Follow the Leaders and Your Cybersecurity Just Might Improve

You only have to look around you, whether at work or at home, to see evidence that life is good. Many of us are lucky enough to have the right tools and conditions to be efficient and effective in our jobs, and a lot of people are living well within Maslow’s hierarchy of needs. But as any behavioral scientist will tell you, what initially seems positive on the outside often masks underlying issues.

It’s a situation we’re seeing in Accenture’s third annual State of Cyber Resilience report, launched this month. Our research, which involved a survey of 4,644 organizations with leading security practices and over $1 billion in annual revenues from around the world, found that, at first glance, life is a little better in cybersecurity: The basics of cybersecurity are improving, cyber resilience is on the rise, and most organizations are getting better at preventing direct cyberattacks.

But underlying issues exist: In the shape-shifting world of cybersecurity, attackers have already moved their entry points to weaker targets, such as vendors and other third parties in a company’s supply chain. For many businesses, this opens new battlegrounds even before an organization has mastered the fight in its own backyard.

At the same time, cybersecurity cost increases across 17 cost components are reaching unsustainable levels and, despite the hefty price tags, security investments often fail to deliver. As a result, many organizations face a tipping point.

Leaders Making Cybersecurity Work

Accenture’s report analysis reveals that a group of standout organizations have found a way through this challenging cybersecurity environment. This group of 800 leaders—around 17 percent of our sample—stop more attacks, find and fix breaches faster, and reduce breach impact better than 74 percent of the group studied (the remaining nine percent partially landed in the leaders category and partially landed in the non-leaders category).

These leaders have:

• over a threefold advantage in stopping targeted cyberattacks.

• a fourfold advantage in detection speed.

• a threefold advantage in speed of remediation.

• nearly a twofold advantage in containing damage impact.

How can the non-leaders, 74 percent of the sample, achieve these results and better handle current and emerging cybersecurity challenges? The following performance targets for non-leaders, which we found through detailed modelling of ‘what-if’ scenarios, can help them rise to the challenge. They should aim to:

• reduce the number of cyberattacks that result in a security breach from one in eight to one in 27 or better.

• reduce the average detection time for a security breach from up to seven days or more to less than one day.

• reduce the average time to remediate a security breach from up to a month or more to 15 days or less.

• ensure at least four out of five security breaches have no impact or only a minor impact on their company and its stakeholders.

Of course, targets aren’t the only things that matter. There’s a deliberate process involved, too. What do leaders from our report do differently to become more resilient? Three things set them apart:

• They invest in speed-enabling technologies. Leaders focus on technologies that match their priorities and provide the greatest benefit in achieving cybersecurity success. In particular, artificial intelligence and Security Orchestration, Automation, and Response (SOAR) technologies form the backbone of leaders’ investment strategies. Leaders also know which technologies help to achieve a broader level of cybersecurity success by filling gaps in performance.

• They drive value from investments. Leaders scale investments more often (over half of security tools tested end up fully deployed across the organization), and as a result, their security teams are more effective and are able to protect more key assets. Leaders also train more, which makes them faster at discovering and fixing breaches and protecting more key assets, and they collaborate more, which helps them to protect more key assets and improve regulatory alignment—increasingly important with the growth in personal privacy legislation and the potential fines this poses.

• They maintain existing investments. Leaders focus more of their budget allocations on sustaining what they already have. They perform better at the basics: Only 15 percent of leaders have had more than 500,000 records exposed in the last year, compared to 44 percent of non-leaders.

To better keep pace with the leaders in the report, boards should push management to formulate security investment plans that align with company strategy. Beyond technological investment, directors should also question management on the company’s security training programs and work to make sure that management is investing in its people, too.

I am heartened by our findings from this year’s report. The fact of the matter is that we at least know what differentiates a leader—and that gives the non-leaders, who are by no means laggards but could do with a helping hand, a chance to catch up. In particular, organizations need to recognize attackers’ new focus on indirect attacks and expand their scope of operations to protect their extended ecosystem.