DAILY LIVES BOTH AT WORK AND AT HOME. Alarming stories in the press and comprehensive reports, such as Verizons 2013 Data Breach Investigations Report, serve as daily reminders that we need controls in place and constant vigilance to prevent considerable losses in data, funds and intellectual property. Due to widespread concern about the issue, Silicon Valley Bank decided to poll our clients about how theyre addressing this clear and present risk with revealing results from the unique perspective of technology companies themselves. Cybersecurity Risk is Real and Growing Most survey respondents believe cybersecurity is a serious threat to both their data and business continuity, with a full 51% rating the threat to business interruption as very serious or serious. The threat to data or intellectual property (IP) was viewed as more signifcant with 60% saying it was a very serious or serious threat. Sofware companies are more likely than those in healthcare and cleantech/hardware to consider a cyber attack a serious threat in terms of business interruption (58% versus 47% and 41%, respectively). Threat Cyber Attack Causes Serious Business Interruption very Serious Threal Hinor Threal Serious Threal Nol al All a Threal Hoderale Threal Threat of Cyber Attack to Company Data or IP 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% 51% 60% 25% 31% 29% 18% 20% 26% 25% 22% Level of Concern aboul Cybersecurily Threal If our security fails, it has the strong potential to destroy the company. We take that risk very seriously. CEO, Cloud Infrastructure Company CYBERSECURITY REPORT Cybersecurity Survey Impact on Innovation CYBERSECURITY REPORT 2 Only 35% are Completely or Very Confdent About Their Own Security, and Even Less Confdent About Business Partners Overall, companies express confdence in the security of their information, but only 35% are completely/very confident, while 57% are moderately confdent. Survey respondents were far less confdent about the security measures taken by their critical business partners, including vendors, distributors and customers, with only 16% completely/ very confident. I believe it will be an ever-increasing concern and challenge. We are particularly concerned about foreign states who attempt to hack into our businesses. CEO, Consumer Electronics Company 57% 27% 16% 57% 8% 35% Confidence in Security of Information Moderately Confident Not Confident Completely/Very Confident Security Measures of Partners Own Company Information Way too much resource must be spent managing and defending, which prevents time better spent on innovation and growth. Very sad state for the technology community. CEO, Big Data Company 98% of Companies Are Maintaining or Increasing Security Resources Of those 98%, half say theyve increased resources (time or money) devoted to the problem this year. % % % % More resources About the same Fewer resources Amount of Resources for Cybersecurity We've dedicated an Info Security Officer to this role. 49% 49% 2% Firewalls, hosting facilities and business continuity plans. Resources Focus on When, Not if, Attack Occurs Notably, companies are currently investing more in measures to respond to inevitable attacks monitoring, preventive policies, training and stafng than in preventative infrastructure. This is consistent with executives describing an increase in the magnitude of cyber attacks, not only in frequency but also in the severity of highly organized attacks from rogue nations. Its a constant battle that wont go away and we are now spending more to protect ourselves from when we are hacked than to try and keep from being hacked. CEO, Financial Technology Company Monitoring/Assessment Policies/Controls Hiring Software Firewalls Encryption Authentication/Access Cloud Servers Hosting % % % % % % % % % % % Top Cybersecurity Investments MOST TECH AND HEALTHCARE EXECUTIVES VIEW CYBER ATTACKS AS A SERIOUS THREAT, NOT JUST HYPE. Cybersecurity is an important issue, and needs to be integrated into every aspect of the running of the company. CEO, Enterprise Applications Startup CYBERSECURITY REPORT 3 Key offering No plans to add Component of offering Dont currently have but plan to % % % % % % Software Hardware/Cleantech/ Other Healthcare Role of Cybersecurity Functionality in Key Offering 15% 6% 56% 36% 6% 53% 60% 10% 30% 8% 21% Most Companies Have Security Aspect to Product Attention to cybersecurity now cuts to the core of what companies do. Over half of respondents say cybersecurity is at least one component of their product ofering. Not surprisingly, sofware companies are most likely to ofer a cybersecurity component to their product. Although there is a lot of useless media hype, cybersecurity is important and should never be ignored. For the foreseeable future, cyber attacks will be a daily constant for any company with an Internet presence. CEO, Hardware/Cleantech Startup Data security is and always will be an important part of technology infrastructure. The cloud is not a silver bullet. CEO, IT Services Startup Media Coverage Makes an Impact For nearly half of executives surveyed, increased media attention to cyber attacks has changed the tide of opinions on cybersecurity and has helped heighten its priority in companies across the board. In addition to risks to their intellectual property and business interruption, they may be keenly aware of the mounting customer concern that comes from rising media exposure which in turn creates even more incentive to beef up cybersecurity resources. Media Had Impact 48% 32% 14% 4% 3% No Cybersecurity remains an important priority No This is just media hype Other Yes My company is making cybersecurity a bigger priority Yes - I am more aware of the cybersecurity threat Impact of Media on Cybersecurity Perceptions Not Everyone is Embracing the Clouds Public Nature Most respondents say they still store company information either privately or only partially on the cloud, showing a lower appetite for using the public cloud even with security measures in place to cost-effectively store important company information. While 52% are storing information privately, nearly half are using the public cloud for at least some of their data. Sofware companies are the most aggressive users, with 59% using the public cloud for at least some of their data likely one reason why they are the sector most concerned about IP and business risk, and most infuenced by media coverage. Early-stage companies are also more likely to embrace the cloud, presumably to lower their costs and achieve efciencies even at a small scale. % % % Public cloud only Both Private cloud only Neither 19% 29% 34% 18% How Company Information is Stored Study Methodology Results for Silicon Valley Banks cybersecurity study were collected through an online survey conducted from July 16-29, 2013. The survey was completed by 216 C-level tech and healthcare clients, 65% of whom are President/CEO. Industry distribution of respondents is 43% software, 20% healthcare, 14% consumer Internet and digital media, 8% hardware and 7% clean technology. Seventy-fve percent of respondent companies are startups and 20% in growth stage. Over 60% are based on the west coast. All fgures in this report are based on the unweighted responses to closed- ended questions, except the statistics in the Top Security Investments graph, which are based on the classifcation of free-form open-ended comments typed by survey participants. About Silicon Valley Bank Silicon Valley Bank is the premier bank for technology, life science, cleantech, venture capital, private equity and premium wine businesses. SVB provides industry knowledge and connections, fnancing, treasury management, corporate investment and international banking services to its clients worldwide through 28 U.S. ofces and six international operations. (Nasdaq: SIVB) www.svb.com. Silicon Valley Bank 3003 Tasman Drive Santa Clara, ca 95054 t 408 654 7400 svb.com 2013 SVB Financial Group. All rights reserved. Silicon Valley Bank is a member of FDIC and Federal Reserve System. SVB>, SVB>Find a way, SVB Financial Group, and Silicon Valley Bank are registered trademarks. B-13-12992. Rev 09-16-13.