Less than a fifth of organizations are effectively stopping cyberattacks
Just 17 percent of organizations worldwide are considered 'leaders' in cyber resilience, meaning under a fifth are effectively stopping cyberattacks and finding and fixing breaches fast enough to lower the impact, according to a new report from Accenture.
Based on a survey of more than 4,600 enterprise security practitioners, Accenture's report looks at how businesses prioritize security, the effectiveness of their current security efforts, and the impact of new security-related investments.
Leaders are characterized as among the highest performers in at least three of four categories: stopping more attacks, finding breaches faster, fixing breaches faster and reducing breach impact. The study identifies a second group, making up 74 percent of respondents, classed as 'non-leaders' -- these are only average performers in terms of cyber resilience.
Leaders are four times more likely than non-leaders to detect a breach in less than a day (88 percent vs 22 percent). And when defenses fail, nearly all (96 percent) of leaders fix breaches in 15 days or less, on average, whereas nearly two-thirds (64 percent) of non-leaders take 16 days or longer -- with nearly half of those taking more than a month.
"Our analysis identifies a group of standout organizations that appear to have cracked the code of cybersecurity when it comes to best practices," says Kelly Bissell, who leads Accenture Security globally. "Leaders in our survey are far quicker at detecting a breach, mobilizing their response, minimizing the damage and getting operations back to normal."
Significant differences between leaders and non-leader include that leaders focus more of their budget allocations on sustaining what they already have, whereas the non-leaders place significantly more emphasis on piloting and scaling new capabilities. Leaders are nearly three times less likely to have had more than 500,000 customer records exposed through cyberattacks in the last 12 months (15 percent compared to 44 percent). Also leaders are more than three times as likely to provide users of security tools with the required training for those tools (30 percent compared to nine percent).
In addition the findings show 83 percent believe that organizations need to think beyond securing just their own enterprises and take better steps to secure their vendor ecosystems. "The sizable number of vendor relationships that most organizations have poses a significant challenge to their ability to monitor that business ecosystem," Bissell adds. "Yet, given the large percentage of breaches that originate in an organization's supply chain, companies need to ensure that their cyber defenses stretch beyond their own walls."
You can read more and get the full report on the Accenture site.
Photo Credit: Kostenko Maxim/Shutterstock