PwC just released their 2014 Global Information Security Practice Survey results. Yes, I'm a little biased to PwC as it's my alma mater, but this survey is actually pretty interesting. You can generate it with any or all of the sub industries but the data is what's particularly fun. I suggest everyone take a look for your own data ammunition but also for some enlightening results.
- There's an analysis of countries competing in the global cyber defense race
- Actual recommendations, not just stating problems, for future security practices
- Shockingly (sarcasm) over 50% of respondents think they are ahead of their peers in security implementation
- Only 18% say they have policies over cloud services
- Attribution of attacks is not surprising. ~30% of currently employees and ~27% of former employees. So much for nation states.
- Content Security is horrible. 17% classify content, 20% have protective procedures, 26% inventory assets and only 31% review users and access regularly.