THOUGHT PROVOKING

QUOTES
FROM FAMOUS CYBERSECURITY EXPERTS
Only after users have been fake-phished will they really pay
attention to the training.

I Todd Fitzgerald
I @SecurityFitz
I Grant Thornton International global director of Information Security - November 2015
If you outsourced something and your third-party provider lost your data,
your insurance might not cover that.

I John Kennedy
I Corporate partner at Wiggin and Dana LLP -
11th November 2015
Incident Response plans that are 30, 40 or 100 pages long may have their
place. But a shorter document helps not only during an incident, but also
before it, raising awareness with the senior leadership about the types of
decisions theyre going to be asked to make.
I Liisa Thomas
I @WinstonLaw
I Chair of the data security practice at Winston & Strawn LLP - 11th November 2015
UK organisations we spoke to were under a far higher rate of attack than
the European average.

I Bob Tarzey
I @tarzey
I Service Director, Quocirca, UK - Sept 2015
There has been an explosion in both frequency and severity
of cyber-attacks.

I Chris Fischer
I @Allianz @AGCS_Insurance
I CEO, Allianz Global Corporate and Specialty - Sept 2015
JP Morgan is a company that has 2,000 people dedicated to cyber
security. They have spent $250 million dedicated to cyber security. They
did everything right, and they still got hacked.
I Erik Avakian
I Chief Information Security Officer, Commonwealth of Pennsylvania, USA - Sept 2015
What Would You Do Differently If You Knew You Were Going
To Be Robbed?

I Michael Sentonas
I @MichaelSentonas
I VP & CTO, McAfee Security Connected, Intel, USA - Aug 2015
Any CEO who really understands risk knows that cyber is possibly the most
unpredictable risk there is. Its more unpredictable than a flood or tornado.

I Malcolm Marshall
I @WightMarshall
I KPMGs Global Head of Cyber Security - UK - July 2015.
The emerging nature of cyber risk is that its becoming systemic - as were
the risks that led to the credit crisis.

I John Scott
I Chief Risk Officer
I Global Corporate, Zurich - June 2015
There's no conceivable system that can stop 1 person in 100 opening a
phishing email and that can be all it takes.

I Ciaran Martin
I @GCHQ
I Director General for Cyber Security - GCHQ, UK - June 2015
You would never dream of a CFO not coming to a board meeting. In
addition, you would never see a CFO passing up using external audit or
teams of external advisors. The same diligence has to be assigned to
cybersecurity.
I Val Rahmani
I @valrahmani
I Non-Executive Director, Aberdeen Asset Management, USA - April 2015
Investors see data breaches as a threat to a companys material value
and feel dis-couraged in investing in a business that has had its sensitive
information compromised.
I Malcolm Marshall
I @WightMarshall
I KPMGs Global Head of Cyber Security - UK - July 2015.
Key stakeholders often underestimate how complex and overwhelming it
can be to manage all the ancillary people and groups who must play a role
in mitigating a major breach incident, including internal and external
attorneys, internal and external investigators, law enforcement, regulators,
insurers and many others.
I Bryan Sartin
I Managing Director
I Data breach response and forensics - Verizon - April 2015
All companies go through crises, but this kind of crisis is unique in the
number of unknowns.

I Brian Brink
I Senior Counsel Litigation
I Schnuck Markets, USA - April 2015
There was this horrible moment where I realized there was absolutely
nothing at all that I could do.

I Amy Pascal
I Former CEO of Sony Pictures
I USA - February 2015
It will take a major global company going down in the wake of a cyber
attack to really shake up information security.

I Adrian Leppard
I @adelepp
I City of London Police Commissioner - UK - Jan 2015
A breach alone is not a disaster, but mishandling it is.

I Serene Davis
I Underwriter with Beazley
I California, USA - Sept 2014
Its the not knowing thats the worst... After a breach, there are more
questions than answers.

I Dwayne Melancon
I @ThatDwayne
I Chief Technology Officer, TripWire, Portland, USA July 2014
Credit monitoring services only give consumers limited help, with a very
small percentage of the crimes that can be inflicted on them. These are
basically PR vehicles for most of the breached companies who offer credit
report monitoring.
I Avivah Litan
I @avivahl
I Vice President with Gartner Inc, Washington DC, USA - March 2014
There are only two types of companies: those that have been hacked, and
those that will be.

I Robert Mueller
I FBI Director
I USA - March 2012