What separates those organizations that are cyber resilient and those that aren’t? Accenture’s study tells us
Organizations are spending a lot on their cybersecurity systems, so it makes sense that they think they are well-protected from cyberattacks. And they are getting better at cyber resiliency and preventing direct attacks. It’s the rise of indirect attacks through vendors, contractors and the supply chain, that are causing serious trouble. In fact, a new study from Accenture Security found that fewer than one-fifth of organizations are effectively stopping cyberattacks and finding and fixing breaches fast enough to lower the impact.
However, there are companies who are succeeding at cyber resiliency, and the Accenture Security study looks at the top 17% of their 4,600 respondents who are achieving higher levels of cyber success than their peers. They are the group who have cracked the code, so to speak, and Accenture wanted to look at why these leaders have stood apart from the rest at detecting breaches, mobilizing their response and minimizing damage.
What Cyber Resilient Leaders Do Differently
“Our research proves that attackers have already moved their entry points to weaker targets, such as vendors and other third parties in a company’s supply chain with indirect attacks against weak links in the supply chain accounting for 40% of security breaches,” Ryan LaSalle, North America lead for Accenture Security, noted in an email conversation. “For many businesses, this opens new battlegrounds even before an organization has mastered the fight in its own backyard.”
Leaders are considered high performers in at least three of the following four categories: stopping cyberattacks attacks, finding breaches faster, fixing breaches faster and reducing breach impact. These are the companies most adept at meeting the challenge of finding a balance between the right security investments and both scaling and sustaining them across their business ecosystem.
Why are leaders more cyber resilient in meeting the challenges of moving entry points? According to the study, “Leaders seem able to identify a higher number of direct attacks against them—an average of 239 cyberattacks compared with 166 for non-leaders—while having a much higher success rate in defending against them.” In return, they are seeing on average nine breaches a year, compared to the more than 20 that non-leaders have to deal with.
Leaders also credit certain technologies to assist in cyber resiliency, including next-gen firewalls, security orchestration automation and response (SOAR), privileged access management (PAM) and AI. By deploying these technologies, leaders have higher and faster detection rates and the ability to quickly address threats before they blow up into serious problems. Picking the right technologies and security systems is vital. “If investments in technology don’t hit the mark when it comes to defending against cyberattacks, C-suite executives are not only jeopardizing their operations and finances but their brands and reputations as well,” said LaSalle. And that would move them into the non-leader category, which is where 74% of the respondents fell.
How Non-Leaders Can Become Leaders
The non-leaders can become more like leaders and better handle current and emerging cybersecurity challenges by hitting the following performance targets, LaSalle said. “Through detailed modeling of ‘what-if’ scenarios, we found that by focusing on these targets non-leaders can rise to the challenge.” To meet the challenge, non-leaders should aim to:
- Reduce the number of cyberattacks that result in a security breach from one in eight to one in 27 or better.
- Reduce the average detection time for a security breach from up to seven days or more to less than one day.
- Reduce the average time to remediate a security breach from up to a month or more to 15 days or less.
- Ensure at least four out of five security breaches have no impact or only a minor impact on their company and its stakeholders.
“With that said, targets aren’t the only things to strive for,” he added. “There’s a deliberate process involved on the path to becoming more cyber resilient.” According to the study, what separates leaders from non-leaders are:
- Investing in speed-enabling technologies. Leaders also know which technologies help to achieve a broader level of cybersecurity success by filling gaps in performance.
- Driving value from investments. Leaders scale investments more often (over half of security tools tested end up fully deployed across the organization), and as a result, their security teams are more effective and able to protect more key assets. Leaders also train more, making them faster at discovering and fixing breaches and protecting more key assets, and they collaborate more, improving regulatory alignment.
- Maintaining existing investments. Leaders focus more of their budget allocations on sustaining what they already have. They perform better at the basics: Only 15% of leaders have had more than 500,000 records exposed in the last year, compared to 44% of non-leaders.
Organizations are doing more to push for better cyber resiliency, but most of them can do better, with the right investments and recognizing how to get value from them.