February 4, 2020
February 4, 2020
You only have to look around you, whether at work or at home, to see evidence that life is good. Many of us are lucky enough to have the right tools and conditions to be efficient and effective in our jobs, and a lot of people are living well within Maslow’s hierarchy of needs. But as any behavioral scientist will tell you, what initially seems positive on the outside often masks underlying issues.
It’s a situation we’re seeing in Accenture’s third annual State of Cyber Resilience report, launched this month. Our research, which involved a survey of 4,644 organizations with leading security practices and over $1 billion in annual revenues from around the world, found that, at first glance, life is a little better in cybersecurity: The basics of cybersecurity are improving, cyber resilience is on the rise, and most organizations are getting better at preventing direct cyberattacks.
But underlying issues exist: In the shape-shifting world of cybersecurity, attackers have already moved their entry points to weaker targets, such as vendors and other third parties in a company’s supply chain. For many businesses, this opens new battlegrounds even before an organization has mastered the fight in its own backyard.
At the same time, cybersecurity cost increases across 17 cost components are reaching unsustainable levels and, despite the hefty price tags, security investments often fail to deliver. As a result, many organizations face a tipping point.
Accenture’s report analysis reveals that a group of standout organizations have found a way through this challenging cybersecurity environment. This group of 800 leaders—around 17 percent of our sample—stop more attacks, find and fix breaches faster, and reduce breach impact better than 74 percent of the group studied (the remaining nine percent partially landed in the leaders category and partially landed in the non-leaders category).
These leaders have:
How can the non-leaders, 74 percent of the sample, achieve these results and better handle current and emerging cybersecurity challenges? The following performance targets for non-leaders, which we found through detailed modelling of ‘what-if’ scenarios, can help them rise to the challenge. They should aim to:
Of course, targets aren’t the only things that matter. There’s a deliberate process involved, too. What do leaders from our report do differently to become more resilient? Three things set them apart:
To better keep pace with the leaders in the report, boards should push management to formulate security investment plans that align with company strategy. Beyond technological investment, directors should also question management on the company’s security training programs and work to make sure that management is investing in its people, too.
I am heartened by our findings from this year’s report. The fact of the matter is that we at least know what differentiates a leader—and that gives the non-leaders, who are by no means laggards but could do with a helping hand, a chance to catch up. In particular, organizations need to recognize attackers’ new focus on indirect attacks and expand their scope of operations to protect their extended ecosystem.
Bissell leads the Accenture Security business globally. With more than 25 years of security industry experience, he specializes in breach incident response, identity management, privacy and data protection, secure software development, and cyber risk management. Bissell is also affiliated to OASIS, a nonprofit consortium that drives the development, convergence, and adoption of open standards for the global information society.