New Accenture survey finds fewer than one-third of CISOs and business leaders collaborate on a cybersecurity plan and budget
NEW YORK; July 10, 2018 – With the proliferation of more and more sensitive data, expanding connectivity, and the adoption of automated processes, new research from Accenture (NYSE: ACN) reveals that C-suite and IT decision makers need to embrace a different approach to cybersecurity to effectively protect against future cyber risks. While most companies have a chief information security officer (CISO) or assigned cybersecurity to a C-suite executive, such as a chief information officer (CIO), often, these leaders have limited influence on cybersecurity strategy outside their departments. Additionally, nearly half of CISOs acknowledge that their responsibilities for securing the organization are growing faster than their ability to address security issues.
In the study “Securing the Future Enterprise Today - 2018," 73 percent of the more than 1,400 C-level executives polled agreed that cybersecurity staff and activities need to be dispersed throughout all parts of the organization, but cybersecurity remains centralized in 74 percent of companies. Moreover, there is little indication that C-suite executives expect to shift more responsibility for cybersecurity to business units. For example, 25 percent of non-CISO executives say business unit leaders are accountable for cybersecurity today and a similar number believe business unit leaders should be responsible in the future.
“There is no doubt that organizations are taking cybersecurity more seriously, however, there is still much work to be done. Cybersecurity strategy needs to be led by the board, executed by the C-Suite and owned at the front lines of the organization. Further, it must be infused across all aspects of a company’s processes and systems, and built into the daily work activities of employees,” said Omar Abbosh, Accenture’s chief strategy officer. “To be able to grow safely, companies can establish sustained cyber resilience through a continual, proactive focus on cyber risk management at all levels.”
Better Alignment Needed on Strategy and Protection Practices
The study exposed a disparity between what C-suite executives say are the emerging areas of concern and the cybersecurity strategies employed for protection. For example, companies are still doing little to spread security knowledge among employees and very few CISOs have the authority to influence business units across their organizations.
- Only half of respondents said all employees receive cybersecurity training upon joining the organization and have regular awareness training throughout employment.
- Surprisingly, only 40 percent of CISOs said establishing or expanding an insider threat program is a high priority.
- Just 40 percent of CISOs said they always confer with business-unit leaders to understand the business before proposing a security approach.
- Internet of Things technology topped the list with 77 percent of respondents saying that it will increase cyber risk moderately or significantly.
- Seventy-four percent of respondents said cloud services will raise cyber risk, but only 44 percent said that cloud technology is protected by their cybersecurity strategy.
- More than seventy percent of respondents expect sharing data with strategic partners and third parties will raise risk, yet only 39 percent said that the data exchanged is adequately protected by their cybersecurity strategy.
About the Research
From March to April 2018, Accenture Research surveyed 1,460 executives to understand the extent to which organizations prioritize security in new business initiatives, whether their security plans address future business needs, what security capabilities they have, and their level of internal and external collaboration on security. These executives represent companies with annual revenues of US$1 billion or more from 14 industries and 16 countries across North and South America, Europe and Asia Pacific. Half of respondents were Chief Information Security Officer or equivalent roles, while remaining half were CEOs or other C-suite executives.
Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions – underpinned by the world’s largest delivery network – Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With 449,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com.
Accenture Security helps organizations build resilience from the inside out, so they can confidently focus on innovation and growth. Leveraging its global network of cybersecurity labs, deep industry understanding across client value chains and services that span the security lifecycle, Accenture helps organizations protect their valuable assets, end-to-end. With services that include strategy and risk management, cyber defense, digital identity, application security and managed security, Accenture enables businesses around the world to defend against known sophisticated threats, and the unknown. Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.
+1 703 947 4404
Copyright © 2018 Accenture. All rights reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture.