November 03, 2021
More than Half of Organizations Not Effectively Defending Against Cyberattacks, According to Accenture Study
State of Cyber Resilience report reveals key traits of leaders in cyber resilience
NEW YORK; Nov. 3, 2021 – More than half (55%) of large companies are not effectively stopping cyberattacks, finding and fixing breaches quickly, or reducing the impact of breaches, according to a new research study from Accenture (NYSE: ACN).
Based on a survey of more than 4,700 executives globally, Accenture’s State of Cybersecurity Resilience 2021 study explores the extent to which organizations prioritize security, the effectiveness of current security efforts, and how their security investments are performing.
The study also reveals that four in five respondents (81%) believe that “staying ahead of attackers is a constant battle and the cost is unsustainable” — an increase from 69% in last year’s survey. At the same time, while 82% of survey respondents increased their cybersecurity spending this past year, the number of successful breaches — which include unauthorized access to data, applications, services, networks or devices — jumped 31% over the previous year, to 270 per company, on average.
“From run-of-the-mill cybercriminals to sophisticated nation-state actors, cyber adversaries are getting more resourceful at finding new ways to carry out their attacks,” said Kelly Bissell, who leads Accenture Security globally. “Our analysis reveals that organizations too often focus solely on business outcomes at the expense of cybersecurity, creating greater risk. While getting the balance right isn’t easy, those who have a clear view of the threat landscape and a strong alignment on business priorities and outcomes achieve greater levels of cyber resilience.”
The report highlights the need to extend cybersecurity efforts beyond a company’s own walls to its entire ecosystem, noting that indirect attacks — i.e., successful breaches to an organization through the supply chain — continue to grow. For instance, despite two-thirds (67%) of organizations believing that their ecosystem is secure, indirect attacks accounted for 61% of all cyberattacks this past year, up from 44% the prior year.
Additionally, the research identified a small group of companies that not only excel at cyber resilience, but also align with the business strategy to achieve better business outcomes and return on cybersecurity investments. Compared with other organizations, these “Cyber Champions,” as Accenture refers to them, are far more likely to:
- strike a balance between cybersecurity and business objectives;
- report to the CEO and board of directors and demonstrate a far closer relationship with the business and CFO;
- consult often with CEOs and CFOs when developing their organization’s cybersecurity strategy;
- protect their organization from loss of data;
- embed security into their cloud initiatives; and
- measure the maturity of their cybersecurity program at least annually.
“Spending more on cybersecurity without being closely aligned to the business doesn’t make your organization safer,” said Jacky Fox, group technology officer at Accenture Security. “When it comes to managing cyber risks, organizations can’t afford to lean one way or the other. To achieve sustained and measurable cyber resilience, chief information security officers need to move away from security-focused silos so they can collaborate with the right executives in their organization to gain a 360-degree view of the business risks and priorities.”
To learn more about the research, download the State of Cybersecurity Resilience 2021 report here.
Methodology
Accenture Research surveyed 4,744 executives representing companies with annual revenues of at least US$1 billion in 23 industries and 18 countries across North and South America, Europe and Asia Pacific. To define four levels of cyber resilience, an analysis was conducted on a sample subset of 3,455 organizations, with Cyber Champions accounting for 5% of those. The study was fielded from March to April 2021.
About Accenture
Accenture is a global professional services company with leading capabilities in digital, cloud and security. Combining unmatched experience and specialized skills across more than 40 industries, we offer Strategy and Consulting, Interactive, Technology and Operations services — all powered by the world’s largest network of Advanced Technology and Intelligent Operations centers. Our 624,000 people deliver on the promise of technology and human ingenuity every day, serving clients in more than 120 countries. We embrace the power of change to create value and shared success for our clients, people, shareholders, partners and communities. Visit us at www.accenture.com.
Accenture Security is a leading provider of end-to-end cybersecurity services, including advanced cyber defense, applied cybersecurity solutions and managed security operations. We bring security innovation, coupled with global scale and a worldwide delivery capability through our network of Advanced Technology and Intelligent Operations centers. Helped by our team of highly skilled professionals, we enable clients to innovate safely, build cyber resilience and grow with confidence. Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.
Copyright © 2021 Accenture. All rights reserved. Accenture, and its logo are trademarks of Accenture.
# # #
Contact:
Alison Geib
Accenture
+1 703 947 4404
alison.geib@accenture.com
Denise Berard
Accenture
+1 617 488 3611
denise.berard@accenture.com