More than half of large companies, that is 55%, fail to respond effectively to cyberattacks, as they do not detect and deal with breaches quickly or limit their impact, according to a new Accenture study.
Based on a global survey of more than 4,700 executives, Accenture’s State of Cybersecurity Resilience 2021 study explores the extent to which organizations prioritize safety, the effectiveness of their actions and the return on their investments in this field.
Specifically, 81% of respondents say that “being one step ahead of cybercriminals is a constant battle and the cost is unsustainable,” compared to 69% from last year’s study. At the same time, while 82% of respondents increased their cybersecurity spending last year, the number of breaches – including unauthorized access to data, applications, services, networks or devices – increased by 31% compared to the previous year and amounted to an average of 270 per company.
“Cybercriminals are constantly getting better at finding new ways of attacking.Our analysis reveals that organizations too often focus solely on business results by putting cybersecurity in second place, which increases risk. While finding the right balance is not an easy task, those with a clear picture of potential threats and strong alignment with business priorities achieve greater levels of cyber resilience.”, stated Kostas Kampossioras, head of Accenture’s Technology Division in Greece.
The report also underlines the need to extend cybersecurity initiatives beyond the narrow walls of an organisation across its ecosystem since indirect attacks – that is, breaches into an organisation through its value chain – continue to increase. For example, despite the fact that 67% of organizations consider their ecosystem to be safe, indirect attacks accounted for 61% of all cyberattacks last year compared to 44% a year ago.
In addition, the research identified a small group of companies that excel in cybersecurity issues while aligning their business strategy to achieve better results and a greater return on their security investments. Compared to other organizations, these companies, the “Cyber Champions”, as Accenture calls them, are much more likely to achieve a balance between cybersecurity and business objectives, have CISOs, that report directly to the CEO and the Board of Directors and maintain a much closer relationship with the operational divisions and the CFO.Also, consult the CEO and CFO frequently as they develop their organization’s cybersecurity strategy and protect their body from data loss.Additionally, they integrate security into their cloud initiatives and assess the maturity of the cybersecurity programme at least annually.
“Greater cybersecurity spending without the necessary alignment with business goals and segments does not imply greater security,” said Konstantinos Vouzoplis, head of Accenture’s Cybersecurity Division in Greece. “CISOs need to move away from safety-focused silos so they can work with the right executives in their organization to gain a holistic view of business.