Tatum’s
quarterly
survey of
business
conditions
Q2 2017
Cybersecurity risk management practices (sorted by overall agreement)
Dear colleagues,
Each quarter Tatum releases our
Survey of Business Conditions, a
nationwide survey for CFOs, by CFOs,
examining key economic indicators to
keep you abreast of current trends.
Our second quarter report also
features a section on cybersecurity
issues and their business impact. We
trust that you will find these insights
valuable as you prepare for future
business conditions.
Sincerely,
Macon A. Albertson
President
Tatum, a Randstad company
Insights from the
country’s leading CFOs
The cybersecurity landscape is one
of rapid change and complexity,
making current and actionable
guidance on the latest trends more
critical than ever. This report uncovers
the latest data points and trends
in cybersecurity, reveals how peers
are approaching security, and offers
valuable benchmark data to help
gauge how organizations stack up
against each other.
visit us online at www.tatum-us.com
Survey respondents indicate
2017 has begun on a very
positive note, with most reporting
improvement in overall business
conditions in Q1 and projected
improvement for Q2. Stability and
optimism are also reported across
Tatum’s key economic indicators.
Respondents of Tatum’s Survey of Business
Conditions continue to report positive views this
quarter, following similar sentiments in the first
quarter of 2017.
Respondents also weighed in on Tatum’s
key economic indicators, forecasting growth
in sales and order backlogs and stability, or
slight improvements in capital expenditure
commitments, employment, capital availability
and pricing.
Also this quarter, respondents shared their
perspectives on a range of cybersecurity issues,
with 44 percent saying cybersecurity is of
significant concern to executive leadership, and
11 percent indicating it is among the top three
issues they face. Despite this concern, the majority
of respondents say their cybersecurity programs
are between an initial stage to moderately
mature. Only 11 percent of respondents say their
programs are fully optimized.
Business conditions summary
Respondents report improvements in overall
business conditions for both past quarter, and
second quarter 2017.
2017
agree somewhat
strongly agree
40%
53%
44%
This quarter
16%
44%
29%
30%
44%
31%
20
44
%
%
29%
25%
36
%
42%
25%
42%
29%
33%
44%
29%
41%
27%
39%
20%
53%
27%
N/A
33%
40%
%
43
27%
15
%
42
19%
20%
16%
14%
%
53%
20%
33%
27%
48%
44%
41%
36%
44%
34%
52%
2015
strongly agree
agree somewhat
disagree
We have identified our most critical information assets (data,
intellectual property, etc.) and information systems.
12%
42%
N/A
Past quarter
7%
50%
33%
19%
disagree
We have prioritized our information assets based on risk.
Our executive team fully understands our data security
compliance requirements and the risks of non-compliance.
We provide differentiated security protection based on
importance of assets.
Our frontline personnel are trained to and do understand the
value of the information assets they touch every day.
I am confident my company has access to the cybersecurity
leadership and expertise we need.
We have deeply integrated security into our technology
environment to drive scalability.
Cybersecurity is an enterprise risk and managed like one.
Cybersecurity is integrated in risk analysis and presented in regular
executive level and board discussions.
Our CEO and other members of the senior leadership team are
actively engaged – in cybersecurity strategic decision-making, in
driving cybersecurity implications across business units.
I am confident we are adequately vetting the security
profile of our vendors and service providers.
Respondents indicate that nearly every aspect of cybersecurity management has improved over the past two years. Among them,
“identifying the most critical information assets and information systems” was most improved, with a 61 percent increase in
respondents who strongly agree they have done so. Other large improvements include, “prioritizing information assets based on
risk,” and “the executive teams’” understanding of data security compliance requirements and the risks of non-compliance.
Cybersecurity testing trends
44%
17%
15%
46%
13
41
%
13%
37%
6%
33%
We test continuously to improve
incident response.
39%
As a result of our latest testing, we
improved our data protection efforts.
We regularly include application data loss
prevention checks in our disaster recovery
and business continuity (DR/BCP) testing.
%
33%
7%
39%
46
%
Which of the following has your company experienced in
the last three months
disagree
We regularly include a phishing test or
other form of social media hacking in
our cyber testing.
54%
56%
We regularly include penetration testing by
ethical hackers to determine vulnerabilities.
61%
We test the company’s executive suite
communication response plan frequently.
Cybersecurity spending trends
17
2%
24%
greater than 2016
less than 2016
same as 2016
• a phishing test or other form
of social media hacking
53%
14%
42%
2%
greater than 2016
0–5%
21–25%
less than 2016
6–10%
26% +
same as 2016
11–20%
visit us online at www.tatum-us.com
2017
2015
57%
13%
A cyber attack
The threat level and
frequency of cyber attacks
is dramatically higher this
year compared to 2015. In
fact, more than four times
the number of respondents
suffered a cyber attack this
year than did in 2015, and
five times the number of
companies experienced a
cybersecurity intrusion.
50%
10%
0%
A cybersecurity intrusion
1%
A cyber breach, defined
as an intrusion where
sensitive data was
successfully stolen
• penetration testing by ethical
hackers
• the company’s executive
suite communication
response plan.
Top challenges to managing cybersecurity
What do you see as the most daunting aspect of effectively managing the cybersecurity
challenge for your client company?
testing
systems threats
awareness
Of those who expect spending trends to be
greater in 2017, what percentage higher?
%
45%
Today’s distributed, multi-tier
IT environment can bring
more security complexities and
challenges than in the past. One
of the most pressing security
challenges is the detection
of attacks, and the need to
continually test the companies’
vulnerabilities. Although most
respondents (61%) agree they
test continuously to improve
incident response, more than
half admit that they fail to
regularly include:
While companies are
continually tweaking their
budgets, there is no debate
about the importance of
investing in adequate security
solutions. More than half
of respondents will increase
their security spend from last
year, while only two percent
will reduce their budgets.
The majority of companies
planning to increase spend
will allocate between 6 and
10 percent for this purpose.
security
intrusion
vigilance
recovery
attacks
constant
data
agree somewhat
risks
strongly agree
Frequency of cyber attacks
education
breach
resources
hacking
The intensity of potential attacks
that have not yet occurred.
Balancing budget with
security needs.
– External CFO Partner
– External CFO Partner
The most daunting aspects
of managing cybersecurity
for respondents include
lack of security awareness
among employees,
a shortage of skilled
resources, budget
concerns, and detecting
potential and changing
threats.
Economic indicators
Q1 2017
Sales/order
backlogs
Past quarter stable with slight improvement
observed, increases projected for this quarter.
Capital expenditure
commitments
Stability and optimism seen for past quarter,
minor increases anticipated for this quarter.
Employment
Headcount remained stable and improving for
both the past quarter and second quarter 2017.
Capital availability
and pricing
Further stability and slight improvements were
observed last quarter, with this trend expected to
continue this quarter.
Q2 2017
About the Survey of Business Conditions
Tatum’s Survey of Business Conditions is a quarterly pulse check on business and the emerging economic trends that
impact our clients and their industries. Our C-suite partners, clients and industry contacts provide exclusive perspectives
and insights from critical industries and markets.
Any use or reproduction of the contents of this report without the written consent of Tatum is strictly forbidden. The
authors are not engaged in rendering legal, investment or other professional services by publication of this report.
Information contained in this report should not be used as a substitute for professional advice, legal, investment or
otherwise, on any particular issue.
For more information
Visit Tatum-us.com or contact Macon Albertson at [email protected]
Tatum
services
On-demand interim
C-suite leadership
Project
consulting
Transaction
support
Financial operational
improvements
IT operational
improvements
Staff
augmentation
© Randstad North America, Inc. 2016
About Tatum, a Randstad company
visit us
A well-established and trusted executive consulting services firm, Tatum helps companies confront challenges arising at any stage of the business life cycle.
We frequently serve as trusted advisers to the office of the CFO or CIO and address complex issues not easily solved from within the organization. We
online
at www.tatum-us.com
provide senior-level interim and project consultants in addition to highly regarded executive search services. Tatum is an operating company of Randstad.
To learn more about Tatum, visit www.tatum-us.com
© Randstad North America, Inc. 2017
Executive
Search