Premium sponsor

Executive Summary

Managing Security in the Digital Era How are European businesses tackling a constantly changing landscape of persistent cyber threats and stringent data protection rules?

Paul Fisher Research Director March 2017

Managing Secur i ty in the Digital Era – Copyr ight CXP Group, 2017 2

Preface

Imagine every business in the land, large or small, being visited every

day by one or two il l- intentioned intruders. Imagine them sauntering in,

taking wallets, purses, laptops and valuables, and casually breezing off

with their booty, ready and able to return the next day, and the next, and the next.

The world’s collective rage should surely result in heated press

coverage, summary justice, and street riots rather than the indifference we’ve faced to date in the Cyber world.

This curious lack of interest in Cyber security over the last 20 years, in

the face of persistent losses of business value and our personal crown jewels, is starting to transform for two main reasons:

(1) Impact - The signature events that hit the papers with alarming

regularity are the tip of a large and growing iceberg. These events

result in brand loss, and executive embarrassment, but arguably are

otherwise not of material business interest. What they disguise is the

exploding volume of petty thefts (ransomware, corporate espionage, theft) that

together are approaching 2% of GDP. This is a crit ical benchmark where National Governments (not to mention businesses) start to sit up and take notice.

(2) Understanding – Businesses of every kind now deeply understand the tangible

business impact of information. Even the most physical “oil under the fingernails”

businesses such as Manufacturing or Distribution realise that real value isn’t found

simply in the physical asset itself. Instead, real value comes from information

accelerating, improving, locating, combining and automating the inherent value inside

the asset. Boards that have switched off at the first use of the word “Cyber” are taking

serious notice when the agenda turns to discussions about managing, protecting,

securing, and licencing the information that has become the very l ife-blood of their business.

The dry technical terminology of “MSSP” disguises a very real problem; that businesses

are haemorrhaging value through “death by a thousand cuts” as their business becomes more information-rich, more complex, more competitive, and faster moving.

The survey, drawn from a cross section of the business community (see page 10 for

details) shows that you are looking for services that are not just business and IT

integrated, but that succeed in safeguarding your priceless information assets. The

results we found in this survey; digitisation driving appetite, weariness with the latest

regulatory fad, coverage that suggests comprehensive approaches, and the need for

ski l ls that incorporate business communication, crisis management, and delegation, all suggest that that customers are finally looking for services that work.

Working together to understand the specifics of those needs, so that we stem the tide

of new world criminals waltzing in and stealing our most valuable assets with impunity is

the work of the next generation of service providers. To move us all forward together,

we are striving to build on a platform of being more passionate, more expert, more

agile and more integrated with our customers, reflecting the conclusions we drew on page 9.

John Madelin CEO at Reliance acsn

Managing Secur i ty in the Digital Era – Copyr ight CXP Group, 2017 3

TABLE OF CONTENTS

Managing Security in the Digital Era ...................................................................................... 4 Introduction ............................................................................................................................ 4 Key Findings ........................................................................................................................... 5 MSSP Maturity and Strategies in Europe ................................................................................. 6 Current Security and Business Challenges ............................................................................. 7 What Do End Users Look for in an MSSP Today? ...................................................................... 8 Conclusions ............................................................................................................................ 9 Methodology ........................................................................................................................ 10 Success Story ....................................................................................................................... 11 Perfecting the science of co-managed IT security ........................................................................................ 11 About Reliance acsn ............................................................................................................................ 14 About PAC ........................................................................................................................................... 15 Disclaimer, usage rights, independence and data protection ................................................................... 16

TABLE OF FIGURES

Fig. 1: When first appointing an MSSP, cost savings are overwhelmingly l isted as a factor, probably influenced by C-Suite demands. .................................................................................. 6

Managing Secur i ty in the Digital Era – Copyr ight CXP Group, 2017 4

Managing Security in the Digital Era

INTRODUCTION

Rising cybercrime, digital disruption and increased compliance

demands are threatening the stabil ity of businesses across Europe.

Dealing with cybercrime alone is a challenge, but as businesses look

for a competitive edge through digital, and with the General Data

Protection Regulation (GDPR) just over the horizon, many are looking

for outside help. Increasingly that help comes in the form of a

Managed Security Services Provider (MSSP).

In other parts of enterprise organisations, long used to outsourcing

(especially in the UK), it might come as a surprise that MSSPs are sti l l

seen as a relatively new concept and one that is sti l l treated with

suspicion by security chiefs. The issues are trust and control —

handing over custody of the security of a business is not something to

be taken l ightly. It is that aspect of outsourcing that is often

overlooked in the marketing and promises that a switch to an MSSP

can bring. Trust and reliance remain key.

Sti l l , there is now definitely a growth in MSSP adoption across Europe

as the triple pressures of cybercrime, skil ls shortages and compliance

take their effect on under-pressure IT departments, and boardrooms

fret about the business impact of data breaches. So outside help is

being sought.

That doesn’t mean that any MSSP is going to get an easy ride. There

are sti l l barriers to overcome and buyers wil l remain to be convinced

if they are to part cash for a first MSSP adoption, or an extension of

an existing partial security outsourcing.

This major piece of research, conducted by PAC across industry gives

us a detailed insight into the thinking of security professionals, and

how they approach the serious process of outsourcing security

functions to get the best possible solution.

The survey was conducted during February 2017 in the following

countries: UK France, Germany, Nordics, Ireland and Netherlands. The

field research questioned 200 CISOs, CIOS, CTOs and other C-suite

professionals across manufacturing, retail, transport and services

sectors.

Paul Fisher

Research Director, Cyber Security

PAC-CXP London

Managing Secur i ty in the Digital Era – Copyr ight CXP Group, 2017 5

KEY FINDINGS

• The majority of European organisations are now running some

or all of their security operations with an MSSP.

More than 70% of organisations are happy with the MSSP they

currently use.

MSSPs cannot be complacent. Those organisations that are

looking for a replacement cite lack of flexibility and expertise

as their main issues.

The cyber security skil ls shortage shows no sign of abating

and is and is impacting heavily on choice of MSSP.

The market for MSSPs is becoming fragmented and a pick-

and-mix approach is emerging. A significant 31% are

planning to bring some security operations back in-house.

GDPR and compliance are low down on client lists of

requirements. Just 20% of respondents see compliance as a

major goal for any MSSP engagement.

Cost savings and efficiency sti l l dominate management

thinking. These were major goals of managed security

services adoption for 69% of respondents.

Investment in MSSP usage wil l remain robust with 92% of

respondents indicating an increasing or maintained level of

investment.

The key drivers of digital transformation – cloud, mobil ity and

IoT – are also the biggest source of security concerns for

European organisations. Some 50% of respondents saw digital

transformation projects as a threat in themselves.

Organisations believe that in-house security teams are best

able to deal with advanced and nation-state attacks.

Managing Secur i ty in the Digital Era – Copyr ight CXP Group, 2017 6

MSSP Maturity and Strategies in Europe

The first thing to note from our Trend Study is that Managed Security

Services are now overwhelmingly established across European

businesses, with 66% already using an MSSP, with a further 24%

planning to invest. The remaining 10% are in the process of evaluating

the prospect.

So it is maturing, but what does that 100% endorsement for Managed

Security Services tell us? First, it is a bigger endorsement than PAC

was expecting and demonstrates that across the board, on average,

industry sectors are putting aside their reservations about using an

outsourced security service. That said, the results within the sectors

show that there is sti l l some reluctance to fully outsource security.

If we dig a l itt le deeper, we can see the option to outsource security

is catching on, but there is sti l l some way to go before end users

completely trust an MSSP to fully manage its security. So 53% are at

an early stage of planning with only 12% at an advanced stage.

For those already engaging an MSSP, some 71% are happy with the

service they are already getting with no plans to replace, which

means rival providers wil l have their work cut out preaching to the

converted.

Fig. 1: When first appointing an MSSP, cost savings are overwhelmingly listed

as a factor, probably influenced by C-Suite demands.

20%

29%

30%

30%

36%

44%

55%

69%

55%

52%

44%

58%

56%

35%

42%

29%

To achieve compliance with new General Data Protection Regulation

Access to security expertise not available within organisation

Benefit from advanced security technology

Access to security analysis and consultancy

Protection against advanced threats

To insure against new threats from digital transformation and IoT- projects

To automate security operations

To achieve cost savings and security efficiency

Which of the following are a major, minor or not a goal at all for your MSSP engagement?

Major goal Minor goal

© PAC - a CXP Group Company 2017

Clients will think of switching, especially if they believe that

the provider does not demonstrate

flexibility, or its expertise is found to

be wanting. Expertise will be the great

differentiator in the battle to win and

keep clients.

Managing Secur i ty in the Digital Era – Copyr ight CXP Group, 2017 7

GDPR is coming

Our survey was undertaken with 15 months to go before the EU

General Data Protection Regulation becomes active in May 2018. Yet

the results indicate very l itt le awareness of how an MSSP could help

an organisation cope with its impact.

Only 20% of respondents indicated that this was a good reason to

employ an MSSP.

There are two ways to interpret this result. Either they do not see

MSSPs as compliance specialists if they are thinking about GDPR, or

they simply have not realised the impact that GDPR wil l have.

PAC believes that services in data classif ication wil l become more

important for both providers and end users. Compliance with GDPR

wil l only be legally registered if an organisation is able to identify

exactly where data is, whether in its own data centres, in the cloud or

with a third party. The data controller wil l be held responsible for

data at all t imes.

CURRENT SECURITY AND BUSINESS CHALLENGES

To say that organisations face increased cyber threats is hardly news.

We know that. What end users need and what MSSPs need to know

better than their clients is how to manage these threats. So what are

end users specifically looking for?

The results show that the trends they are most concerned about are

also the drivers of change and innovation across European

businesses. Our results confirm the feeling that the better things get in

terms of digital transformation, the worse they get for security. So our

respondents are most concerned about the following: mobile (74%),

cloud (67%) and IoT (58%).

Other major IT trends such as digital transformation (50%) and shadow

IT (34%) are also concerns (as they should be), but our results are a

reflection of what end users are thinking about and dealing with right

now.

While the media talk up cyber war or state

sponsored attacks, very few respondents

running important European businesses worry about it. Just

11%.

Managing Secur i ty in the Digital Era – Copyr ight CXP Group, 2017 8

PAC’s analysis is that these trends must not be obstructed (and

probably cannot be) as within them lies the future prosperity and

competitiveness of European organisations. Clients need to demand

existing or future service providers to start thinking about how they

can best manage and secure the digital future.

WHAT DO END USERS LOOK FOR IN AN MSSP TODAY?

So far we have looked at the driving forces behind the choice of

using an MSSP, such as the type and frequency of crime and of

course compliance pressures. Of course, no MSSP or SITS business is

going to say it is incapable of handling any of these pressures!

But what are end users expecting, what separates the men from the

boys in the MSSP world? We certainly gave our respondents quite a

menu of options to choose, from number of security experts r ight

down to ease of communications.

What we were surprised at was that 69% of all respondents thought

that the number of experts an MSSP can boast is a “must have”,

which says something about the effect the cyber skil ls shortage is

having.

It also means there is a war between services providers to sign up the

available talent, and prove they have the best.

The people doing the best out of this, of course, are those talented

individuals who have the credentials and qualif ications to get the

best salaries and rewards. However, the shortage is affecting the

compliance market too.

And end users are expecting more than just a knowledge of ISO

27001 – they expect soft ski l ls such as excellent business

communications skil ls, crisis management and delegation.

Managing Secur i ty in the Digital Era – Copyr ight CXP Group, 2017 9

CONCLUSIONS

Companies across Europe are becoming more comfortable with outsourcing

security, even in sectors once thought hosti le to using MSSPs, such as banking.

But one size does not fit all. Clients and providers need to rigorously evaluate

carefully which services and how they are applied.

Compliance, and particularly the upcoming introduction of GDPR, figures low

down on clients’ security planning. In PAC’s view, this is a significant oversight

as a compliant organisation is also a more secure one. MSSPs can win by

educating clients on compliance and by offering expert help, either on their

own or through secondary partnerships.

Client organisations have a mixed view of the benefits that an MSSP can

provide, and different parts of the organisation have different expectations.

The Board looks initially to save money and is happy when this happens,

whereas the security teams look for help and technology that they cannot

deliver in-house.

An MSSP is not for l ife, or even for a whole organisation. Businesses are taking a

pick-and-mix approach, and even taking some functions back in-house. MSSPs

need to be flexible in terms of outlook and delivery. In an age of pay-as-you-

go cloud and SaaS, they need to be agile enough to react to more frequent

policy changes and new threats.

Clients remain more trusting of larger IT services providers and traditional

security software houses in their choice of MSSP. Smaller and bespoke players

need not give up, however. As the demands of GDPR and advanced threats

increase, clients may well look to more specialist providers, especially if they

take a pick-and-mix approach.

The on-going cyber security ski l ls shortage is such that competition for security

talent wil l put MSSPs at loggerheads with each other, as well as client

companies. MSSPs wil l be under pressure to raise salary expectations while

remaining competitive. In this situation, the client is l ikely to feel the benefit.

Clients remain more concerned about conventional cyber threats such as

phishing and malware and express a level of complacency with regards to

nation-state or advanced attacks. MSSPs, however, should not take this as a

reason not to offer advanced protection. Advanced techniques are trickling

down the cyber eco system rapidly.

Managing Secur i ty in the Digital Era – Copyr ight CXP Group, 2017 10

METHODOLOGY

The survey was conducted during February 2017 in the following countries: UK France,

Germany, Nordics, Ireland and Netherlands. The field research questioned 200 senior IT

and security job holders across manufacturing, retail, transport and services sectors.

© PAC - a CXP Group Company 2017

50%

51%

Services, Retail, Transport Manufacturing

Respondents by industry

25%

24%

25%

26%

UK Germany France Nordics, Ireland & Netherlands

Respondents by region

33%

33%

34%

500-1,999 employees 2,000-4,999 employees

5,000+ employees

Respondents by size of workforce

2%

23%

14% 9%

3%

49%

Chief Information

Security Officer

Chief Information

Officer

Chief Security Officer

Chief Technical

Officer

Chief Risk Officer

Head of IT/Corporate IT

Director

Respondents by job title

Managing Secur i ty in the Digital Era – Copyr ight CXP Group, 2017 11

SUCCESS STORY

PERFECTING THE SCIENCE OF CO-MANAGED IT SECURITY

AT A GLANCE The Science Museum Group is devoted to the history and

contemporary practice of science, medicine, technology, industry and media. Its

collections are the largest, most comprehensive and most significant in their field

anywhere in the world. The Science Museum Group incorporates the Science Museum,

the Science Museum Library and the Wellcome collections of the history of medicine at

South Kensington; the National Railway Museum at York; the National Media Museum

at Bradford; Locomotion: the National Railway Museum at Shildon; and Concorde 002

with its associated exhibition at Yeovilton.

SITUATION As a public body responsible for a family of museums, The Science

Museum Group not only manages the museum buildings and collections but also the

group’s IT infrastructure, websites, applications, corporate activities and commercial

enterprises.

The Science Museum Group’s status as a public body means it must comply with the

Security Policy Framework (SPF) introduced by the UK Government in 2008. The SPF

includes both best practice guidelines and mandatory requirements.

“The SPF has a very strong IT section around information security and risk. It made us

think very carefully and redouble our efforts in IT security,” says Julian Payne, Head of

ICT at The Science Museum Group.

“Around the same time, we became acutely aware that increasing use of wireless

technologies and sophisticated mobile phones was increasing our network

vulnerabilities,” adds Payne.

A more structured approach to IT security

Against this backdrop, The Science Museum Group also decided to plan for ISO/IEC

27001 accreditation – the Information Security Management Systems (ISMS) standard.

To achieve all of its goals, they needed to approach IT systems security in a more

planned, proactive, and structured way. Reliance acsn had been working with The

Science Museum Group since 2003 and had built a strong relationship. However, the

security infrastructure was managed internally at The Science Museum Group by one

person and the security role often conflicted with other prioritised activities and day-to-

SITUATION

• Compliance requirements of the Security Policy Framework

• Perceived increase in IT security threats

• Actual IT security vulnerabilities exposed by penetration testing and health checks

• Lack of internal client resources • Long-term plan to achieve ISO/IEC

27001

SOLUTION

• Co-managed IT security service • Continued regular health checks of

the client’s infrastructure plus application testing of new and updated Science Museum Group websites

• Increased rigour in change management

• All IT security needs covered, from day-to-day issues to strategic planning

BENEFITS

• Increased IT security expertise and improved protection from IT security breaches

• Lower cost compared with adding internal resources

• Business protection, compliance and peace of mind

Managing Secur i ty in the Digital Era – Copyr ight CXP Group, 2017 12

day responsibilities. Further, there were recurring issues highlighted in Reliance acsn health

check reports that indicated exposure to IT security breaches.

A principal area to be concerned Change Control of the security components. One

option to address these problems was to employ more administrators with the

appropriate skills to maintain and manage the security infrastructure; however, this

would be an expensive approach

SOLUTION By 2008, Reliance acsn had been working with The Science Museum

Group for five years and was seen as part of their team.

As an alternative to an expensive increase in their internal headcount, Reliance acsn

proposed a co-managed service. The service would provide high- level security

expertise under a shared management approach between The Science Museum

Group and Reliance acsn.

Julian Payne explains: “Reliance acsn's people were, and still are, held in high esteem

at The Science Museum Group and the fit was very good. Our relationship simply

evolved. We accepted Reliance acsn's proposal for a co-managed service because it

enabled us to improve our IT security expertise and standards while keeping our costs

down.“

Added expertise and a flexible resource

To deliver the service Reliance acsn introduced a dedicated virtual team of technical

consultants. The team immediately set about providing the expertise and flexible

resource needed on a daily basis, remedying the known vulnerabilities, and monitoring

and protecting their infrastructure. Reliance acsn continued to carry out regular health

checks of their infrastructure and also application tested new and updated Science

Museum Group websites to ensure that no security weaknesses were introduced.

According to Payne: “We used to make changes to our infrastructure on our own but

felt vulnerable relying on just our own skills. Reliance acsn are excellent at the change

management process, which is key for us.

Their superior knowledge and adherence to best practice means we now benefit from

an extra level of resilience and are far less exposed to IT security breaches.”

IT security designed for the future

Payne continues: “Reliance acsn's co-managed service and expertise were critical in

helping us comply with the Security Policy Framework – and they have been invaluable

in helping us plan for ISO/IEC 27001.”

“As well as taking care of day-to- day IT security matters the Reliance acsn co-

managed service also covers strategic IT security, which is very important for them.

Strategically, we get constant valuable input from Reliance acsn; we also benefit from

annual Infrastructure and Design meetings as part of the co- managed IT security

service, so as an organisation we know exactly where we are going in the future.”

Today the co-managed service continues to evolve to meet their needs. It is delivered

on-site as required, through remote co-management over the Internet via VPN, and

backed up by telephone and email support.

Managing Secur i ty in the Digital Era – Copyr ight CXP Group, 2017 13

As well as protecting national assets, The Science

Museum Group is deeply involved in the contemporary

practice of science, medicine, technology, industry

and media.

“Our information is everywhere – on laptops, iPhones,

iPads, in our network, in our libraries and other

resources, in our ecommerce systems,” says Payne.

“It’s our lifeblood and we need to protect it and

understand what happens if it is compromised, lost or

stolen. With the Reliance acsn co-managed service I know we have the

required expertiseand best practice in place to protect our business. I know that

Reliance acsn look at all the IT security vulnerabilities in the world, and that the

specific expertise The Science Museum Group needs is available when we need

it. That gives me and the broader business enormous peace of mind.”

High security at a sensible cost “Added to that, the Reliance acsn service helps

us meet mandatory compliance requirements, keeps IT security costs at a

sensible level, significantly reduces the likelihood of a network or application

security breach, and keeps us strategically aware and alert to developments in

IT security.”

Concludes Payne: “If you asked me to rate Reliance acsn I would give them 10

out of 10. Reliance acsn are never anything less than highly diligent and

capable. Their co-managed service is a great fit for us, both in terms of business

and personalities, and there is total trust on both sides.”

Photos: Rel iance acsn, Science Museum

CONTACT Call +44 (0)845 519 2946 or email contact@relianceacsn.co.uk Northburgh House 10 Northburgh Street London EC1V 0AT United Kingdom www.relianceacsn.co.uk

THE HIGHEST IT SECURITY STANDARDS,

WITH FLEXIBLE RESOURCES AND

CONTROLLED COSTS

Managing Secur i ty in the Digital Era – Copyr ight CXP Group, 2017 14

PREMIUM SPONSOR

ABOUT RELIANCE ACSN

Reliance acsn are experts in IT security management. We have been

managing global security infrastructures for our clients since 2003.

Today, we are trusted to manage thousands of security devices for

over 80 customers across 5 continents, 24x7x365.

At our core we have a specialist team of highly accredited IT security

consultants and engineers who have extensive experience with all

the core security infrastructure technologies. We take the time to

understand your business, systems and specific requirements in order

to give you precisely what you need in the form of a truly tailored

service.

Reliance acsn’s mission is to offer significantly higher quality IT

security management services to our clients. Today our highly-

professional IT security management specialists are repeatedly going

above and beyond to deliver precisely that. At Reliance acsn we

know what it takes to create and support the real-world security.

Organisations need security and that is all we do.

Our clients span multiple sectors including banking, telecoms, retail,

government, insurance and leisure and they tell us they choose

Reliance acsn because we are professional, expert, honest, f lexible

and responsive. Reliance acsn is certif ied and accredited by the

major secure device manufacturers.

Our services:

• We can help you with almost any IT security management

challenge - it’s all about what you and your business need.

• Our specialist, f lexible services are carefully tailored to your

requirements to ensure you get what you need for as long as you

want, helping you invest intell igently to keep your business secure

and compliant.

• Our highly qualif ied, professional engineers and consultants wil l

ensure that the service you receive is of the highest quality, with

outstanding response times, clear reporting and meticulous

attention to detail.

For further information, please visit www.relianceacsn.co.uk

Contact: John Madelin CEO at Reliance acsn Phone: +44 (0)845 519 2946 Emai l: john.madel in@relianceacsn.co.uk

Managing Secur i ty in the Digital Era – Copyr ight CXP Group, 2017 15

ABOUT PAC

Founded in 1976, Pierre Audoin Consultants (PAC) is part of CXP

Group, the leading independent European research and consulting

firm for the software, IT services and digital transformation industry.

CXP Group offers its customers comprehensive support services for

the evaluation, selection and optimization of their software solutions

and for the evaluation and selection of IT services providers, and

accompanies them in optimizing their sourcing and investment

strategies. As such, CXP Group supports ICT decision makers in their

digital transformation journey.

Further, CXP Group assists software and IT services providers in

optimizing their strategies and go-to-market approaches with

quantitative and qualitative analyses as well as consulting services.

Public organizations and institutions equally base the development of

their IT policies on our reports.

Capitalizing on 40 years of experience, based in 8 countries (with 17

offices worldwide) and with 140 employees, CXP Group provides its

expertise every year to more than 1,500 ICT decision makers and the

operational divisions of large enterprises as well as mid-market

companies and their providers. CXP Group consists of three branches:

Le CXP, BARC (Business Application Research Center) and Pierre

Audoin Consultants (PAC).

For more information please visit: www.pac-online.com

PAC’s latest news: www.pac-online.com/blog

Follow us on Twitter: @CXPgroup

PAC - CXP Group 15 Bowling Green Lane EC1R 0BD London United Kingdom Phone: +44 207 251 2810 Fax: +44 207 490 7335 in fo-uk@pac-online.com www.pac-online.com

Managing Secur i ty in the Digital Era – Copyr ight CXP Group, 2017 16

DISCLAIMER, USAGE RIGHTS, INDEPENDENCE AND DATA PROTECTION

The creation and distribution of this study was supported by Reliance

acsn.

For more information, please visit www.pac-online.com.

Disclaimer

The contents of this study were compiled with the greatest possible

care. However, no l iabil ity for their accuracy can be assumed.

Analyses and evaluations reflect the state of our knowledge in

March 2017 and may change at any time. This applies in particular,

but not exclusively, to statements made about the future. Names and

designations that appear in this study may be registered trademarks.

Usage rights

This study is protected by copyright. Any reproduction or

dissemination to third parties, including in part, requires the prior

explicit authorization of the sponsors. The publication or dissemination

of tables, graphics etc. in other publications also requires prior

authorization.

Independence and data protection

This study was produced by Pierre Audoin Consultants (PAC). The

sponsors had no influence over the analysis of the data and the

production of the study.

The participants in the study were assured that the information they

provided would be treated confidentially. No statement enables

conclusions to be drawn about individual companies, and no

individual survey data was passed to the sponsors or other third

parties. All participants in the study were selected at random. There is

no connection between the production of the study and any

commercial relationship between the respondents and the sponsors

of this study.

Managing Secur i ty in the Digital Era – Copyr ight CXP Group, 2017 17