{
  "docId": "019dd923-5de0-76bd-a168-d0984f387fb5",
  "docSlug": "f7275e434f5f1b04",
  "documentTitle": "The Global State of Information Security® Survey 2018 Singapore highlights",
  "authorId": "PwC",
  "authorName": "PwC",
  "documentKindSlug": "consulting-deck",
  "documentKindLabel": "Consulting deck",
  "sourceTypeSlug": "strategy_consulting",
  "sourceTypeLabel": "Strategy consulting",
  "presentationDate": null,
  "orientation": "portrait",
  "aspectRatio": 0.707,
  "pageNumber": 20,
  "pageCount": 36,
  "prevPage": 19,
  "nextPage": 21,
  "slideType": "industry_trends",
  "function": "summarize",
  "density": "overcrowded",
  "nDataPoints": 6,
  "notes": "Includes quotes from industry experts at Marsh and PwC.",
  "elementsJson": [
    "headline_text",
    "big_number",
    "paragraph",
    "quote_block",
    "donut_chart",
    "icon_grid"
  ],
  "metadataConfidence": 1,
  "imagePath": null,
  "slideHref": "/slides/019dd923-5de0-76bd-a168-d0984f387fb5/20",
  "deckHref": "/decks/019dd923-5de0-76bd-a168-d0984f387fb5",
  "deckJsonHref": "/decks/019dd923-5de0-76bd-a168-d0984f387fb5.json",
  "deckAnchorHref": "/decks/019dd923-5de0-76bd-a168-d0984f387fb5#slide-20",
  "components": [
    {
      "bbox": null,
      "kind": "callout",
      "text": "Today's CISO or CSO should be a senior business manager who has expertise not only in cybersecurity but also risk management, corporate governance and overall business objectives.",
      "attrs": null,
      "subkind": null,
      "toolName": "Visual emphasis",
      "toolSlug": "visual-emphasis",
      "confidence": null,
      "componentId": "019dd952-3beb-760d-a9ee-6e3f87d32dc7",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.2,
        "w": 0.15,
        "x": 0.76,
        "y": 0.68
      },
      "kind": "chart",
      "text": "35% Delivers information security risk updates to the Board at least four times a year",
      "attrs": null,
      "subkind": "donut",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "164d724c-4619-411a-b018-c2341fc03079",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.2,
        "w": 0.15,
        "x": 0.25,
        "y": 0.68
      },
      "kind": "chart",
      "text": "43% Approaches information security as an enterprise risk-management issue",
      "attrs": null,
      "subkind": "donut",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "3a7a219a-b1a3-4c1c-878f-918cf612e42b",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.2,
        "w": 0.15,
        "x": 0.59,
        "y": 0.68
      },
      "kind": "chart",
      "text": "36% Collaborates with internal stakeholders to understand business issues & needs",
      "attrs": null,
      "subkind": "donut",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "68aedf0f-c0cd-48c2-9eb6-8f43784667f9",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.2,
        "w": 0.15,
        "x": 0.42,
        "y": 0.68
      },
      "kind": "chart",
      "text": "41% Understands the organization's business issues & competitive environment",
      "attrs": null,
      "subkind": "donut",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "d792c9a5-89d6-407e-85f9-e7f6192a56f0",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.2,
        "w": 0.15,
        "x": 0.08,
        "y": 0.68
      },
      "kind": "chart",
      "text": "43% Communicates information security risks & strategies directly to executive leaders",
      "attrs": null,
      "subkind": "donut",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "f5b85436-549f-4c1e-95f3-b7630ed0900c",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.08,
        "w": 0.15,
        "x": 0.08,
        "y": 0.345
      },
      "kind": "metric",
      "text": "54%",
      "attrs": null,
      "subkind": "big-number",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "9d4b94e5-88ef-4c1c-8ee5-f2ac04e66020",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": null,
      "kind": "metric",
      "text": "CISO involvement: 54%",
      "attrs": null,
      "subkind": "primary",
      "toolName": "Quantification",
      "toolSlug": "quantification",
      "confidence": null,
      "componentId": "019dd952-3beb-760d-a9ee-7689375055a4",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.06,
        "w": 0.15,
        "x": 0.08,
        "y": 0.42
      },
      "kind": "paragraph",
      "text": "Have a CISO in charge of the security program",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "0214c69f-2599-419f-9379-cf71d83d0da6",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.1,
        "w": 0.25,
        "x": 0.36,
        "y": 0.23
      },
      "kind": "paragraph",
      "text": "Leaps in technologies hold tremendous promise for contending with seemingly intractable cyberthreats. Yet the spotlight on technical advances can dim the focus on the roles, competencies and training of people—an often neglected yet very effective defense. That's starting to change.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "135b7d5e-e958-4485-8155-c9e8320d8c82",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.15,
        "w": 0.25,
        "x": 0.65,
        "y": 0.23
      },
      "kind": "paragraph",
      "text": "Today's CISO or CSO should be a senior business manager who has expertise not only in cybersecurity but also risk management, corporate governance and overall business objectives. He or she should have access to key executives to provide insight into business risks and should be able to competently articulate risk-based cybersecurity issues to the C-suite and Board. Put simply, the cybersecurity leader should have the ability to effect change on par with C-level executives.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "6ad3a979-6a34-4fec-870b-de2756ba1e5c",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.08,
        "w": 0.25,
        "x": 0.36,
        "y": 0.45
      },
      "kind": "paragraph",
      "text": "When it comes to cybersecurity, there is no more pivotal player than the top information security officer, typically the Chief Information Security Officer (CISO) or Chief Security Officer (CSO). It is a role whose responsibilities and competencies have become increasingly visible and critical.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "90b3aca7-0b8f-4971-89e4-296223d7e41e",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.1,
        "w": 0.25,
        "x": 0.36,
        "y": 0.34
      },
      "kind": "quote",
      "text": "Companies tend to have a more technology-centered view, said Claude Yoder, global head of analytics for insurance provider Marsh. But I think as more and more information on cyber comes out, companies are expanding their technology-centered view to include people and processes.",
      "attrs": null,
      "subkind": "pull-quote",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "8828152d-1a6f-4419-b0d4-5e26ab910c7c",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.13,
        "w": 0.25,
        "x": 0.65,
        "y": 0.4
      },
      "kind": "quote",
      "text": "Today's security leader is a general manager with expertise in communications, presentation and business—in short, all the skills you would expect of a COO, said James Shira, Global CISO for PwC. The CISO or CSO is responsible and accountable for risks, and is expected to deliver a minimum information security posture across the organization. Doing so demands a new level of management skills.",
      "attrs": null,
      "subkind": "pull-quote",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "faddf9a8-6d53-4051-a25f-1ef39691cd28",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": null,
      "kind": "quote",
      "text": "Today's security leader is a general manager with expertise in communications, presentation and business—in short, all the skills you would expect of a COO, said James Shira, Global CISO for PwC.",
      "attrs": null,
      "subkind": null,
      "toolName": "Authority citation",
      "toolSlug": "authority-citation",
      "confidence": null,
      "componentId": "019dd952-3beb-760d-a9ee-70e88d4a2ddd",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.07,
        "w": 0.7,
        "x": 0.08,
        "y": 0.09
      },
      "kind": "title",
      "text": "The evolving involvement of executives and the Board",
      "attrs": null,
      "subkind": "headline",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "29d92593-8678-40e3-bea7-995308e3dbeb",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.03,
        "w": 0.4,
        "x": 0.08,
        "y": 0.65
      },
      "kind": "title",
      "text": "Skills & competencies of security leaders",
      "attrs": null,
      "subkind": "headline",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "ec259fbe-beff-4c43-8ecc-c6af770119d5",
      "frameworkName": null,
      "frameworkSlug": null
    }
  ],
  "metrics": [],
  "tools": [
    {
      "name": "Executive summary",
      "slug": "executive-summary",
      "agent": null,
      "layer": "slide",
      "matchId": "b00b11ec-9340-45c6-afbc-2d3db2fa22f2",
      "evidence": "Today's CISO or CSO should be a senior business manager who has expertise not only in cybersecurity but also risk management, corporate governance and overall business objectives.",
      "confidence": 0.7
    }
  ],
  "frameworks": [],
  "arcBeats": [
    {
      "to": 20,
      "from": 10,
      "beatId": "ef22f6aa-f227-4788-b8b3-eaf8b25e7e98",
      "arcName": "The Consultant's Gambit",
      "arcSlug": "consultants-gambit",
      "beatName": "Evidence & Proof",
      "beatSlug": "consultants-gambit-evidence-proof",
      "evidence": "The document presents various statistics and trends to support its findings",
      "position": 2,
      "confidence": 0.8,
      "parentBeatName": "Evidence",
      "parentBeatSlug": "evidence"
    }
  ],
  "loops": [
    {
      "to": 22,
      "from": 20,
      "name": "Golden Circle",
      "slug": "11-golden-circle",
      "bestFor": "Visionary leadership, brand positioning, mission statements",
      "matchId": "38f0d314-f4c8-4792-9b85-a0c3dbd5a4fb",
      "evidence": "The document highlights the evolving involvement of executives and the Board in cybersecurity",
      "position": 1,
      "objective": "Emphasize the importance of executive involvement in cybersecurity",
      "structure": "The Why (Belief) -> The How (Process) -> The What (Result)",
      "confidence": 0.6,
      "description": "Invert the typical pitch by starting with why you exist, rather than what you do"
    }
  ],
  "imagePathAlt": null,
  "thumbSrc": null,
  "thumbSrcAlt": null,
  "locked": true
}