55 percent of large companies are not effectively stopping cyber attacks, finding and fixing breaches quickly, or reducing the impact of breaches, according to a new research study from Accenture.
Based on a survey of more than 4,700 executives globally, Accenture’s State of Cybersecurity Resilience 2021 study explores the extent to which organizations prioritize security, the effectiveness of current security efforts, and how their security investments are performing.
The study also reveals that four in five respondents (81 percent) believe that “staying ahead of attackers is a constant battle and the cost is unsustainable” — an increase from 69 percent in last year’s survey. At the same time, while 82 percent of survey respondents increased their cyber security spending this past year, the number of successful breaches — which include unauthorized access to data, applications, services, networks or devices — jumped 31 percent over the previous year, to 270 per company, on average.
The report highlights the need to extend cyber security efforts beyond a company’s own walls to its entire ecosystem, noting that indirect attacks — i.e., successful breaches to an organization through the supply chain — continue to grow. For instance, despite two-thirds (67 percent) of organizations believing that their ecosystem is secure, indirect attacks accounted for 61 percent of all cyber attacks this past year, up from 44 percent the prior year.
Additionally, the research identified a small group of companies that not only excel at cyber resilience, but also align with the business strategy to achieve better business outcomes and return on cyber security investments. Compared with other organizations, these ‘Cyber Champions’, as Accenture refers to them, are far more likely to:
- Strike a balance between cyber security and business objectives;
- Report to the CEO and board of directors and demonstrate a far closer relationship with the business and CFO;
- Consult often with CEOs and CFOs when developing their organization’s cyber security strategy;
- Protect their organization from loss of data;
- Embed security into their cloud initiatives; and
- Measure the maturity of their cyber security program at least annually.
Accenture Research surveyed 4,744 executives representing companies with annual revenues of at least US$1 billion in 23 industries and 18 countries across North and South America, Europe and Asia Pacific. To define four levels of cyber resilience, an analysis was conducted on a sample subset of 3,455 organizations, with Cyber Champions accounting for 5 percent of those. The study was fielded from March to April 2021.