Accenture Survey
Accenture
Survey: One in Three Cyberattacks Result in a Security Breach, Yet Most
Organizations Remain Confident in Their Ability to Protect Themselves
Survey indicates overconfidence may be putting organizations at higher risk for attacks
Survey indicates overconfidence may be putting organizations at higher risk for attacks
by Suman Gupta
Bangalore, Nov. 03, 2016 – A new
security survey from Accenture (NYSE: ACN) finds that in the past twelve
months, roughly one in three targeted attacks resulted in an actual security
breach, which equates to two to three effective attacks per month for the
average company. Still, a majority of security executives (75 percent)
surveyed are confident in their ability to protect their enterprises from
cyberattacks.
In the report titled “Building Confidence: Facing the Cybersecurity Conundrum," Accenture surveyed 2,000 enterprise security practitioners representing companies with annual revenues of $1 billion or more in 15 countries about their perceptions of cyber risks, the effectiveness of current security efforts and the adequacy of existing investments. The survey reveals that the length of time taken to detect these security breaches often compounds the problem, as more than half of executives (51 percent) disclose that it takes months to detect sophisticated breaches, and as many as a third of all successful breaches are not discovered at all by the security team.
“Cyberattacks are a constant operational reality across every industry today and our survey reveals that catching criminal behavior requires more than the best practices and perspectives of the past. There needs to be a fundamentally different approach to security protection starting with identifying and prioritizing key company assets across the entire value chain,” said Kevin Richards, managing director, Accenture Security, North America. “It is also clear that the need for organizations to take a comprehensive end-to-end approach to digital security – one that integrates cyber defense deeply into the enterprise – has never been greater.”
In the report titled “Building Confidence: Facing the Cybersecurity Conundrum," Accenture surveyed 2,000 enterprise security practitioners representing companies with annual revenues of $1 billion or more in 15 countries about their perceptions of cyber risks, the effectiveness of current security efforts and the adequacy of existing investments. The survey reveals that the length of time taken to detect these security breaches often compounds the problem, as more than half of executives (51 percent) disclose that it takes months to detect sophisticated breaches, and as many as a third of all successful breaches are not discovered at all by the security team.
“Cyberattacks are a constant operational reality across every industry today and our survey reveals that catching criminal behavior requires more than the best practices and perspectives of the past. There needs to be a fundamentally different approach to security protection starting with identifying and prioritizing key company assets across the entire value chain,” said Kevin Richards, managing director, Accenture Security, North America. “It is also clear that the need for organizations to take a comprehensive end-to-end approach to digital security – one that integrates cyber defense deeply into the enterprise – has never been greater.”
What has Been Done
in the Past is not Working
Out with the old and in with the new is easier said than done, especially when it comes to embracing new technologies or cyber defense tools.
Out with the old and in with the new is easier said than done, especially when it comes to embracing new technologies or cyber defense tools.
- While survey respondents say internal breaches
have the greatest impact, 58 percent prioritize
heightened capabilities in perimeter-based controls instead of pivoting to
address high-impact internal threats.
- Research findings further show that most
companies do not have effective technology in place to monitor for
cyberattacks and are focused on risks and outcomes that have not kept pace
with the threat.
- Only slightly more than one-third (37percent)
of respondents say they are confident in their ability to perform the
essential activity of monitoring for breaches and only a similar number (36
percent) say the same about minimizing disruptions.
Getting Smarter
about Security Spending
Recent high-profile cyberattacks have driven significant increases in cybersecurity awareness and spending. Yet, the sentiment among those surveyed suggests organizations will continue to pursue the same countermeasures instead of investing in new and different security controls to mitigate threats.
Recent high-profile cyberattacks have driven significant increases in cybersecurity awareness and spending. Yet, the sentiment among those surveyed suggests organizations will continue to pursue the same countermeasures instead of investing in new and different security controls to mitigate threats.
- For example, given extra budget, 44
percent to 54 percent of respondents would
“double down” on their current cybersecurity spending priorities – even
though those investments have not significantly deterred regular and
ongoing breaches.
- These priorities include protecting the
company’s reputation (54 percent), safeguarding company information
(47 percent), and protecting customer data (44 percent).
- Far fewer companies would invest the extra
funds in efforts that would directly affect their bottom line, such as
mitigating against financial losses (28 percent) or investing in
cybersecurity training (17 percent).
Key country highlights from the
report include:
- Overall, it takes longer to spot a breach in
the US and the UK with over a quarter of organizations taking a year or
more to detect a successful attack. (30 percent in the
US; 26 percent in the UK).
- Organizations in France, Australia and the US
are the least confident in their ability to monitor for a breach compared
to the global average.
- Organizations in Germany (52 percent)
and the UK (50 percent) are the most confident in monitoring for
breaches compared to the global average (38 percent).
- Organizations in France spend the most (9.4
percent) of their total IT budget on cybersecurity compared to the
global average of 8.2 percent.
- Organizations in Australia and the US spend
the lowest amount on cybersecurity, as a percent of their total IT budget.
(8 percent in the US; 7.6 percent in
Australia).
Accenture Security helps organizations build
resilience from the inside out, so they can confidently focus on
innovation and growth. Providing next-generation services that span the entire
security lifecycle and protect value chains end-to-end – including
strategy and risk management, cyber defense, digital identity,
application security and managed security services – Accenture helps businesses
around the world defend against known sophisticated threats, and the unknown.
About Accenture :Accenture is a leading global professional services company, providing a broad
range of services and solutions in strategy, consulting, digital, technology
and operations. Combining unmatched experience and specialized skills across
more than 40 industries and all business functions – underpinned by the world’s
largest delivery network – Accenture works at the intersection of business and
technology to help clients improve their performance and create sustainable
value for their stakeholders. With more than 384,000 people serving clients in
more than 120 countries,
Accenture drives innovation to improve the way the
world works and lives. Visit us at www.accenture.com.
Comments
Post a Comment