%
2%
2%
2%
30
%
27
%
12
%
5%
4% 6
%
4%
0% 4
% 5%
Reporting StructureWorldwide EMEA France Germany United Kingdom South Africa Middle East
25
Source: Frost & Sullivan
C-Level Reporting
Q10b. Which C-level executive do you primarily report to?
Among those who report to a C-level manager, most report to a CIO. This is particularly common in South Africa.
Base: Filtered respondents (n=3,102).
CIO CEO COO CFO
40
%
22
%
12
%
4%
39
%
28
%
11
%
3%
19
%
44
%
19
%
11
%
43
%
38
%
6%
4%
41
%
12
%
13
%
4%
68
%
4% 7%
7%
35
%
30
%
13
%
4%
Reporting StructureWorldwide EMEA France Germany United Kingdom South Africa Middle East
26
Source: Frost & Sullivan
Years of Experience
Q6. How many years have you been actively involved with information or IT security?
The largest proportion indicate that they have between 11 and 15 years of experience.
Base: All 2015 worldwide respondents (n=13,930).
Three years or less Four to six years Seven to ten years Eleven to fifteen years
Sixteen to twenty-five years
More than 25 years
5%
11
%
25
% 28
%
22
%
9%
5%
12
%
28
%
29
%
21
%
5%
1%
9%
28
%
35
%
20
%
6%
3%
10
%
22
%
33
%
26
%
5%
5%
10
%
26
%
25
%
26
%
8%
6%
17
%
23
%
31
%
22
%
1%
5%
12
%
36
%
31
%
14
%
2%
Years of ExperienceWorldwide EMEA France Germany United Kingdom South Africa Middle East
27
Source: Frost & Sullivan
Industry
Q4a. Which one of the following industry sectors best describes your company?
Information technology and professional services are the most common industries in EMEA.
Base: All 2015 worldwide respondents (n=13,930).
Info
rma
tion
tech
n...
Pro
fess
ion
al s
erv
...
Go
vern
me
nt (
exc
lu...
Ba
nki
ng
Mili
tary
se
rvic
es,
...
Te
leco
mm
un
ica
t...
He
alth
care
19
%
15
%
10
%
10
%
10
%
6%
5%
21
%
17
%
8%
14
%
4%
8%
2%
19
% 23
%
5%
18
%
2%
7%
3%
26
%
15
%
4%
10
%
8%
14
%
1%
17
% 20
%
8% 1
2%
4% 8
%
2%
21
%
17
%
5%
15
%
1%
5%
2%
16
%
10
%
9% 1
3%
5% 6%
3%
Industry
Worldwide EMEA France GermanyUnited Kingdom South Africa Middle East
28
Source: Frost & Sullivan
Government Professional Services
Q4b. Are you providing professional services exclusively to government?
The prevalence of respondents who provide professional services exclusively to the government is the highest in the Middle East.
Base: Filtered respondents (n=2,067).
Yes No
12
%
88
%
5%
95
%
0%
10
0%
2%
98
%
6%
94
%
0%
10
0%
18
%
82
%
Government Professional Services
Worldwide EMEA France Germany United Kingdom South Africa Middle East
29
Source: Frost & Sullivan
Government Contractor
Q5a. Are you currently employed as a government contractor?
The numbers reporting that they are a government contractor are considerably lower in EMEA compared to global levels.
Base: Filtered respondents (n=3,047).
Yes No
40
%
60
%
26
%
74
%
9%
91
%
28
%
73
%
25
%
75
%
0%
10
0%
45
% 55
%
Government Contractor
Worldwide EMEA France Germany United Kingdom South Africa Middle East
30
Source: Frost & Sullivan
Government Organization
Q5b. Which of the following best describes the government organization for which you currently work?
In Germany, those who work for the government are most commonly involved in national defense. This trend does not apply in other EMEA regions.
Base: Filtered respondents (n=3,047).
Ce
ntr
al,
fed
era
l, o
r n
...
Ce
ntr
al,
fed
era
l, o
r ...
Sta
te/lo
cal/p
rovi
nci
al..
.
Sta
te/lo
cal/p
rovi
nci
al..
.
Inte
rna
tion
al/R
eg
ion
a...
Inte
rna
tion
al/R
eg
ion
...
43
%
35
%
1% 1
4%
4%
2%
27
% 39
%
2%
14
%
10
%
8%
27
% 45
%
0% 9
%
0%
18
%
70
%
15
%
0%
0%
13
%
3%
28
% 39
%
4%
18
%
8%
3%
17
%
50
%
17
%
17
%
0%
0%
29
%
27
%
0%
20
%
13
%
11
%
Government OrganizationWorldwide EMEA France Germany United Kingdom South Africa Middle East
31
Source: Frost & Sullivan
Employment Status
Q2. Which of the following best describes your employment status?
Most in EMEA are employed directly by a company or organization.
Base: All 2015 worldwide respondents (n=13,930)
Employed directly by a company or organization
Employed as a contractor An independent security/IT consultant
85
%
9%
6%
86
%
7% 7%
85
%
9%
6%
88
%
5% 6%
84
%
8% 8%
84
%
6% 8%
82
%
12
%
6%
Employment Status
Worldwide EMEA France Germany United Kingdom South Africa Middle East
32
Source: Frost & Sullivan
Organizational Revenue
Q62. What is your organization's global annual revenue? As best you can, please provide the total annual revenues for your organization in U.S. dollars.
Overall, the largest proportion are unable to provide their organizational revenues.
Base: All 2015 worldwide respondents (n=13,930)
Less than $50 mil-lion
$50 to less than $500 million
$500 million to less than $10 bil-
lion
$10 billion or more
Unable to provide
16
%
11
% 15
%
15
%
43
%
19
%
10
% 14
%
15
%
41
%
16
%
9%
18
%
18
%
39
%
16
%
8%
15
% 21
%
38
%
15
%
11
% 16
% 20
%
38
%
26
%
11
%
22
%
3%
38
%
19
%
12
% 16
%
9%
44
%
Employment Status
Worldwide EMEA France Germany United Kingdom South Africa Middle East
33
Source: Frost & Sullivan
Total Employees
Q17. What is the total number of employees across your entire organization worldwide, including all of its branches, divisions, and subsidiaries?
The largest proportion of respondents work for large organizations with 10,000 or more employees.
Base: All 2015 worldwide respondents (n=13,930)
One to 499 employees 500 to 2,499 em-ployees
2,500 to 9,999 employees
10,000 employees or more
25
%
16
%
16
%
43
%
27
%
16
%
15
%
42
%
24
%
11
%
11
%
54
%
22
%
12
%
16
%
50
%
20
%
13
%
16
%
51
%
28
%
9%
18
%
44
%
30
%
25
%
20
% 26
%
Total Employees
Worldwide EMEA France Germany United Kingdom South Africa Middle East
34
Source: Frost & Sullivan
Age
Q64. Which of the following categories contains your age?
The numbers reporting that they are a government contractor are considerably lower in EMEA compared to global levels.
Base: All 2015 worldwide respondents (n=13,930)
Under 30 years of age 30 to 39 years of age 40 to 49 years of age 50 years of age or older
6%
33
%
35
%
27
%
5%
37
%
39
%
19
%
6%
46
%
32
%
16
%
3%
30
%
49
%
17
%
3%
26
%
42
%
29
%
11
%
43
%
38
%
8%
5%
58
%
25
%
11
%
Age
Worldwide EMEA France Germany United Kingdom South Africa Middle East
35
Source: Frost & Sullivan
Gender
Q63. What is your gender?
Across the EMEA region, the profession is overwhelmingly male-dominated.
Base: All 2015 worldwide respondents (n=13,930)
Male Female
90
%
10
%
94
%
6%
95
%
5%
94
%
6%
94
%
6%
92
%
8%
96
%
4%
Age
Worldwide EMEA France Germany United Kingdom South Africa Middle East
36
Source: Frost & Sullivan
Salary Change
Q67. Did you receive a salary increase, including benefits and incentives, in 2014?
The majority received a salary increase in 2014, including 47% of South Africans whose salary increase exceeded 5%.
Base: All 2015 worldwide respondents (n=13,930)
Yes, an increase of up to 5%
Yes, an increase of between 5% and
10%
Yes, an increase of over 10%
No change in salary or benefits
Received a salary or benefit reduction
40
%
12
%
9%
35
%
3%
35
%
11
%
8%
43
%
3%
37
%
11
%
7%
45
%
1%
41
%
10
%
5%
42
%
1%
42
%
9% 10
%
36
%
2%
28
%
40
%
7%
23
%
1%
29
%
20
%
13
%
37
%
2%
Salary Change
Worldwide EMEA France Germany United Kingdom South Africa Middle East
37
Source: Frost & Sullivan
Change in Employment Status
Q68. Did you change your employer or employment status in 2014?
Base: All 2015 worldwide respondents (n=13,930)
Yes, changed employer while still employed
Yes, changed em-ployer due to a
layoff or termina-tion
Yes, became self-employed
Yes, became an employee from be-ing self-employed
No change in em-ployer or employ-
ment status in 2014
14
%
3%
2%
1%
79
%
12
%
3% 3%
1%
81
%
0.1
25
0 0.0
18
75
0
0.8
56
25
9%
3%
2% 3%
84
%
16
%
3% 5%
2%
75
%
22
%
3%
3%
1%
71
%
13
%
3%
3%
0%
80
%
Change in Employment Status
Worldwide EMEA France Germany United Kingdom South Africa Middle East
38
Source: Frost & Sullivan
Education
Q65a. What is your highest level of education completed?
Base: All 2015 worldwide respondents (n=13,930)
High school (or equiva-lent upper secondary)
Bachelors (or equivalent post-secondary)
Master's (or equivalent first stage of tertiary ed-
ucation)
Doctorate (or equivalent second stage of tertiary
education)
10
%
44
%
42
%
3%
13
%
36
%
47
%
4%
3%
11
%
69
%
18
%
13
% 23
%
57
%
8%
22
%
43
%
32
%
3%
18
%
56
%
26
%
0%5
%
54
%
39
%
2%
Education
Worldwide EMEA France Germany United Kingdom South Africa Middle East
39
Source: Frost & Sullivan
Undergraduate Major
Q65b. What was your undergraduate major?
Base: Filtered respondents (n=12,512).
Computer and informa-tion sciences
Engineering and en-gineering technolo-
gies
Business Social sciences and his-tory
49
%
20
%
10
%
4%
53
%
23
%
7%
2%
63
%
25
%
3%
1%
49
%
26
%
7%
1%
41
%
18
%
8%
4%
71
%
12
%
8%
0%
50
%
29
%
10
%
2%
Education
Worldwide EMEA France Germany United Kingdom South Africa Middle East
40
Hiring and Workforce Issues
41
Source: Frost & Sullivan
Hiring
Q19a. Are you responsible for hiring your organization's information security staff?
More Middle Eastern respondents are responsible for hiring than their regional counters counterparts.
Base: All 2015 worldwide respondents (n=13,930)
Yes No
25
%
75
%
23
%
77
%
22
%
78
%
16
%
84
%
27
%
73
%
28
%
72
%
35
%
65
%
Hiring
Worldwide EMEA France Germany United Kingdom South Africa Middle East
42
Source: Frost & Sullivan
Important Skills
Q19b. When making hiring decisions for information security staff how important is each of the following? - Top two box scores
Across the EMEA region, relevant experience is the most important skill sought in new hires, however security certifications take on special importance in South Africa and the Middle East.
Base: Filtered respondents (n=12,512).
The candidate has rele-vant information security
experience
The candidate has in-formation security certi-
fications
The candidate has knowledge of relevant
regulatory policies
The candidate has an in-formation security or re-
lated degree
94
%
70
%
65
%
46
%
94
%
67
%
61
%
44
%
91
%
66
%
46
% 54
%
95
%
67
%
56
%
37
%
93
%
64
%
61
%
26
%
96
%
89
%
48
%
44
%
92
%
79
%
66
%
61
%
Important Skills(Very/Somewhat Important)
Worldwide EMEA France Germany United Kingdom South Africa Middle East
43
Source: Frost & Sullivan
Require Security Certifications Among Staff
Q20a. Does your organization require its IT staff to have information security certifications?
French firms are by far the least likely to require a security certification among their staff, and the EMEA region generally is less likely to require them.
Base: All 2015 worldwide respondents (n=13,930)
Yes No Don't know
43
% 48
%
9%
37
%
54
%
9%
24
%
67
%
9%
34
%
55
%
11
%
38
%
53
%
9%
55
%
40
%
5%
45
%
47
%
8%
Require Security Certifications Among Staff
Worldwide EMEA France Germany United Kingdom South Africa Middle East
Reasons For Requiring Staff to Hold Security Certifications
Q20b. What are all the reasons your organization requires staff to have information security certifications? Select as many as apply.
Among those who require a security certification, employee competence is the most commonly cited reason in most areas of the EMEA region, however Middle Eastern professionals are more likely to cite quality of work.
Base: Filtered respondents (n=5,946):
Em
plo
yee
co
...
Qu
alit
y o
f wo
rk
Re
gu
lato
ry r
e...
Co
mp
an
y p
olic
y
Co
mp
an
y im
ag
...
Cu
sto
me
r re
q...
Co
ntin
uin
g e
d...
Eth
ica
l co
nd
uct
Le
ga
l/du
e d
il...
67
%
52
%
51
%
41
%
39
%
38
%
36
%
26
%
25
%
75
%
63
%
38
%
44
%
45
%
38
%
39
%
27
%
26
%
69
%
44
%
36
% 54
%
49
%
46
%
31
%
18
%
8%
74
%
59
%
47
%
45
%
38
%
43
%
42
%
22
%
28
%
76
%
53
%
40
%
41
%
45
%
34
%
39
%
30
%
32
%
90
%
69
%
40
%
38
% 46
%
38
% 54
%
54
%
31
%
66
%
72
%
37
% 49
%
39
%
30
%
33
%
28
%
24
%
Require Security Certifications Among Staff
Worldwide EMEA France Germany United Kingdom South Africa Middle East
45
Source: Frost & Sullivan
Factors Contributing to Success
Q21. How would you rate the importance of each of the following in contributing to being a successful information security professional? - Top two box scores
Consistently in all countries, communication skills, a broad understanding of the security field and an awareness of the latest security threats are the most important skills.
Base: All 2015 worldwide respondents (n=13,930)
Com
mun
icat
ion
skill
s
Bro
ad u
nder
stan
ding
of
...
Aw
aren
ess
and
unde
rsta
...
Tec
hnic
al k
now
ledg
e
Kno
wle
dge
of r
elev
ant
...
Sec
urity
pol
icy
form
ula.
..
Lead
ersh
ip s
kills
Pos
sess
ion
of a
n in
form
...
Pro
ject
man
agem
ent
sk..
.
Bus
ines
s m
anag
emen
t ..
.
Lega
l kno
wle
dge
Pos
sess
ion
of a
n in
fo..
.
90%
90%
89%
87%
71%
70%
69%
63%
59%
53%
40%
35%
88%
91%
87%
80%
68%
70%
62%
58%
52%
50%
39%
35%
88%
89%
84%
74%
65% 74
%
66%
55%
50%
29% 41
%
39%
91%
91%
86%
80%
68%
69%
50%
50%
52%
44%
39%
31%
90%
92%
88%
78%
71%
67%
66%
56%
43% 53
%
31%
19%
91% 98
%
96%
86%
75% 81
%
75%
79%
54% 62
%
34%
39%
88%
90%
88%
86%
73% 80
%
74%
72%
67%
59%
49% 55%
Factors Contributing to Success(Very/Somewhat Important)
Worldwide EMEA France Germany United Kingdom South Africa Middle East
46
Source: Frost & Sullivan
Employment Gaps
Q22. Thinking of your organization, at what experience level is there the most demand for new hires?
Across the EMEA region, entry level positions are in highest demand.
Base: All 2015 worldwide respondents (n=13,930)
Ind
ivid
ua
l Co
n...
Ma
na
ge
r
Dire
cto
r/M
idd
...
Exe
cutiv
e m
...
C-le
vel E
xecu
...
78
%
12
%
6%
2%
2%
72
%
16
%
6%
3%
3%
64
%
19
%
3%
1% 1
3%
71
%
18
%
5%
3%
2%
77
%
17
%
5%
1%
1%
73
%
19
%
5%
3%
0%
67
%
17
%
8%
5%
4%
Future Employment Gaps
Worldwide EMEA France Germany United Kingdom South Africa Middle East
47
Source: Frost & Sullivan
Demand for Training and Education
Q23. In which areas of information security do you see growing demand for training and education within the next three years? Select as many as apply.
In most regions in the EMEA region, cloud computing is the area requiring the most training and education, however in the UK, South Africa and the Middle East, training on BYOD is ranked a close second.
Base: Filtered respondents (n=7,985).
Clo
ud
co
mp
u...
Brin
g-y
ou
r-o
...
Inci
de
nce
re
...
Info
rma
tion
r...
Mo
bile
de
vic.
..
Fo
ren
sics
Ap
plic
atio
ns
...
Acc
ess
co
ntr
...
En
d-u
ser
secu
...
Se
curit
y m
a...
57
%
47
%
47
%
47
%
41
%
41
%
35
%
33
%
32
%
32
%
55
%
45
%
41
%
44
%
38
%
38
%
32
%
32
%
33
%
31
%
52
%
31
%
33
% 44
%
33
%
30
%
28
%
20
% 26
%
19
%
55
%
35
%
35
% 43
%
34
%
38
%
32
%
22
% 29
%
31
%
58
%
52
%
45
%
46
%
41
%
36
%
32
%
33
%
36
%
34
%
61
%
56
%
49
% 57
%
44
% 54
%
33
%
37
% 43
%
29
%
51
%
45
%
48
%
50
%
37
% 45
%
34
%
38
%
35
%
35
%
Demand for Training and Education
Worldwide EMEA France Germany United Kingdom South Africa Middle East
48
Source: Frost & Sullivan
Significant Skills for Achieving Success
Q24. How significant were each of the following skills and competencies in information security in achieving your current position or level? - Top two box scores
Communication skills are the most important for achieving success in all regions, followed by analytical skills and risk assessment and management skills.
Base: Filtered respondents (n=7,985).
Com
mun
icat
ions
ski
lls
Ana
lytic
al s
kills
Ris
k as
sess
men
t an
...
Info
Sys
tem
s an
d se
cu..
.
Gov
erna
nce,
ris
k m
an..
.
Arc
hite
ctur
e
Pla
tfor
m o
r te
chno
logy
...
Inci
dent
inve
stig
atio
n...
Dat
a ad
min
istr
atio
n ..
.
Eng
inee
ring
Bus
ines
s an
d bu
sine
ss..
.
Virt
ualiz
atio
n
Sof
twar
e sy
stem
dev
...
Acq
uisi
tion/
Pro
cure
me.
..
98%
97%
94%
90%
89%
86%
86%
85%
80%
80%
76%
66%
60%
48%
98%
97%
93%
88%
88%
87%
84%
84%
75%
76%
74%
61%
55%
46%
99%
90%
91%
79% 96
%
88%
69%
71%
68%
88%
57%
56%
46%
36%
99%
97%
94%
85%
83% 90
%
86%
79%
72%
72%
66%
63%
50%
38%
98%
96%
94%
88%
88%
81%
82%
83%
72%
67% 75
%
52%
52%
40%
100%
97%
95%
95%
95%
95%
86% 93
%
78%
71% 84
%
69%
57%
41%
99%
98%
94%
94%
96%
89%
87% 95
%
82%
83%
78%
70%
58%
63%
Significant Skills for Achieving Success(Very/Somewhat Significant)
Worldwide EMEA France Germany United Kingdom South Africa Middle East
49
Source: Frost & Sullivan
Future Skills and Competencies
Q25. What are the skills and competencies that you will need to acquire or strengthen to be in position to respond to the threat landscape over the next three years? Select all that apply.
Risk assessment and management ranks as the top overall future skill among professionals in the EMEA. Generally, professionals in the Middle East and South Africa are more likely to place emphasis on any given skill or competency.
Base: Filtered respondents (n=7,985).
Ris
k as
sess
men
t an
...
Inci
dent
inve
stig
atio
n...
Gov
erna
nce,
ris
k m
an..
.
Ana
lytic
al s
kills
Arc
hite
ctur
e
Com
mun
icat
ions
ski
lls
Info
Sys
tem
s an
d se
cu..
.
Virt
ualiz
atio
n
Pla
tfor
m o
r te
chno
logy
...
Bus
ines
s an
d bu
sine
ss..
.
Eng
inee
ring
Dat
a ad
min
istr
atio
n ..
.
Sof
twar
e sy
stem
dev
...
55%
52%
48%
42%
38%
37%
36%
33%
30%
20%
19%
18%
17%
52%
48%
47%
38%
41%
36%
31%
30%
28%
20%
14%
16%
14%
46%
41%
52%
19%
33%
31%
15%
26%
20%
14%
9% 10%
10%
51%
40% 43%
42%
35% 41
%
24%
35%
26%
15%
15%
13%
9%
54%
50%
51%
29%
43%
34%
35%
27%
28%
20%
13%
14%
13%
64%
64%
64%
55%
55%
41% 45
%
31%
33%
21%
22%
21%
22%
64%
60%
53%
49%
46%
34% 40
%
41%
31%
21%
18%
21%
16%
Future Skills and Competencies
Worldwide EMEA France Germany United Kingdom South Africa Middle East
50
Source: Frost & Sullivan
Future Skills and Competencies in New Recruits
Q26. How important are each of the following skills and competencies when recruiting new entry to mid-level information security professionals to your organization? - Top two box scores
Communication skills and analytical skills are nearly unanimously seen as important skills in new recruits.
Base: Filtered respondents (n=7,534)
Com
mun
icat
ions
ski
lls
Ana
lytic
al s
kills
Ris
k as
sess
men
t an
...
Pla
tfor
m o
r te
chno
logy
...
Info
Sys
tem
s an
d se
cu..
.
Inci
dent
inve
stig
atio
n...
Arc
hite
ctur
e
Gov
erna
nce,
ris
k m
an..
.
Eng
inee
ring
Dat
a ad
min
istr
atio
n ..
.
Virt
ualiz
atio
n
Bus
ines
s an
d bu
sine
ss..
.
Sof
twar
e sy
stem
dev
...
Acq
uisi
tion/
Pro
cure
me.
..
98%
97%
92%
90%
89%
89%
86%
86%
80%
79%
75%
68%
67%
43%
97%
96%
92%
88%
89%
88%
88%
86%
75%
76%
73%
68%
64%
43%
93%
81% 92
%
84%
82%
86%
87%
85%
85%
65% 72
%
55%
55%
29%
99%
97%
89%
91%
87%
83% 89%
82%
68% 76
%
78%
57% 63%
37%
98%
96%
94%
88%
91%
90%
87%
90%
68% 76
%
65% 74
%
60%
36%
95%
96%
93%
91%
95%
89%
89%
85%
78%
82%
73%
69%
51%
42%
99%
96%
95%
93%
87%
92%
90%
90%
78%
81%
77%
70%
62%
54%
Future Skills and Competencies in New Recruits(Very/Somewhat Important)
Worldwide EMEA France Germany United Kingdom South Africa Middle East
51
Source: Frost & Sullivan
Employee Retention Activities
Q27. How important are each of the following initiatives for the retention of information security professionals at your organization? - Top two box scores
Training programs, paying for professional development and offering flexible work schedules are among the most important employee retention activities in each country.
Base: Filtered respondents (n=7,985).
Off
erin
g tr
aini
ng p
rog.
..
Pay
ing
for
prof
essi
onal
...
Impr
ovin
g co
mpe
nsat
...
Off
erin
g fle
xibl
e w
ork.
..
Sup
port
ing
rem
ote
or f
...
Enc
oura
ging
rol
e di
ver.
..
Enc
oura
ging
and
pay
in..
.
Act
ive
part
icip
atio
n ..
.
Spo
nsor
ing
men
tors
hi..
.
Virt
ualiz
atio
n
Spo
nsor
ing
exec
utiv
e ..
.
Bus
ines
s an
d bu
sine
ss..
.
Sof
twar
e sy
stem
dev
...
94%
93%
92%
92%
90%
87%
87%
82%
76%
75%
71%
68%
67%
93%
91%
90%
89%
88%
88%
83%
82%
74%
73%
71%
68%
64%
86% 92
%
87%
84%
81%
86%
72%
75%
69%
72%
66%
55%
55%
93%
93%
92%
96%
92%
86%
78%
76%
72% 78%
74%
57% 63%
94%
92%
91%
89%
93%
88%
85%
85%
73%
65%
66% 74
%
60%
96%
98%
98%
89%
87%
91%
95%
91%
84%
73% 84
%
69%
51%
96%
90% 96%
89%
85%
89%
89%
87%
85%
77% 86
%
70%
62%
Employee Retention Activities(Very/Somewhat Important)
Worldwide EMEA France Germany United Kingdom South Africa Middle East
52
Source: Frost & Sullivan
Number of Security Workers
Q28a. Would you say that your organization currently has the right number of information security workers, too few, or too many?
A majority from each country indicate that there are too few security workers in their organization.
Base: Filtered respondents (n=7,985).
Too many The right number Too few Don't know
2%
26%
62%
9%
2%
29%
61%
8%
0%
32%
54%
14%
2%
27%
64%
6%
2%
27
%
63
%
8%
2%
24%
64%
10%
4%
25%
61%
9%
Number of Security Workers
Worldwide EMEA France Germany United Kingdom South Africa Middle East
53
Source: Frost & Sullivan
Number of Security Workers Increase
Q28b. How many MORE information security staff should there be?
A third indicate that they would like to see a 15% or greater increase in the security workforce in their organization.
Base: Filtered respondents (n=4,969).
One to five percent Six to 10 percent 11 to 15 percent More than 15 percent
Don't know
18%
26%
15%
35%
6%
18%
24%
16%
37%
6%
18% 22
%
18%
33%
8%
11%
26%
17%
40%
6%
16%
22%
17%
37%
8%
19%
32%
11%
32%
5%
23% 25
%
16%
34%
3%
Number of Security Workers Increase
Worldwide EMEA France Germany United Kingdom South Africa Middle East
54
Source: Frost & Sullivan
Number of Security Workers Decrease
Q28b. How many LESS information security staff should there be?
Of the small number who would like to see a decrease in the number of security workers, the largest proportion indicate that 6 to 10% cut would suffice. That said, 63% of UK professionals would prefer a 15% or more cut to their workforce.
Base: Filtered respondents (n=154).
One to five percent Six to 10 percent 11 to 15 percent More than 15 percent
Don't know
20% 27
%
18% 25
%
10%20
%
22%
20% 29
%
9%
0 0 0 0 00%
60%
40%
0% 0%0%
13%
13%
63%
13%
1
0 0 0 0
38%
25%
13%
13%
13%
Number of Security Workers Decrease
Worldwide EMEA France Germany United Kingdom South Africa Middle East
55
Source: Frost & Sullivan
Organizational Gaps
Q28c. Of which of the following job titles or categories are there currently not enough of within your organization?
Security analysts are in shortest supply in most countries, however South African firms report a shortage of forensic analysts in greater numbers than the rest of the region.
Base: Filtered respondents (n=7,985).
Se
curit
y a
n...
Se
curit
y a
ud
...
Se
curit
y a
rc...
Fo
ren
sic
an
...
Inci
de
nt h
an
...
Se
curit
y e
ng
...
Se
curit
y e
n...
We
b s
ecu
rity
Se
curit
y te
...
Se
curit
y sy
...
46%
32%
32%
30%
28%
27%
26%
25%
25%
24%
40%
32%
34%
32%
25%
23%
21%
23% 26%
21%
31% 37
%
20%
18%
12%
31%
16%
27%
12% 18
%
31%
23%
31% 36
%
21%
23%
25%
22% 26
%
18%
51%
28%
39%
27%
22%
22%
20% 24
%
20%
20%
41%
32%
32%
57%
30%
24% 32
%
16%
32%
16%
40%
41%
28% 34
% 38%
22%
19% 25
%
34%
22%
Organizational Gaps(Top 10)
Worldwide EMEA France Germany United Kingdom South Africa Middle East
56
Source: Frost & Sullivan
Reasons for Worker Shortage
Q28d. What are the reasons that your organization has too few information security workers? Select as many as apply.
Most often, businesses cannot support additional personnel, or report that it is difficult to find qualified personnel. Businesses in France are the most likely to report that they cannot find the qualified personnel that they require.
Base: Filtered respondents (n=4,969).
Business conditions can't support addi-tional personnel at
this time
It is difficult to find the qualified per-sonnel we require
Leadership in our organization has insufficient under-standing of the re-quirement for in-
formation security
There is no clear ca-reer path for infor-
mation security workers
It is difficult to retain security workers
45%
44%
43%
31%
24%
44%
44%
43%
33%
21%
37%
61%
33%
43%
37%
39%
55%
41%
33%
23%
44%
41%
40%
28%
26%
49% 54%
51%
27%
19%
39%
50%
48%
31%
26%
Reasons for Worker Shortage
Worldwide EMEA France Germany United Kingdom South Africa Middle East
57
Source: Frost & Sullivan
Impact of Worker Shortage
Q28e. What is the impact of your organization's shortage of information security workers on each of the following? - Top two box scores
In most cases, workers in the Middle East are more likely to report that the worker shortage they experience has an impact on multiple facets of their jobs.
Base: Filtered respondents (n=4,969).
On the existing informa-tion security workforce
On the organization as a whole
On security breaches On customers
71%
59%
50%
48%
66%
54%
48%
45%
55%
43%
45%
43%
66%
55%
48% 52
%
73%
54%
43%
44%
62%
54%
51%
51%
77%
61%
60%
50%
Impact of Worker Shortage(Very Great/Great Impact)
Worldwide EMEA France Germany United Kingdom South Africa Middle East
58
Certification and Training
59
Source: Frost & Sullivan
Vendor Neutral Certifications
Q11a. Which of the following vendor-neutral certifications and designations have you acquired and maintain? Please read carefully and select all that apply to you.
Base: All 2015 worldwide respondents (n=13,930). :
CIS
SP
- C
ert
ifie
d In
...
ITIL
Se
curit
y+
CIS
A -
Ce
rtifi
ed
Info
...
CIS
M -
Ce
rtifi
ed
Inf..
.
CE
H -
Ce
rtifi
ed
Eth
ic...
PM
P -
Pro
ject
Ma
na
g...
CR
ISC
- C
ert
ifie
d in
...
BS
77
99
/ISO
27
00
1 ..
.
76%
19%
15%
15%
11%
11%
7% 6% 5%
76%
25%
7%
18%
15%
11%
5% 7% 10%
88%
23%
2%
11%
13%
5% 3% 3%
18%
84%
27%
9% 12%
13%
11%
3% 4% 9%
79
%
22
%
7% 12
%
13
%
12
%
3% 6% 12
%
69%
28%
18%
18%
18%
6% 2%
8% 4%
68%
32%
12% 24
%
21%
20%
9% 12%
15%
Vendor Neutral Certifications
Worldwide EMEA France Germany United Kingdom South Africa Middle East
60
Source: Frost & Sullivan
Lapsed Vendor Neutral Certifications
Q11b. Which of the following vendor-neutral certifications and designations have you acquired but have allowed to lapse or expire? Please read carefully and select all that apply to you.
Base: All 2015 worldwide respondents (n=13,930).
No
ne
ITIL
Se
curit
y+
CE
H -
Ce
rtifi
ed
Eth
ic...
GS
EC
- G
IAC
Se
curit
y...
CIS
A -
Ce
rtifi
ed
Info
...
CIS
SP
- IS
SA
P, I
nfo
r...
CIS
SP
- C
ert
ifie
d In
...
PM
P -
Pro
ject
Ma
na
g...
CIS
M -
Ce
rtifi
ed
Inf..
.
GC
IH -
GIA
C C
ert
ifie
...
BS
77
99
/ISO
27
00
1 ..
.
79%
2% 2% 1% 1% 1% 1% 1% 1% 1% 1% 1%
81%
2% 1% 1% 0% 1% 1% 1% 1% 1% 0% 1%
82%
1% 1% 1% 1% 1% 2% 1% 1% 1% 0% 4%
85%
2% 1% 1% 0% 0% 1% 1% 1% 0% 1% 1%
79
%
3%
1% 2%
1%
1%
1%
1%
0% 1%
0% 1%
78%
6%
0% 2% 1% 2% 0% 1% 0% 1% 0% 1%
73%
2% 0% 2% 0% 2% 1% 2% 2% 2% 1% 2%
Lapsed Vendor Neutral Certifications
Worldwide EMEA France Germany United Kingdom South Africa Middle East
61
Source: Frost & Sullivan
Vendor Specific Certifications
Q12a. To date, which of the following vendor-specific certifications and designations have you acquired and maintain? Please read carefully and select all that apply to you.
Base: All 2015 worldwide respondents (n=13,930).
No
ne
MC
SE
: Se
curit
y -
Mic
...
MC
SA
: Se
curit
y -
Mic
r...
CC
SP
- C
isco
Ce
rtifi
...
CC
SA
- C
he
ck P
oin
t C...
CC
SE
- C
he
ck P
oin
t C...
CS
VP
N -
Cis
co S
ecu
r...
Su
n C
ert
ifie
d S
ecu
rity.
..
CS
PF
A -
Cis
co S
ecu
...
CC
SK
En
CE
- E
nC
ase
Ce
rti..
.
CS
IDS
- C
isco
Se
cur.
..
79%
6% 5% 2% 2% 2% 1% 1% 1% 1% 1% 1%
76%
7% 5% 3% 3% 3% 1% 1% 1% 1% 0% 1%
89%
2% 2% 1% 1% 1% 1% 0% 1% 1% 0% 1%
74%
6% 4% 3% 5% 5% 0% 1% 0% 1% 1% 0%
81
%
7%
4%
3% 3%
3%
1%
1%
1%
1%
0%
0%
66%
8% 6% 5% 5% 0% 1% 0% 2% 0% 2% 0%
62%
13%
12%
8% 6% 4% 3% 2% 3% 1% 0% 3%
Vendor Specific Certifications
Worldwide EMEA France Germany United Kingdom South Africa Middle East
62
Source: Frost & Sullivan
Lapsed Vendor Specific Certifications
Q12b. Which of the following vendor-specific certifications and designations have you acquired but have allowed to lapse? Please read carefully and select all that apply to you.
Base: All 2015 worldwide respondents (n=13,930).
No
ne
MC
SE
: Se
curit
y -
Mic
...
CC
SA
- C
he
ck P
oin
t C...
MC
SA
: Se
curit
y -
Mic
r...
CC
SE
- C
he
ck P
oin
t C...
CC
SP
- C
isco
Ce
rtifi
...
Su
n C
ert
ifie
d S
ecu
rity.
..
CS
PF
A -
Cis
co S
ecu
...
CS
IDS
- C
isco
Se
cur.
..
CC
SE
Plu
s -
Ch
eck
Po
...
CS
VP
N -
Cis
co S
ecu
r...
RS
A/C
A -
RS
A S
ecu
rI...
83%
4% 3% 2% 2% 2% 1% 1% 1% 1% 1% 1%
81%
4% 4% 2% 3% 2% 1% 1% 1% 1% 1% 1%
83%
1%
10%
0%
8%
2% 0% 1% 0% 4% 0% 1%
83%
4% 5% 1% 5% 2% 1% 2% 1% 2% 1% 1%
82
%
6%
4%
2% 4%
2%
1%
1%
1%
1%
1%
1%
75%
9%
3% 6%
0% 1% 3% 0% 1% 0% 0% 1%
71%
6% 2% 4% 2% 5% 2% 2% 2% 2% 2% 0%
Lapsed Vendor Specific Certifications
Worldwide EMEA France Germany United Kingdom South Africa Middle East
63
Source: Frost & Sullivan
Additional Security Certifications
Q13a. Are you planning to acquire additional security certifications in the next 12 months?
Professionals in South Africa and the Middle East are the most likely to seek out additional certifications in the next year.
Base: All 2015 worldwide respondents (n=13,930).
Yes No
59
%
41
%
63
%
37
%
57
%
43
%
61
%
39
%
60
%
40
%
82
%
18
%
74
%
26
%
Additional Security Certifications
Worldwide EMEA France Germany United Kingdom South Africa Middle East
64
Source: Frost & Sullivan
Additional Security Certifications
Q13b. Which of the following certifications are you planning to acquire in the next 12 months? Please read carefully and select all that apply to you.
Base: Filtered Respondent (n=8,285)
Not
sur
e at
thi
s tim
e
CIS
SP
- C
ertif
ied
Info
rmat
ion
S..
.
CE
H -
Cer
tifie
d E
thic
al H
acke
r
CIS
M -
Cer
tifie
d In
form
atio
n S
e...
CIS
A -
Cer
tifie
d In
form
atio
n S
ys..
.
CIS
SP
- I
SS
AP
, In
form
atio
n S
ys..
.
ITIL
PM
P -
Pro
ject
Man
agem
ent
Pro
f...
CIS
SP
- I
SS
MP
, In
form
atio
n S
y...
CR
ISC
- C
ertif
ied
in R
isk
and
I...
CIS
SP
- I
SS
EP
, In
form
atio
n S
ys..
.
CC
SK
- C
ertif
icat
e of
Clo
ud S
ec..
.
HC
ISP
P -
Hea
lthca
re I
nfor
mat
ion.
..
CC
SP
- C
isco
Cer
tifie
d S
ecur
ity .
..
BS
779
9/IS
O 2
7001
IS
MS
Aud
itor
18%
15%
14%
12%
10%
6% 6% 5% 5% 5%
3% 3% 3% 3% 3%
19%
15%
12% 15
%
10%
6% 6%
3% 5% 6%
1%
3%
1% 2%
4%
20%
10%
8%
11%
9%
11%
4%
1%
5% 5%
1% 2%
0% 0%
10%
27%
5%
12%
10%
10%
7%
4%
1%
5% 6%
1% 2%
0% 1%
4%
23%
13%
9%
13%
5% 6%
4%
1%
6%
8%
2%
4%
0% 2%
6%
14%
13%
18%
24%
12%
8%
10%
0%
8%
10%
8%
3% 1% 1% 0%
11%
20%
10%
20%
11%
7%
12%
11%
7% 6%
1%
5%
2% 3%
9%
Additional Certifications
Worldwide EMEA France Germany United Kingdom South Africa Middle East
65
Source: Frost & Sullivan
Current Certifications
Q14a. From which of the following security organizations have you received certification or hold a membership? Please select all that apply to you.
Base: All 2015 worldwide respondents (n=13,930).
(IS
C)2
ISA
CA
Co
mp
TIA
SA
NS
EC
Co
un
cil
ISS
A
IEE
E
OW
AS
P
CS
A C
lou
d S
ecu
ri...
78%
26%
20%
14%
12%
6% 5% 4% 3%
78%
30%
10%
9% 12%
2% 4% 3% 3%
90%
20%
4% 9% 6% 2% 1% 4% 3%
90%
23%
10%
7% 12%
1% 4% 3% 4%
80%
25%
11%
7%
15%
4% 4% 2% 3%
68%
40%
28%
4% 6%
0% 4% 1% 0%
70%
40%
16%
12% 20
%
3% 7% 3% 3%
Current Certifications
Worldwide EMEA France Germany United Kingdom South Africa Middle East
66
Source: Frost & Sullivan
Critical Security Organizations
Q14b. Thinking about your own career and role within your organization, how critical is each of the following security organizations to your career development? - Top two box scores
In each country and throughout the region as a whole, (ISC)2 is considered to be the most critical for career development.
Base: Filtered sample (n=12,568)
(IS
C)2
SA
NS
ISA
CA
OW
AS
P
IEE
E
EC
Co
un
cil
CS
A C
lou
d S
ec.
..
Co
mp
TIA
ISS
A
ISF
Info
rma
tio...
BC
I (B
usi
ne
ss C
...
77%
41%
36%
27%
18%
17%
17%
14%
12%
10%
10%
72%
32% 40
%
26%
14%
16%
15%
7% 7%
14%
11%
72%
36%
33%
33%
12%
14% 21
%
5% 5% 9% 10%
74%
26% 33
%
23%
16%
9% 15%
9% 3%
13%
5%
75%
27%
31%
23%
12%
13%
14%
6% 6%
16%
8%
80%
49% 66
%
29%
22%
24%
20%
14%
8%
25%
24%
81%
50% 62
%
36%
19% 28
%
22%
14%
16%
12% 22
%
Critical Security Organizations(Very/Somewhat Critical)
Worldwide EMEA France Germany United Kingdom South Africa Middle East
67
Source: Frost & Sullivan
Training and Education (Past 12 Months)
Q15a. In the past 12 months has the amount of information security training and education you received increased, decreased, or remained the same? Please include both internal and external training and education.
European professionals are the least likely to have seen an increase in training in 2014, while African and Middle Eastern professionals are the most likely to have seen an increase.
Base: Filtered sample (n=12,568)
Increased Remained the same Decreased Don't know
37%
46%
16%
1%
35%
47%
17%
1%
30%
46%
21%
3%
28%
54%
16%
1%
30%
47%
21%
1%
40% 46
%
12%
2%
47%
36%
16%
2%
Training and Education (Past 12 Months)
Worldwide EMEA France Germany United Kingdom South Africa Middle East
68
Source: Frost & Sullivan
Training and Education (Next 12 Months)
Q15b. Over the next 12 months do you expect the amount of information security training and education you receive to increase, decrease, or remain the same? Please include both internal and external training and education.
South African and Middle Eastern professionals are the most likely to expect an increase in training in 2015.
Base: Filtered sample (n=12,568)
Increase Remain the same Decrease Don't know
45%
45%
7%
3%
43% 46
%
8%
3%
42%
42%
7% 9%
36%
53%
9%
2%
37%
50%
10%
3%
61%
27%
8%
3%
58%
33%
6%
3%
Training and Education (Next 12 Months)
Worldwide EMEA France Germany United Kingdom South Africa Middle East
69
Source: Frost & Sullivan
Training and Education (Increase)
Q15c. What percentage [INCREASE] are you expecting in the amount of information security training and education that you will receive in the next 12 months? Please provide your best estimate below.
In every country, the largest proportion of professionals expect a 6 to 10% increase in training.
Base: Filtered respondents (n=6,252).
Five percent or less
Six to 10 percent 11 to 15 percent 16 to 20 percent 21 to 25 percent More than 25 percent
9%
29%
15%
15%
10%
17%
9%
29%
15%
15%
9%
18%
10%
25%
19%
16%
4%
19%
10%
41%
17%
13%
4%
8%9%
31%
11%
19%
9%
17%
14%
24%
16% 19
%
10% 14
%
7%
28%
17%
15%
12% 15
%
Training and Education (Increase)
Worldwide EMEA France Germany United Kingdom South Africa Middle East
70
Source: Frost & Sullivan
Training and Education (Decrease)
Q15c. What percentage [DECREASE] are you expecting in the amount of information security training and education that you will receive in the next 12 months? Please provide your best estimate below.
Of the few who expect a decrease in training, most expect it will drop dramatically by 25% or more.
Base: Filtered respondents(n=975).
Five percent or less
Six to 10 percent 11 to 15 percent 16 to 20 percent 21 to 25 percent More than 25 percent
5%
10%
7%
11%
12%
46%
5%
10%
11%
12%
10%
44%
27%
9%
0%
9%
18%
18%
0%
13%
10%
19%
3%
45%
4%
11%
11%
11%
7%
54%
0 0
0.12
5
0.25
0.37
5
0.25
5%
10%
24%
10%
10%
38%
Training and Education (Decrease)
Worldwide EMEA France Germany United Kingdom South Africa Middle East
71
Source: Frost & Sullivan
Training and Education Resources
Q15d. Does your organization provide adequate resources for training and professional development opportunities for your information security workforce?
Professionals are split as to whether their organization offers sufficient training and professional development opportunities. Generally, a majority or close to a majority believes that the resources are sufficient.
Base: All 2015 worldwide respondents (n=13,930).
Yes No Don't know
56%
37%
7%
57%
36%
7%
61%
28%
11%
62%
29%
9%
56%
38%
6%
48%
46%
5%
50%
42%
8%
Adequate Training and Resources
Worldwide EMEA France Germany United Kingdom South Africa Middle East
72
Source: Frost & Sullivan
Payment for Training
Q15e. How is your information security training and education currently paid?
Overall, Middle Eastern professionals are the most likely to pay for their training entirely themselves. European countries fare better, with more than half reporting that their employer paid for their training.
Base: All 2015 worldwide respondents (n=13,930).
Paid for completely myself
Paid for completely by my employer
Paid partially by me and my employer
Completely or partially paid by government
grants
22%
45%
32%
2%
19%
51%
29%
1%
15%
69%
14%
2%
11%
61%
27%
1%
21%
50%
29%
0%
26% 3
5% 39%
0%
35%
35%
29%
1%
Payment for Training
Worldwide EMEA France Germany United Kingdom South Africa Middle East
73
Source: Frost & Sullivan
Preferred Training Channel
Q15f. How would you rate the relevance of each of the following methods of receiving information security training and education? - Top two box scores
Where European and Middle Eastern countries prefer face-to face training, South Africa reports the highest approval of online training.
Base: All 2015 worldwide respondents (n=13,930).
Face-to-face (in classroom)
Internet-based learning (e-learn-ing, self-paced)
Study guide re-view (textbooks)
Web conferenc-ing (live online)
Cyber-range based training
(simulated cyber war games)
Study group
74%
72%
57%
54%
41%
34%
74%
68%
57%
49%
36%
36%
82%
59%
44%
44%
34%
47%
69%
67%
53%
50%
33%
32%
76%
66%
56%
51%
31%
33%
66%
82%
67%
57%
47%
39%
81%
74%
64%
57%
47%
46%
Preferred Training Channel
Worldwide EMEA France Germany United Kingdom South Africa Middle East
74
Source: Frost & Sullivan
Success of Cyber-Range Based Training
Q15g. You indicated that you think cyber-range based training is at least somewhat relevant. Please rate how successful you believe that cyber-range training has been in developing skills and techniques to meet ever-evolving security threats?
In each country, reviews of cyber-range based training are positive, with a large majority in each region rating it at least somewhat successful.
Base: Filtered respondents (n=5,658).
Very successful Somewhat success-ful
Neither successful nor unsuccessful
Not very successful Not at all successful
26%
58%
7%
1% 0%
24%
60%
6%
2% 0%
20%
53%
16%
2% 0%
28%
51%
6%
1% 0%
16%
63%
8%
2% 0%
29%
53%
7%
2% 0%
26%
62%
3% 1% 0%
Success of Cyber-Range Based Training(Very/Somewhat Successful)
Worldwide EMEA France Germany United Kingdom South Africa Middle East
75
Security Importance and Incident Response
76
Source: Frost & Sullivan
Factors Driving Effective Security
Q29. How would you rate the importance of each of the following in effectively securing your organization? - Top two box scores
The top three factors driving effective security are qualified staff, adherence to policy and support from management.
Base: All 2015 worldwide respondents (n=13,930).
Qu
alif
ied
se
curi.
..
Ma
na
ge
me
nt s
up
...
Ad
he
ren
ce to
s...
Tra
inin
g o
f sta
f...
Bu
dg
et a
lloca
te...
Ha
vin
g a
cce
ss...
Se
cure
so
ftwa
...
So
ftwa
re s
olu
t...
Ha
rdw
are
ap
pli.
..
Virt
ua
lize
d o
r ...
Inte
rne
t de
live
...
88%
85%
85%
81%
81%
68%
66%
53%
49%
48%
43%
87%
84%
83%
81%
79%
71%
65%
49%
43%
45%
41%
79%
81%
76%
78%
75%
75%
56%
33%
31% 38% 48%
89%
78% 85%
80%
75%
65%
68%
41%
36%
41%
32%
82% 89%
88%
87%
81%
70%
65%
48%
46%
44%
39%
98%
90%
93%
86%
86%
83%
74%
67%
57%
55% 64%
90%
89%
89%
86%
83%
79%
70%
59%
55%
55%
53%
Factors Driving Effective Security(Very/Somewhat Important)
Worldwide EMEA France Germany United Kingdom South Africa Middle East
77
Source: Frost & Sullivan
Top Security Threats
Q30. Thinking about your own organization, please rate the following potential security threats on the degree of concern you have for each. - Top two box scores
Overall, application vulnerabilities and malware are the top security threats identified by professionals in the EMEA region. Surprisingly, South African and Middle Eastern professionals identify internal employees as a top threat.
Base: Filtered respondents (n=7,985).
App
licat
ion
vuln
erab
ilitie
s
Mal
war
e
Con
figur
atio
n m
ista
kes/
...
Mob
ile d
evic
es
Fau
lty n
etw
ork/
syst
em .
..
Hac
kers
Inte
rnal
em
ploy
ees
Clo
ud-b
ased
ser
vice
s
Cyb
er t
erro
rism
Tru
sted
thi
rd p
artie
s
Cor
pora
te e
spio
nage
Con
trac
tors
Sta
te s
pons
ored
act
s
Hac
ktiv
ists
Org
aniz
ed c
rime
72%
71%
65%
60%
59%
59%
54%
49%
48%
42%
42%
41%
41%
40%
38%
70%
66%
63%
60%
58%
56%
52%
46%
42%
41%
43%
40%
34% 37% 42
%
74%
49%
48% 56
%
54%
49%
45%
47%
35%
27%
42%
43%
25%
23% 34
%
68%
55%
58%
57%
50%
53%
41%
42%
41%
37% 47
%
34% 41
%
32%
45%
70%
68%
67%
58%
58%
51%
53%
48%
46%
42%
37%
38%
38% 42
% 45%
74% 79
%
78%
76%
67% 76
%
72%
48% 53
% 64%
64%
62%
29%
53%
69%74
% 80%
73%
66%
64% 71
%
65%
49% 58
%
54%
56%
54%
50% 55
%
49%
Top Security Threats(Top/High Concern)
Worldwide EMEA France Germany United Kingdom South Africa Middle East
78
Source: Frost & Sullivan
Organizational Priorities
Q31. Please rate the following in terms of their priority to your organization. - Top two box scores
Consistently, protecting the organization’s reputation is an important priority in each country. Typically, South African and Middle Eastern professionals place greater emphasis on each priority.
Base: Filtered respondents (n=7,985).
Da
ma
ge
to t.
..
Se
rvic
e d
o...
Bre
ach
of l
...
Cu
sto
me
r p
r...
Cu
sto
me
r id
e...
He
alth
an
d ..
.
Th
eft
of i
nte
...
Co
mp
etit
ive
...
La
wsu
its
Re
du
ced
sh
...
82%
75%
75%
72%
65%
58%
58%
50%
48%
47%
84%
75%
73%
72%
66%
58%
56%
50%
46% 51
%
75%
62% 70
%
62%
64%
52%
52%
46%
47%
44%
81%
74%
70%
74%
64%
58%
52%
37%
36% 48
%
90%
77%
80%
76%
69%
58%
56%
51%
44% 53
%
95%
81%
81%
83%
83%
60%
76%
69%
57% 67
%
83%
78%
72%
68%
67%
67%
69%
63%
61%
58%
Organizational Priorities
Worldwide EMEA France Germany United Kingdom South Africa Middle East
79
Source: Frost & Sullivan
Assessment of Performance Under Attack Scenarios (Perform Better)
Q32. Compared to a year ago, please indicate how your organization would perform if its systems or data were compromised by a targeted attack? - Perform better
In each scenario, South Africans and Middle Eastern firms believe they would perform better in greater numbers than their European counterparts.
Base: All 2015 worldwide respondents (n=13,930).
Having systems in place to prepare for a security incident
Discovering a security breach Recovering from a security breach
48%
50%
46%
46%
48%
44%
45% 52
%
45%
42% 47
%
40%45
%
44%
42%
69%
62%
55%
56%
57%
55%
Preferred Training Channel
Worldwide EMEA France Germany United Kingdom South Africa Middle East
80
Source: Frost & Sullivan
Threat Response Time
Q33a. If your organization's systems or data were compromised by a targeted attack, how quickly do you predict it would take to remediate the damage?
The largest proportion in each country indicate that they would be able to remediate a threat within a week.
Base: Filtered respondents (n=7,985).
Within one day Two to seven days
Eight to twenty days
Three to five weeks
Six weeks or more
Don't know
20%
44%
11%
4% 4%
16%19
%
46%
11%
4% 3%
17%
14%
37%
12%
4%
8%
24%
16%
47%
16%
3% 1%
17%
15%
47%
12%
4% 4%
19%22
%
50%
5% 5% 5%
12%
27%
44%
9%
4% 2%
14%
Threat Response Time
Worldwide EMEA France Germany United Kingdom South Africa Middle East
81
Source: Frost & Sullivan
Factors Improving Security Activities
Q33b. What security technologies do you believe will provide significant improvements to the security of your organization? Select as many as you feel apply.
In most countries in the region, network monitoring and intelligence coupled with improved intrusion detection are highlighted as technologies that will improve security activities.
Base: Filtered respondents (n=7,985).
Network monitoring and intelligence
Improved intrusion detection and
prevention tech-nologies
Policy management and audit tools
Web security ap-plications
Automated identity management
software
75%
72%
52%
49%
44%
71%
70%
50%
47%
45%49% 5
8%
54%
45%
45%
62% 6
9%
41%
38%
41%
80%
73%
53%
45%
45%
81%
74%
59%
57%
69%
81%
72%
57%
54%
52%
Factors Improving Security Activities
Worldwide EMEA France Germany United Kingdom South Africa Middle East
82
Source: Frost & Sullivan
Security Threats
Q33c. Please indicate how common each of the security threats listed below are for your organization. - Top two box scores
Across all regions, phishing is the most common security threat.
Base: Filtered respondents (n=7,985).
Ph
ish
ing
Sca
n n
etw
...
We
b a
pp
lica
...
Priv
ileg
e a
...
De
nia
l of s
e...
SQ
L In
ject
ion
Do
wn
loa
de
r
Co
mm
an
d a
n...
Ba
ckd
oo
r
Bru
te fo
rce
54%
36%
35%
34%
33%
31%
29%
27%
26%
25%
51%
34%
36%
35%
36%
30%
27%
26%
24%
23%
49%
32% 41
%
30%
31%
32%
20% 29
%
20%
21%
53%
39% 47
%
32% 40
% 44%
32%
29%
30%
31%
53%
30%
31%
32%
35%
23%
25%
22%
18%
19%
64%
50%
36%
59%
41%
31% 38
%
33%
34%
29%
61%
41%
41% 48
%
41%
38%
38%
37%
36%
29%
Top 10 Security Threats(Very/Somewhat Common)
Worldwide EMEA France Germany United Kingdom South Africa Middle East
83
Source: Frost & Sullivan
Security Breaches Attributable to Known Vulnerabilities
Q33d. Approximately what percentage of all detected security breaches in your organization over the past year can you attribute to known vulnerabilities?
Known vulnerabilities account for less than 25% of breaches in the largest proportion of nations in the EMEA region.
Base: Filtered respondents (n=7,985).
Less than 25% 25 to less than 50% 50 to less than 75% 75 to 100% Don't know
28%
14%
11%
10%
36%
27%
15%
13%
12%
32%
22%
13%
9%
18%
38%
24%
19%
19%
11%
27%
24%
15%
10%
11%
40%
26%
21%
12%
10%
31%34
%
15%
15%
15%
21%
Security Breaches Attributable to Known Vulnerabilities
Worldwide EMEA France Germany United Kingdom South Africa Middle East
84
Source: Frost & Sullivan
Security Breaches Attributable to Insecure Software
Q33e. Approximately what percentage of all detected security breaches in your organization over the past year can you attribute to insecure software applications?
Insecure software accounts for less than 25% of breaches in the largest proportion of nations in the EMEA region.
Base: Filtered respondents (n=7,985).
Less than 25% 25 to less than 50% 50 to less than 75% 75 to 100% Don't know
29%
17%
11%
6%
38%
29%
17%
13%
7%
34%
18%
12%
13%
12%
45%
26%
22%
16%
7%
29%
29%
14%
10%
6%
42%
34%
14%
9% 10%
33%36
%
21%
14%
8%
22%
Security Breaches Attributable to Insecure Software
Worldwide EMEA France Germany United Kingdom South Africa Middle East
85
Source: Frost & Sullivan
Effectiveness of Global Government Initiatives
Q33f. Please rate the effectiveness of each of the following government initiatives in providing security guidance and standards.
Global government initiatives garner much more favorable reviews among South African and Middle Eastern professionals than they do among other EMEA countries.
Base: Filtered respondents (n=7,985).
Internet Governance Fo-rum
World Economic Forum Cyber Resilience Initia-
tive
Impact-ITU Global Cyber Security Agenda
Commonwealth Internet Governance Forum
17%
15%
15%
14%17%
15%
14%
12%
13%
9%
8%
3%
12%
11%
12%
9%
12%
10%
9%
8%
26% 28%
24% 26%
34%
31% 3
4%
32%
Effectiveness of Global Government Initiatives
Worldwide EMEA France Germany United Kingdom South Africa Middle East
86
Source: Frost & Sullivan
Adoption of Framework for Improving Infrastructure Cybersecurity
Q33h. In 2014, the United States government released the Framework for Improving Infrastructure Cybersecurity. Has your company adopted any of the measured outlined in this framework?
No more than one tenth of organizations in EMEA countries have adopted FIIC.
Base: Filtered Respondents (n=7,985)
Yes No Don't know
12
%
43
%
46
%
5%
52
%
44
%
2%
47
%
51
%
8%
37
%
55
%
7%
48
%
46
%
0%
74
%
26
%
9%
56
%
35
%
Adoption of FIIC
Worldwide EMEA France Germany United Kingdom South Africa Middle East
87
Source: Frost & Sullivan
Internet Governance
Q33j. Do you believe there is a need to implement a form of governance on the Internet?
The majority of South African, French and UK professionals favor internet governance, while their counterparts in Germany do not.
Base: Filtered Respondents (n=7,985)
Yes No Don't know
42
%
40
%
18
%
43
%
40
%
17
%
59
%
25
%
15
%26
%
54
%
21
%
49
%
35
%
17
%
67
%
26
%
7%
55
%
28
%
17
%
Internet Governance
Worldwide EMEA France Germany United Kingdom South Africa Middle East
88
Source: Frost & Sullivan
Approaches to Internet Governance
Q33k. In your opinion, which of the following is the best approach to Internet governance?
Among those who favor internet governance, the largest proportion from each country save France advocate a collaborative approach among global governments. France, on the other hand, endorse a proscribed approach from an international organization such as the UN.
Base: Filtered Respondents (n=3,385)
Based on a collaborative approach amongst gov-
ernments globally
The responsibility of an organization specifically established for such a
task
Proscribed top down by an organization such as
the United Nations
The responsibility of a private sector organiza-
tion such as ICANN
Other
42
%
27
%
14
%
14
%
2%
40
%
27
%
21
%
10
%
2%
24
%
15
%
43
%
17
%
2%
43
%
30
%
14
%
11
%
2%
42
%
31
%
16
%
8%
2%
41
%
23
% 26
%
8%
3%
40
%
29
%
22
%
9%
0%
Approaches to Internet Governance
Worldwide EMEA France Germany United Kingdom South Africa Middle East
89
Source: Frost & Sullivan
Confidence in Legislators
Q33l. How confident are you that your country's legislators understand the importance of security enough to provide sufficient funding to support your key information security initiatives?
Professionals in the EMEA region are divided regarding their confidence in legislators' understanding of information security. Notably, more than half of professionals in South Africa are not confident in their legislators.
Base: Filtered Respondents (n=3,385)
Very confident Somewhat confident Neither confident nor unconfident
Somewhat uncon-fident
Not confident at all
9%
29
%
20
%
20
%
22
%
12
%
34
%
20
%
20
%
14
%
9%
44
%
13
%
24
%
9%
18
%
41
%
18
%
16
%
7%8%
43
%
22
%
16
%
11
%
5%
23
%
15
%
38
%
18
%22
%
31
%
21
%
12
%
14
%
Confidence in Legislators
Worldwide EMEA France Germany United Kingdom South Africa Middle East
90
Source: Frost & Sullivan
Government Information Security
QG5a. Overall, is the government's information security better or worse off than a year ago?
Overall in the EMEA region, slightly more believe that government information security is better off now than it was a year ago, however one in five believe that it is worse off. This trend is reversed in France, however, where three in ten believe government security is worse off.
Base: Filtered Respondents (n=1,615).
Better off About the same Worse off Don't know
27
%
47
%
17
%
9%
32
%
45
%
13
%
9%1
4%
29
%
29
%
29
%32
%
52
%
12
%
4%
40
% 45
%
8%
8%
25
%
25
%
25
%
25
%
40
%
33
%
13
%
13
%
Government Information Security
Worldwide EMEA France Germany United Kingdom South Africa Middle East
91
Source: Frost & Sullivan
Government Information Security (Better)
QG5b. Why do you say that government security is better off than a year ago?
The largest proportion who believe that government security is better than it was a year ago indicate that awareness has improved and that risk management has improved.
Base: Filtered respondents (n=441).
Improved secu-rity awareness
Improved un-derstanding of risk manage-
ment
Improving ability to keep pace with threats
Effective security guidance or standards
Better or more qualified profes-sionals available
Adequate fund-ing for security
initiatives
76%
58%
51%
45%
38%
24%
70%
45%
46%
49%
31%
34%
0%
100%
100%
100%
0%
0%
63%
50%
88%
63%
50%
25%
86%
43%
38%
57%
19%
43%
0 0
1
0
1 1
50%
42%
58%
50%
25%
58%
Government Information Security (Better)
Worldwide EMEA France Germany United Kingdom South Africa Middle East
92
Source: Frost & Sullivan
Government Information Security (Worse)
QG5c. Why do you say that government security is worse off than a year ago?
Those who believe that government security is worse than it was a year ago most commonly cite an inability to keep pace with threats.
Base: Filtered respondents (n=271).
Inability to keep pace with threats
Inadequate fund-ing for security
initiatives
Ineffective secu-rity guidance or
standards
Not enough qual-ified profession-
als available
Poor under-standing of risk management within govern-
ment
Security awareness is
still too low
77%
66%
49%
66% 72%
58%7
1%
55%
55%
55%
77%
45%
100%
100%
50%
50%
100%
0%
100%
33%
33%
100%
33%
33%
50%
25%
50%
25%
75%
25%
100%
100%
100%
100%
100%
100%
75%
75%
50%
50%
75%
50%
Government Information Security (Worse)
Worldwide EMEA France Germany United Kingdom South Africa Middle East
93
Source: Frost & Sullivan
Important Factors in Securing Organizational Infrastructure
QG6. How would you rate the importance of each of the following in effectively securing your organization's infrastructure? - Top two box scores
Professionals in EMEA agree that hiring and retaining qualified information security professionals is the most important influencer in securing organizational infrastructure.
Base: Filtered respondents (n=1,615).
Hiring and retain-ing qualified in-formation secu-
rity professionals
Improved agency funding
for and en-forcement of security man-
dates
Public awareness
Develop a na-tional cyber in-
cident response capability
Expand cyber coordination
capabilities to states and the private sector
International out-reach, collabora-tion and deter-rence strategy
85%
70%
63%
61%
54%
40%
82%
63%
69%
70%
61%
52%
57% 7
1%
43% 5
7%
43%
29%
84%
56%
76%
60%
52%
40%
79%
53% 60% 7
2%
53%
49%
100%
75%
75%
100%
50%
25%
93%
80%
77%
70%
57%
53%
Important Factors in Securing Organizational Infrastructure(Very/Somewhat Important)
Worldwide EMEA France Germany United Kingdom South Africa Middle East
94
Source: Frost & Sullivan
Attitudes Toward Strict Government Requirements
QG7. How much do you agree that the government should include specific, mandatory security requirements in every major IT procurement?
The majority of information security professionals in the EMEA region agree that there should be specific, mandatory security requirements in every major IT procurement. Nowhere is the belief held more firmly than in France and the UK, where three quarters strongly agree with this sentiment.
Base: Filtered Sample (n=1,615)
Agree completely Agree somewhat Neither agree nor disagree
Disagree somewhat Disagree completely
51%
32%
11%
3% 3%
58%
28%
10%
1% 3%
71%
29%
0% 0% 0%
48%
24%
16%
4%
8%
60%
34%
6%
0% 0%
75%
25%
0% 0% 0%
50%
30%
10%
3%
7%
Attitudes Toward Strict Government Requirements
Worldwide EMEA France Germany United Kingdom South Africa Middle East
95
Source: Frost & Sullivan
Impact of Security Posture
QG9. How would you rate your own impact on the security posture of your department or agency?
In each country, the majority report having an impact on security posture.
Base: Filtered Sample (n=1,615)
People listen to what I say about security and follow my suggestions
most of the time
I have a significant im-pact. People frequently ask for my advice and implement my recom-
mendations
People sometimes ask for my advice, but gen-
erally implement security controls they have de-
termined to be appropri-ate and
I am somewhat marginal-ized within my depart-
ment
41%
33%
18%
8%
44%
38%
14%
4%
29%
43%
29%
0%
52%
28%
8% 1
2%
36
%
47
%
15
%
2%
75%
25%
0%
0%
30%
53%
13%
3%
Impact of Security Posture
Worldwide EMEA France Germany United Kingdom South Africa Middle East
96
Source: Frost & Sullivan
Outsourcing
97
Source: Frost & Sullivan
Outsourcing Security Operations
Overall, firms in the EMEA are the least likely to outsource risk and compliance management. As a proportion, the French outsource the most threat intelligence, research, detection, forensics and remediation.
Q34a. Which areas of your security operations do you outsource today? Please select the percent outsourced for each operation
Base: Filtered respondents (n=7,985)
Security asset management and monitoring (e.g., firewall, IPS)
Risk and compliance man-agement
Threat intelligence, research, de-tection, forensics, and remediation
19
11
192
1
10
21
24
13
28
18
6
14
23
9
20
25
8
2021
19
26
Security Operations Outsourced(Average %)
Worldwide EMEA France Germany United Kingdom South Africa Middle East
98
Source: Frost & Sullivan
Future Outsourcing of Security Asset Management
Q34b_1. How will your outsourcing change over the next 12 months? - Security asset management and monitoring (e.g., firewall, IPS)
Base: Filtered respondents (n=2,925)
Decrease more than
20%
Decrease 11 to 20%
Decrease 1 to 10%
No change Increase 1 to 10%
Increase 11 to 20%
Increase more than 20%
4% 5% 6%
61%
13%
7% 5%3% 5% 5%
59%
14%
8% 6%
3% 3% 3%
67%
15%
5% 5%
1%
9%
4%
59%
16%
3%
7%
4% 5%
5%
61
%
15
%
8%
3%0.04
0
0.08
0.64
0.2
0
0.0410
%
5% 5%
47%
12% 16
%
6%
Future Outsourcing of Security Asset Management
Worldwide EMEA France Germany United Kingdom South Africa Middle East
99
Source: Frost & Sullivan
Future Outsourcing of Risk and Compliance Management
Q34b_2. How will your outsourcing change over the next 12 months? - Risk and compliance management
Base: Filtered respondents (n=2,274)
Decrease more than
20%
Decrease 11 to 20%
Decrease 1 to 10%
No change Increase 1 to 10%
Increase 11 to 20%
Increase more than 20%
4% 5% 7%
63%
12%
5% 3%4% 4%
7%
63%
13%
5% 3%
10%
3%
7%
76%
0%
3%
0%2% 4%
8%
59%
20%
4% 2%3%
3% 5%
67
%
14
%
3% 4%6% 6% 6%
59%
12%
6% 6%8% 7% 7%
47%
14%
12%
5%
Future Outsourcing of Risk and Compliance
Worldwide EMEA France Germany United Kingdom South Africa Middle East
100
Source: Frost & Sullivan
Future Outsourcing of Threat Intelligence, Research, Detection and Remediation
Q34b_3. How will your outsourcing change over the next 12 months? - Threat intelligence, research, detection and remediation
Base: Filtered respondents (n=3,268)
Decrease more than
20%
Decrease 11 to 20%
Decrease 1 to 10%
No change Increase 1 to 10%
Increase 11 to 20%
Increase more than 20%
3% 4% 6%
60%
14%
7%
5%4% 5% 6%
59%
13%
9%
5%7%
2% 2%
60%
18%
9%
2%3% 5%
2%
62%
17%
7%
3%5%
3%
8%
58
%
14
%
7%
4%
4% 4%
0%
63%
13%
4%
13%
4%
10%
9%
49%
11%
13%
5%
Future Outsourcing of Risk and Compliance
Worldwide EMEA France Germany United Kingdom South Africa Middle East
101
Source: Frost & Sullivan
Outsourcing Professional Services
Q35a. Please indicate whether you or your organization outsources any of the following professional services
In each case, France and firms in the Middle East are the most likely to outsource professional services.
Base: Filtered respondents (n=7,985)
Security advisory (security strategy, security governance
and compliance, training)
Technical services (security audit, breach management, residency)
Implementation services (integra-tion, security product installation
and migration, security product life cycle
26
%
33
%
34
%
30
%
36
%
36
%
37
%
44
%
41
%
29
%
38
%
31
%
28
%
30
%
31
%
29
% 33
% 38
%
39
%
38
%
45
%
Outsourcing Professional Services
Worldwide EMEA France Germany United Kingdom South Africa Middle East
102
Source: Frost & Sullivan
Future Outsourcing of Security Advisory
Q35b_1. How will your outsourcing change over the next 12 months? - Security advisory
Base: Filtered respondents (n=2,083)
Decrease more than
20%
Decrease 11 to 20%
Decrease 1 to 10%
No change Increase 1 to 10%
Increase 11 to 20%
Increase more than 20%
3% 3% 4%
60%
19%
7%
4%4% 4% 5%
54%
23%
6% 4%3% 3%
0%
62%
24%
0%
9%
5% 6%
3%
55%
23%
6%
2%2% 3%
3%
58
%
24
%
8%
4%
0.17
6470
5882
3529
4
0
0.11
7647
0588
2352
9
0.41
1764
7058
8235
3
0.23
5294
1176
4705
9
0.05
8823
5294
1176
47
0
4% 3%
7%
49%
23%
11%
4%
Future Outsourcing of Security Advisory
Worldwide EMEA France Germany United Kingdom South Africa Middle East
103
Source: Frost & Sullivan
Future Outsourcing of Technical Services
Q35b_2. How will your outsourcing change over the next 12 months? - Technical services
Base: Filtered respondents (n=2,668)
Decrease more than
20%
Decrease 11 to 20%
Decrease 1 to 10%
No change Increase 1 to 10%
Increase 11 to 20%
Increase more than 20%
3% 3%
5%
60%
17%
8%
4%3% 3%
5%
57%
17%
10%
5%
3%
5%
10%
57%
15%
0%
10%
4% 4% 2%
55%
24%
8%
2%4%
2% 4
%
58
%
18
%
11
%
3%0.
0526
3157
8947
3684
0
0.10
5263
1578
9473
7
0.63
1578
9473
6842
1
0.21
0526
3157
8947
4
0 01%
4%
8%
49%
16%
18%
3%
Future Outsourcing of Technical Services
Worldwide EMEA France Germany United Kingdom South Africa Middle East
104
Source: Frost & Sullivan
Future Outsourcing of Implementation Services
Q35b_3. How will your outsourcing change over the next 12 months? - Implementation services
Base: Filtered respondents (n=2,687)
Decrease more than
20%
Decrease 11 to 20%
Decrease 1 to 10%
No change Increase 1 to 10%
Increase 11 to 20%
Increase more than 20%
3% 3% 5%
56%
18%
10%
5%3% 3% 4%
54%
19%
10%
7%
3% 3%
0%
49%
32%
3%
11%
4% 6%
1%
54%
13%
13%
7%
3%
2%
7%
57
%
18
%
9%
4%
14%
9%
14%
36%
23%
0%
5%5% 3%
1%
43%
19%
16%
13%
Future Outsourcing of Implementation Services
Worldwide EMEA France Germany United Kingdom South Africa Middle East
105
Source: Frost & Sullivan
Reasons for Outsourcing
Q36. What are all of your reasons for outsourcing?
Lack of in-house skills is the most common reason for outsourcing services.
Base: Filtered respondents (n=5,070)
Lack of in-house skills
Temporary need for flex force ca-
pacity
It is less ex-pensive
Recruiting limita-tions
Alleviating the burden of te-dious tasks
Difficulty in re-taining staff
49%
30%
30%
26%
23%
18%
51%
31%
29%
32%
19%
16%
57%
40%
32% 4
0%
14%
9%
59%
45%
31%
40%
18%
15%
47%
28% 33%
27%
22%
16%
61%
22%
22%
44%
27%
12%
56%
18%
29%
46%
20% 2
6%
Reasons for Outsourcing
Worldwide EMEA France Germany United Kingdom South Africa Middle East
106
Source: Frost & Sullivan
Criteria for Service Provider Selection
Q37. What criteria do you use in selecting a managed or professional security services provider? Please select all that apply.
Price is among the most important criteria for selecting a service provider, particularly in South Africa. Service level agreements are also highly important in South Africa and the Middle East.
Base: Filtered respondents (n=7,985)
Pricing Service Level
Agreement
Quality and number of security people
Number of years in business
Breadth of service
Brand name
Location of the
provider's base of
operations
Geo-graphic
proximity
Size of the organiza-
tion
55%
50%
49%
33%
30%
22%
20%
19%
17%
59%
50% 54%
37%
25%
24%
26%
25%
20%
52%
48% 54%
38%
18%
18% 2
5%
25%
27%
57%
49%
61%
43%
28%
16%
33%
24%
25%
60%
49%
51%
27%
30%
21%
22%
18%
17%
72%
66%
62%
45%
40%
24%
40%
34%
24%
62%
59%
58%
54%
28%
39%
37%
33%
28%
Criteria for Service Provider Selection
Worldwide EMEA France Germany United Kingdom South Africa Middle East
107
Source: Frost & Sullivan
Single Most Important Criterion for Service Provider Selection
Q38. Please select the single most important criterion that you use when selecting a managed or professional security services provider?
When forced to choose the most important criterion influencing service provider selection, most agree that quality is the single most important determinant.
Base: Filtered respondents (7,985)
Quality and number of security people
Service Level
Agreement
Pricing Breadth of service
Brand name
Number of years in business
Location of the
provider's base of
operations
Geo-graphic
proximity
Size of the organiza-
tion
29%
17%
13%
5%
3%
3%
1%
1%
1%
33%
16%
13%
4% 4%
3%
3%
2%
1%
34%
16%
11%
2% 3% 5
%
2%
2%
2%
35%
17%
11%
5%
3% 3% 5
%
1%
1%
29%
12%
17%
4%
3%
2%
2%
2%
1%
29%
16% 1
9%
5% 7
%
2% 3
%
2%
0%
37%
19%
11%
4% 5%
5%
3%
2%
1%
Most Important Criterion for Service Provider Selection
Worldwide EMEA France Germany United Kingdom South Africa Middle East
108
Source: Frost & Sullivan
Permanency of Service Provider
The largest proportion describe their relationship with their service provider as somewhat permanent.
Base: Filtered respondents (n=5,070)
Q39. Would you describe your use of a managed security service provider as temporary or permanent? Please indicate the level of permanence using the scale below.
Completely permanent Somewhat permanent Somewhat temporary Completely temporary
10%
35%
22%
9%10%
36%
22%
9%8%
34%
18%
11%16
%
34%
21%
9%11%
41%
19%
5%
7%
56%
15%
10%
10%
25% 29
%
14%
Permanency of Service Provider
Worldwide EMEA France Germany United Kingdom South Africa Middle East
109
Secure Software Development
110
Source: Frost & Sullivan
Frequency of Security Scans on Applications (Always)
Q40. Please indicate the frequency with which security scans are conducted on the following applications. - Always
In each case, French firms are less likely to always perform scans on applications.
Base: Filtered respondents (n=8,849)
Internally developed ap-plications that are hosted in your private data cen-
ters
Internally developed ap-plications that are hosted
in a public cloud envi-ronment
Externally developed applications that are
hosted in private data centers
Externally developed applications that are
hosted in a public cloud environment
49%
42% 45%
39%4
4%
40%
41%
38%
36%
29% 3
4%
28%
43%
42%
41%
38%
50%
48%
46%
45%
48%
40% 4
6%
35%
48%
34%
45%
33%
Frequency of Security Scans on Applications (Always)
Worldwide EMEA France Germany United Kingdom South Africa Middle East
111
Source: Frost & Sullivan
Frequency of Security Scans on Applications (Never)
Q40. Please indicate the frequency with which security scans are conducted on the following applications. - Never
In each case, firms in France and South Africa are among the most likely to never perform scans on applications.
Base: Filtered respondents (n=8,849)
Internally developed ap-plications that are hosted in your private data cen-
ters
Internally developed ap-plications that are hosted
in a public cloud envi-ronment
Externally developed applications that are
hosted in private data centers
Externally developed applications that are
hosted in a public cloud environment
10%
21%
11%
22%
11%
20%
11%
21%
14%
24%
16%
24%
6%
16%
10%
17%
9%
15%
9%
16%
13%
27%
16%
27%
9%
21%
11%
24%
Frequency of Security Scans on Applications (Never)
Worldwide EMEA France Germany United Kingdom South Africa Middle East
112
Source: Frost & Sullivan
Frequency of Security Scans by Organizational Group
Q41. Please indicate the frequency with which the following groups within your organization conduct application security scans? - Top two box scores
Generally, the security operations group is the most likely to perform security scans in each country.
Base: Filtered respondents (n=8,849)
The security operations
group
The compli-ance auditing
group
An external consultant
A professional security ser-
vices provider
The security architecture
group
The software development
group
A committee of personnel from some or all of these
groups
88%
72%
71%
69%
66%
65%
53%
86%
70% 75%
74%
64%
64%
53%
85%
73%
75%
75%
68%
64%
49%
79%
72%
68% 76%
66%
66%
55%
88%
69% 75%
79%
60%
65%
51%
91%
85%
82%
82%
69%
65%
60%
88%
78%
80%
74%
71%
62%
55%
Frequency of Security Scans By Organizational Group (% Always/Sometimes)
Worldwide EMEA France Germany United Kingdom South Africa Middle East
113
Source: Frost & Sullivan
Security Scans on Internally Developed Applications
Q42. How frequently are security scans conducted on internally developed applications? - Top two box scores
Professionals in each country are the least likely to perform a scan during code development, and the most likely to perform a scan after a breach has been detected.
Base: Filtered respondents (n=8,849):
During code de-velopment
During application testing
After the application has been placed into production
After a data breach or intrusion has
been discovered
We use externally-developed applica-
tions
70%
84% 88%
89%
81%
69%
85%
88%
88%
82%
67%
88%
87%
88%
77%
74%
87% 91%
90%
85%
74%
86% 91%
92%
82%
67% 7
5%
86%
84%
86%
63%
83%
87%
88%
80%
Security Scans on Internally Developed Applications(% Always/Sometimes)
Worldwide EMEA France Germany United Kingdom South Africa Middle East
114
Source: Frost & Sullivan
Reasons for Not Conducting Application Security Scans
Q43. Which of the following reasons explains why application security scans are NOT conducted in your organization? Select all that apply
Base: Filtered respondents (n=8,849)
Non
e of
the
abo
ve r
easo
ns e
xpl..
.
On
exte
rnal
ly-d
evel
oped
app
lica.
..
Sca
nnin
g in
terf
eres
with
the
a..
.
Sca
nnin
g ta
kes
too
muc
h tim
e
Sca
nnin
g pr
oduc
ts a
re t
oo e
xp..
.
We
don'
t ha
ve t
he e
xper
tise
to i.
..
It is
usu
ally
too
late
in t
he d
...
Our
inte
rnal
sof
twar
e de
velo
per.
..
On
exte
rnal
ly-d
evel
oped
app
lica.
..
The
sca
nnin
g pr
oduc
es ir
rele
va..
.
The
sca
ns a
re in
com
plet
e
We
have
suf
ficie
nt s
econ
dary
m..
.
We
usua
lly d
on't
know
or
are
u...
We
view
the
ris
k of
inse
cure
s..
.
38%
22%
19%
18%
17%
16%
15%
12%
11%
11%
11%
10%
7% 4%
36%
22%
19%
19%
19%
16%
15%
12%
12%
10%
10%
12%
5% 4%
17%
28%
24%
38%
32%
18%
28%
7% 7%
4%
11%
10%
1%
5%
36%
24%
19%
15% 22
%
17%
11%
13%
12%
15%
15%
6% 4% 4%
45%
20%
18%
16%
14%
13%
14%
15%
9% 9% 7%
11%
4%
1%
25%
25%
22%
19% 22
%
38%
14% 17
% 21%
8% 6%
16%
8%
3%
35%
21%
15%
17% 23
%
17%
15%
10%
13%
10%
11% 15
%
11%
6%
Reasons for Not Conducting Application Security Scans
Worldwide EMEA France Germany United Kingdom South Africa Middle East
115
Source: Frost & Sullivan
Sowtware Development Concerns
Q44. Please indicate your level of concern for each secure software development issue. - Top two box scores
Overall, concern among professionals in the EMEA region is highest for changes introduced by ill-informed or careless developers or with the adoption of out of date third-part libraries that contain vulnerabilities. In each case, South Africa and Middle Eastern professionals are more likely to express concern over these software development issues than their European counterparts.
Base: Filtered respondents (n=8,849)
Vul
nera
ble
chan
ges.
..
Add
ition
of o
ut o
f da.
..
Sof
twar
e fo
r w
hich
...
Add
ition
of u
nann
o...
IT-d
riven
pro
duct
s ...
A la
ck o
f kno
wle
dg...
Bud
getin
g fo
r fe
atu.
..
65%
63%
62%
60%
59%
57%
54%62
%
62%
61%
58%
58%
55%
50%64
%
54%
58%
53%
49%
51%
48%57
%
61%
61%
60%
50%
49%
51%
68%
66%
63%
59%
61%
53%
51%
78%
79%
68%
73%
73%
70%
56%67
%
70%
68%
69%
66%
67%
61%
Software Development Concerns(% Top/High Concern)
Worldwide EMEA France Germany United Kingdom South Africa Middle East
116
Source: Frost & Sullivan
Procedures for Screening External Applications
Q45. Does your organization have a procedure in place to screen external appliances and applications for flawed programming or malicious software?
Firms in the UK have procedures in place to screen external applications in greater numbers than firms outside of the UK.
Base: Filtered respondents (n=8,849)
Yes No
58%
42%
54%46%44%
56%57%
43%
64%
36%
49% 51%56%
44%
Procedures for Screening External Applications
Worldwide EMEA France Germany United Kingdom South Africa Middle East
117
Source: Frost & Sullivan
Protocols for Screening External Applications
Q46. Please indicate the procedures or protocols that your organization follows to ensure that external appliances and applications do not contain flawed programming or malicious code.
Most often, organizations ensure that they purchase only from trusted vendors in order to avoid vulnerabilities in applications. The notable exception in this trend is France, where purchasing from trusted vendors is less prevalent.
Base: Filtered respondents (n=5,115)
Pu
rch
ase
on
ly fr
...
Co
nd
uct
pe
ne
tra
ti...
Inte
rna
lly a
ud
it t..
.
Pe
rfo
rm S
tatic
C...
Pe
rfo
rm D
yna
mic
...
Re
ly o
n th
ird
-pa
rt...
Re
ly o
n th
ird
-pa
r...
Ass
ess
pre
vio
us.
..
Re
ly o
n th
e v
en
do
...
71%
64%
61%
30%
30%
28%
26%
19%
18%
69%
69%
64%
26%
25%
29%
28%
16%
17%
46%
70%
61%
26%
24% 35
%
28%
15%
4%
64%
55% 69
%
23%
19%
21%
22%
13% 19%
76%
79%
60%
27%
24% 31
%
27%
14%
18%
77%
65% 74
%
16%
32%
29%
52%
35%
13%
69%
66%
65%
27% 34
%
29%
28%
19% 26
%
Protocols for Screening External Applications
Worldwide EMEA France Germany United Kingdom South Africa Middle East
118
Sprawl
119
Source: Frost & Sullivan
Information Security Architecture
Q47a. Does your organization have an information security architecture?
The majority in each country have an information security architecture.
Base: Filtered respondents (n=8,849)
Yes No
67%
19%
67%
20%
62%
18%
73%
12%
72%
17%
62%
27%
63%
27%
Information Security Architecture
Worldwide EMEA France Germany United Kingdom South Africa Middle East
120
Source: Frost & Sullivan
Frequency of Information Security Architecture Update
Q47b. How often is your security architecture updated?
UK organizations are the most vigilant in updating their security architecture; nearly half update their systems every year.
Base: Filtered respondents (n=5,911).
Every year Every two to three years
Every four to five years
Every six to seven years
Every eight to nine years
We update less once than every
10 years
42%
27%
8%
1%
0% 1%
41%
28%
9%
1%
0% 1%
29%
20%
15%
0%
0% 2%
32%
34%
11%
1%
0% 1%
47%
26%
7%
1%
1%
0%
59%
23%
0% 3%
0%
0%
39%
29%
8%
0%
0% 2%
Frequency of Information Security Architecture Update
Worldwide EMEA France Germany United Kingdom South Africa Middle East
121
Source: Frost & Sullivan
Concern About Architecture Sprawl
Q48. Overall, how concerned are you about ineffective architecture or sprawl?
Middle Eastern firms have the greatest concern regarding infrastructure sprawl, with nearly two in five reporting they are very concerned, and two thirds indicating they are at least somewhat concerned.
Base: Filtered respondents (n=8,849)
Very concerned Somewhat concerned
Neither concerned nor unconcerned
Somewhat un-concerned
Not at all concerned
23%
42%
14%
7%
5%
22%
43%
15%
7%
5%
15%
39%
13%
10%
7%
12%
41%
23%
7% 6%
18%
47%
15%
7%
5%
29%
40%
14%
10%
5%
37% 39
%
11%
4% 2%
Concern About Architecture Sprawl
Worldwide EMEA France Germany United Kingdom South Africa Middle East
122
Source: Frost & Sullivan
Implications of Sprawl
Q49. Please indicate your level of concern for each of the following implications of technology sprawl. - Top two box scores
Base: Filtered respondents (n=6,999)
Pu
rch
ase
on
ly fr
om
tr...
Co
nd
uct
pe
ne
tra
tion
tes.
..
Inte
rna
lly a
ud
it th
e s
ol..
.
Pe
rfo
rm S
tatic
Co
de
a...
Pe
rfo
rm D
yna
mic
Co
de
...
Re
ly o
n th
ird
-pa
rty
au
di..
.
Re
ly o
n th
ird
-pa
rty
au
...
Ass
ess
pre
vio
us
cod
e...
Re
ly o
n th
e v
en
do
r's a
...
71%
64%
61%
30%
30%
28%
26%
19%
18%
69%
69%
64%
26%
25%
29%
28%
16%
17%
46%
70%
61%
26%
24% 35
%
28%
15%
4%
64%
55%
69%
23%
19%
21%
22%
13% 19
%
76%
79%
60%
27%
24% 31
%
27%
14%
18%
77%
65% 74
%
16%
32%
29%
52%
35%
13%
69%
66%
65%
27% 34
%
29%
28%
19% 26
%
Implications of Sprawl
Worldwide EMEA France Germany United Kingdom South Africa Middle East
123
Source: Frost & Sullivan
Reasons For Sprawl
Q50. Please indicate which, if any, of the reasons below explain why your organization has security architecture sprawl? Select all that apply.
In all countries in the region save for the UK, professionals cite the ever evolving nature of security threats as the primary reason for sprawl, however in the UK professionals indicate that their organization has undertaken mergers and acquisitions that has resulted in architecture sprawl.
Base: Filtered respondents (n=8,849).
Se
curi
ty th
rea
ts ..
.
My
org
an
iza
tion
...
Th
ere
is d
ece
ntr
...
We
are
follo
win
g...
My
org
an
iza
tion
i...
Ve
nd
ors
pre
fer
t...
We
ha
ve a
do
pte
d ..
.
32%
24%
22%
17%
17%
16%
6%
29%
26%
20%
18%
16%
16%
6%
22%
23%
13%
10%
19%
15%
5%
32%
26%
19%
14%
14%
12%
7%
34%
36%
19%
17% 20
%
17%
5%
32%
21% 24
%
17%
13% 16
%
5%
32%
18% 25
%
21%
19%
20%
5%
Reasons for Sprawl
Worldwide EMEA France Germany United Kingdom South Africa Middle East
124
Source: Frost & Sullivan
Strategies to Combat Sprawl
Q51. Please indicate how likely you or your organization is to use the following strategies to combat security technology sprawl? - Top two box scores
In most cases, South Africa and Middle Eastern countries are more likely to adopt measures to combat sprawl.
Base: Filtered respondents (n=5,630).
Re
du
ce th
e n
um
be
...
Avo
id n
ew
se
curi
t...
Re
tire
on
-pre
mis
e...
Sta
rt o
r in
cre
ase
...
Re
tire
ou
r se
curi
...
Pla
ce a
mo
rato
ri...
39%
37%
32%
29%
26%
26%
42%
39%
30%
32%
26%
26%
37%
33%
25%
39%
25%
21%
41%
37%
27%
23%
13% 23
%
45%
38%
29%
30%
28%
24%
50%
48%
36%
36%
27%
39%
51%
40% 45
%
40%
35% 41
%
Strategies to Combat Sprawl(Very/Somewhat Likely)
Worldwide EMEA France Germany United Kingdom South Africa Middle East
125
Source: Frost & Sullivan
Active Security Contracts
Q52. With how many security product vendors do you or your organization have an active contract?
Base: Filtered respondents (n=8,849)
One to five secu-rity product ven-dors under con-
tract
Six to 10 11 to 20 21 to 30 31 to 40 41 to 50 More than 50 security product vendors under
contract
25%
20%
10%
4%
1% 1%
4%
26%
20%
11%
4%
1% 1%
4%
21% 23
%
10%
0% 0% 0%
6%
17%
17%
12%
3% 2%
1%
8%
22%
19%
11%
6%
1% 1%
5%
33%
25%
13%
2%
0% 0% 0%
33%
26%
13%
4%
1% 1% 1%
Active Security Contracts
Worldwide EMEA France Germany United Kingdom South Africa Middle East
126
Source: Frost & Sullivan
Active Security Consoles
Q53. How many security management consoles does your security organization use?
Base: Filtered respondents (n=8,849)
One to five secu-rity management consoles in use
Six to 10 11 to 20 21 to 30 31 to 40 41 to 50 More than 50 security man-agement con-soles in use
30%
18%
7%
2%
1% 0%
3%
29%
19%
7%
2%
1% 1%
3%
21%
14%
7%
3%
0% 0%
5%
23%
16%
9%
4%
1% 0%
4%
28%
18%
7%
2% 1% 1%
3%
35%
29%
11%
0%
2%
0% 0%
33%
27%
8%
4%
0% 1% 0%
Active Security Consoles
Worldwide EMEA France Germany United Kingdom South Africa Middle East
127
Proactive Security Analytics
128
Source: Frost & Sullivan
Implementation of Advanced Analytics Solutions
Q54. What is your organization's status on implementing advanced analytics solutions for the detection of advanced malware?
Advanced analytics solution adoption is highest in Germany, while Middle Eastern and British professionals are the most likely to have no plans to implement these solutions.
Base: Filtered respondents (n=7,985)
Already implemented Currently implementing Selecting a solution(s) Evaluating options No plans for implemen-tation
21
%
14
%
6%
17
%
18
%21
%
14
%
6%
18
%
18
%
23
%
18
%
2%
14
%
11
%
26
%
14
%
2%
22
%
9%
19
%
12
%
4%
17
%
23
%
21
%
16
%
14
% 17
%
16
%
22
%
16
%
11
%
19
%
19
%
Implementation of Advanced Analytics Solutions
Worldwide EMEA France Germany United Kingdom South Africa Middle East
129
Source: Frost & Sullivan
Approaches for Advanced Analytics Implementation
Q55. In implementing an advanced analytics solutions, how likely is it that your organization will utilize each of the following approaches? - Top two box scores
In each country, respondents are most likely to prefer a solution using internal staff, relying on the provider for technical assistance when needed.
Base: Filtered respondents (n=7,985)
Engage a managed securities provider to implement and
operate
Engage a professional security services provider to implement a solution to be operated by in-
ternal staff
Implement and operate a solu-tion using internal staff, relying only on the solution provider's team for technical use assis-
tance
Evaluating options
32
%
43
% 52
%
17
%
36
%
47
% 52
%
18
%
36
% 41
%
42
%
14
%
34
% 40
%
56
%
22
%32
%
43
% 47
%
17
%
43
%
53
%
53
%
17
%
46
%
61
%
54
%
19
%
Approaches for Advanced Analytics Solutions Implementation
Worldwide EMEA France Germany United Kingdom South Africa Middle East
130
Source: Frost & Sullivan
Anticipated Change in Required Skills
Q56. How do you anticipate that the skills requirements of security teams will change as advanced analytics solutions are implemented? - Top two box scores
Additional training is the expected consequence of implementing advanced analytics solutions.
Base: Filtered respondents (n=7,985)
Additional training for existing security staff
Hiring of security professionals with specialized skills or exper-
tise in advanced analytics
Hiring non-security profes-sionals with specialized skills
such as data scientists or other specialized skilled profession-
als
Some positions within the se-curity staff will be downsized or
eliminated as new positions are developed for advanced
analytics positions
72
%
53
%
27
%
27
%
75
%
52
%
26
%
28
%
65
%
45
%
22
%
22
%
75
%
52
%
29
%
26
%
73
%
51
%
24
%
23
%
83
%
60
%
40
%
36
%
79
%
67
%
35
%
35
%
Anticipated Change in Required Skills
Worldwide EMEA France Germany United Kingdom South Africa Middle East
131
Cloud Computing
132
Source: Frost & Sullivan
Prioritizing Cloud Computing
Q57. To what extent is cloud computing a priority for your organization now and in the future? - Top two box scores
In each country, prioritization of cloud computing is expected to increase.
Base: Filtered respondents (n=8,849)
Now (currently) In the near future (within two years)
43%
57%
43%
56%49%
63%
47%
56%48%
61%
46%
63%
33%
46%
Prioritizing Cloud Computing (Top/High Priority)
Worldwide EMEA France Germany United Kingdom South Africa Middle East
133
Source: Frost & Sullivan
Cloud Usage
Q58a. For which of the following services are you using cloud? Select all that apply.
Base: Filtered respondents (n=7,553)
Ap
plic
atio
n h
ost
ing
De
live
rin
g a
pp
lica
tion
...
Sto
rag
e o
f org
an
iza
tio...
Pro
vid
ing
co
mm
un
ica
t...
Big
da
ta p
roce
ssin
g/..
.
Ap
plic
atio
n d
eve
lop
...
Pro
vid
ing
se
curi
ty
Pro
vid
ing
acc
ess
for
s...
Pro
cess
ing
cu
sto
me
r ...
Sto
rag
e o
f PII
an
d/o
r o
...
De
alin
g w
ith d
em
an
d ..
.
58%
38%
35%
30%
26%
26%
22%
18%
15%
15%
15%
59%
38%
32%
33%
24%
24%
20%
21%
18%
12%
12%
55%
45%
41%
25% 30
%
27%
19%
17%
19%
11% 19
%
56%
34%
24%
40%
29%
18%
15% 21
%
23%
12%
11%
59%
41%
34%
32%
25%
28%
21%
21%
17%
16%
16%
53%
39%
31%
32%
27%
15% 22
%
19%
12%
10%
8%
52%
25%
22%
23%
22%
13% 22
%
17%
14%
9% 10%
Cloud Usage
Worldwide EMEA France Germany United Kingdom South Africa Middle East
134
Source: Frost & Sullivan
Cloud Usage
Q58b. Considering all of your cloud computing usage, how is this proportioned according to the different approaches shown below? - Mean scores
Base: Filtered respondents (n=7,553)
Software as a service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS)
44
24
32
43
25
32
47
26 27
43
26
31
41
25
34
44
20
35
43
26
31
Cloud Usage(Average %)
Worldwide EMEA France Germany United Kingdom South Africa Middle East
135
Source: Frost & Sullivan
Cloud Usage
Q58c. Considering all of your cloud computing usage, how is this proportioned according to the different approaches shown below? - Mean scores
Base: Filtered respondents (n=7,553)
Public cloud computing services (e.g., Amazon
AWS)
Private cloud computing services (e.g., a dedicated
environment that uses virtu-alization)
Community cloud computing services
Hybrid cloud computing services
22
52
101619
56
1015
21
58
6
1517
55
14 1420
59
7
1418
51
9
2220
46
11
23
Cloud Usage(Average %)
Worldwide EMEA France Germany United Kingdom South Africa Middle East
136
Source: Frost & Sullivan
Top Concerns About Cloud Computing
Q60a. Thinking about the different security aspects of cloud computing, how much of a security concern is each of the following for your organization? - Top two box scores
Base: Filtered respondents (n=8,305)
Exp
osur
e of
con
fiden
tial o
r...
Sus
cept
ibili
ty t
o cy
ber-
att.
..
Dat
a le
akag
e du
e to
mul
ti-..
.
Wea
k sy
stem
or
appl
icat
ion.
..
Inab
ility
to
audi
t cl
oud
serv
...
Lim
itatio
ns o
n in
cide
nt r
es..
.
Inab
ility
to
cond
uct
secu
r...
Inab
ility
to
supp
ort
fore
nsic
...
Dis
rupt
ions
in t
he c
ontin
uous
...
Inab
ility
to
quan
tify
risk
69%
59%
55%
53%
51%
50%
50%
49%
49%
48%
70%
55%
56%
53%
52%
47%
48%
47%
46%
48%
70%
54%
54%
47%
45%
40%
39% 43
%
42%
41%
71%
60%
43% 48
% 52%
46%
41%
44%
40%
43%
71%
57%
57%
54%
51%
51%
54%
48%
46% 52
%
76%
58% 64
%
56% 60%
55% 58%
58%
51%
51%
69%
62% 67
%
64%
59%
57%
59%
57%
57%
58%
Top 10 Concerns About Cloud Computing
Worldwide EMEA France Germany United Kingdom South Africa Middle East
137
Source: Frost & Sullivan
Cloud Service Alliance Threats
Q60b. Thinking of the Cloud Security Alliance's recently identified 'Notorious 9 Security Threats', how much of a concern are each of the following? - Top two box scores
In most cases, South African respondents report greater concern with Service Alliance Threats.
Base: Filtered respondents (n=8,849).
Data breaches Data loss Account Hijack-ing
Insecure APIs Denial of Service
Malicious Insiders
Abuse and Ne-farious Use
Insufficient Due Diligence
76%
73%
61%
56%
56%
59%
55%
57%
76%
72%
61%
55%
56%
58%
53%
54%
77%
74%
70%
52%
53% 59
%
56%
46%
73%
63%
62%
55%
53%
50%
46%
59%
78%
74%
57%
56%
56%
57%
55%
57%
83% 89
%
67%
68%
62% 70
%
67%
65%
79%
77%
68%
60%
63% 68
%
57% 62
%
Cloud Service Alliance Threats
Worldwide EMEA France Germany United Kingdom South Africa Middle East
138
Source: Frost & Sullivan
Cloud Security Certification
Q60c. If it were offered by a credible organization, how relevant do you believe that a Cloud Security and Certification program would be to you?
For the majority in the EMEA region, a cloud security certification would be at least somewhat relevant.
Base: Filtered respondents (n=8,849)
Very relevant Somewhat relevant Neither relevant nor not relevant
Not very relevant Not at all relevant
31%
39%
11%
6% 5%
30%
41%
12%
6% 5%
30%
35%
16%
7% 6%
27%
41%
14%
8%
6%
29%
42%
13%
5% 5%
38%
38%
10%
2%
8%
33%
43%
9%
6%
2%
Cloud Service Alliance Threats
Worldwide EMEA France Germany United Kingdom South Africa Middle East
139
Source: Frost & Sullivan
Elevating Cloud Assurance
Q60d. Which one of the following offers the greatest chance of elevating information assurance in the cloud?
Strong data encryption is the top overall choice for elevating cloud information assurance, particularly in Germany.
Base: Filtered respondents (n=8,849)
Str
ong
encr
yptio
n o.
..
Con
tinuo
us m
onito
...
Inco
rpor
atin
g se
cur.
..
Ado
ptin
g se
curit
y ...
Impl
emen
ting
iden
ti...
Em
ploy
Rol
e B
ase.
..
Impl
emen
ting
Fed
R...
Det
ailin
g an
d sh
arin
...
Em
ploy
ing
secu
rity
...
18%
11%
9%
7% 6% 6% 4% 4% 4%
21%
9% 9% 9%
5% 5%
1%
4% 4%
22%
10%
8%
10%
4%
2% 1%
9%
4%
31%
8%
6%
4% 4% 4% 3%
5% 5%
18%
8% 9%
12%
5% 4%
1%
4% 3%
19%
6%
13%
13%
6%
2% 2% 0%
3%
17%
15%
6%
9%
5%
8%
2% 2%
5%
Elevating Cloud Assurance
Worldwide EMEA France Germany United Kingdom South Africa Middle East
140
Source: Frost & Sullivan
Cloud Security Concerns in Government Agencies
QG10. How much of a security concern is each of the following for your government department agency when implementing cloud computing? - Top two box scores
In each case, South African respondents indicate that they have the most concern about each security issue.
Base: Filtered respondents (n=1,783)
Data loss prevention Ensuring that existing IT secu-rity policy is replicated in the
cloud
Ensuring that data and systems meet established COOP (con-
tinuity of operations) guidelines
Integration of cloud and mobil-ity
74%
66%
59%
39%
79%
70%
59%
46%
50%
83%
67%
50%
88%
58%
58%
42%
86%
71%
47%
42%
100%
100%
100%
60%7
3%
67%
60%
57%
Cloud Security Concerns in Government Agencies(Top/High Concern)
Worldwide EMEA France Germany United Kingdom South Africa Middle East
141
Source: Frost & Sullivan
Elevating Information Assurance
Q61a. Which one of the following offers the greatest chance of elevating information assurance in the cloud?
In the greatest proportion of cases in each country, all of the listed information assurance measures are an important facet of cloud security.
Base: Filtered respondents (n=8,849)
Strong encryption of data
Continuous moni-toring
Employ Role Based Access
Controls (RBAC)
Implementing identity based
network solutions
Improved failover and service-level
performance
Improved per-formance and
availability
All of the above
15%
11%
5%
5%
3%
2%
34%
20%
11%
6%
5%
3%
2%
35%
13%
14%
6%
6%
1% 3%
39%
29%
9%
6% 7%
3%
2%
23%
18%
13%
5%
5%
1%
1%
38%
11%
17%
2%
6%
0% 3
%
48%
18%
11%
6% 8%
1% 3%
37%
Elevating Information Assurance
Worldwide EMEA France Germany United Kingdom South Africa Middle East
142
Source: Frost & Sullivan
New Skill Development for Cloud
Q61b. In your opinion, does cloud computing require information security professionals to develop new skills not previously required?
The majority of respondents in each country believe that new skills are important for mastering cloud security.
Base: Filtered respondents (n=8,849)
Yes No
73%
16%
75%
16%
72%
15%
78%
13%
71%
21%
76%
19%
75%
13%
New Skill Development for Cloud
Worldwide EMEA France Germany United Kingdom South Africa Middle East
143
Source: Frost & Sullivan
New Skills Needed for Cloud
Q61c. What skills will be required for dealing with cloud computing? Select as many as apply.
Base: Filtered respondents (n=8,849)
Ap
plic
atio
n o
f se
curi
ty ..
.
Kn
ow
led
ge
of r
isks
, vu
lne
...
An
en
ha
nce
d u
nd
ers
tan
di..
.
Ris
k m
an
ag
em
en
t
En
ha
nce
d k
no
wle
dg
e o
f m...
Kn
ow
led
ge
of c
om
plia
n...
Da
ta/in
form
atio
n c
en
tric
...
Au
dit
Se
curi
ty e
ng
ine
eri
ng
Se
rvic
e le
vel a
gre
em
en
t ...
66%
65%
62%
59%
56%
53%
49%
48%
48%
48%62
%
62%
59%
56%
53%
49%
47%
47%
43%
43%53
%
50%
49%
53%
55%
43%
37% 45
%
38%
25%
58%
59%
61%
51%
49%
46%
35%
31% 43
%
41%
68%
65%
65%
56%
61%
51%
52%
44%
37% 45
%
75%
75%
67%
56% 71
%
65%
56%
50%
54% 60%
56% 65
%
52% 64
%
50%
50%
52%
52%
53%
50%
New Skill Development for Cloud(Top 10)
Worldwide EMEA France Germany United Kingdom South Africa Middle East
144
The Frost & Sullivan Story
145
The Frost & Sullivan Story
Pioneered Emerging Market & Technology Research
• Global Footprint Begins
• Country Economic Research
• Market & Technical Research
• Best Practice Career Training
• MindXChange Events
Partnership Relationship with Clients
• Growth Partnership Services
• GIL Global Events
• GIL University
• Growth Team Membership™
• Growth Consulting
Visionary Innovation
• Mega Trends Research
• CEO 360 Visionary Perspective
• GIL Think Tanks
• GIL Global Community
• Communities of Practice
146
What Makes Us Unique
All services aligned on growth to help clients develop and implement innovative growth strategies
Continuous monitoring of industries and their convergence, giving clients first mover advantage in emerging opportunities
More than 40 global offices ensure that clients gain global perspective to mitigate risk and sustain long term growth
Proprietary Team Methodology integrates 7 critical research perspectives to optimize growth investments
Career research and case studies for the CEOs’ Growth Team to ensure growth strategy implementation at best practice levels
Close collaboration with clients in developing their research based visionary perspective to drive GIL
Focused on Growth
IndustryCoverage
Global Footprint
Career Best Practices
360 Degree Perspective
Visionary Innovation Partner
147
TEAM Methodology
Frost & Sullivan’s proprietary TEAM Methodology ensures that clients have a complete 360 Degree
PerspectiveTM from which to drive decision making. Technical, Econometric, Application, and Market
information ensures that clients have a comprehensive view of industries, markets, and technology.
Technical
Real-time intelligence on technology, including emerging technologies, new
R&D breakthroughs, technology forecasting, impact analysis,
groundbreaking research, and licensing opportunities.
Econometric
In-depth qualitative and quantitative research focused on timely and critical
global, regional, and country-specific trends, including the political,
demographic, and socioeconomic landscapes.
Application
Insightful strategies, networking opportunities, and best practices that can be
applied for enhanced market growth; interactions between the client, peers,
and Frost & Sullivan representatives that result in added value and
effectiveness.
Market
Global and regional market analysis, including drivers and restraints, market
trends, regulatory changes, competitive insights, growth forecasts, industry
challenges, strategic recommendations, and end-user perspectives.
148
Our Global Footprint 40+ OfficesScanning the Globe for Opportunities and Innovation