Research on Security Resilience Finds Cyber Champions Lead the Way

Accenture’s annual State of Cybersecurity Resilience finds while attacks are up, “Cyber Champions” have better security defenses against criminals

Cyber resilience landscape

It continues to be a difficult landscape for cyber defenders – both globally and in the United Kingdom. Attack attempts in the last year are up, but hearteningly, so is investment in security. And breach attempts are being thwarted by defenders more effectively.

That’s according to Accenture’s annual State of Cybersecurity Resilience 2021, which surveyed 4,744 global respondents around the current state of cybersecurity. A majority (81%) of global business executives said that “staying ahead of attackers is a constant battle and the cost is unsustainable.”

Respondents experienced a 32% increase over 2020 in the number of successful cyber attacks, while some attacks, such as ransomware, have seen a much higher increase. Overall, global organisations saw an average of 270 attacks (unauthorised access of data, apps, services, networks, or devices) per company over the year.

Other dominating risk factors referenced globally include third-party risk. As the SolarWinds breach of 2020 revealed, supply chain risks are a significant threat. The research finds successful breaches to the organisation through the supply chain increased from 44% to 61% in the last year.

Security leaders globally also continue to grapple with cloud and cloud security. Despite most respondents believing in secure cloud, 32% say security is not part of the cloud discussion from the outset and they’re trying to catch up. The reasons revolve around security issues: poor governance and compliance, cloud security is too complex, and a lack of internal skills to structure a cloud security framework.

Levels of Cyber Resilience Place “Cyber Champions” On Top

The report also identified various levels of cyber resilience among respondents. The group known as Cyber Champions – organisations that strike a balance, not only excelling at cyber resilience, but also aligning with the business strategy to achieve better business outcomes – stand out from the pack.

A summary of the findings indicates Cyber Champions are successful in at least three out of four cyber resilience performance criteria: better at stopping attacks, finding and fixing breaches faster, and reducing their impact. 

The number of successful breaches experienced by Cyber Champions is lower than all other types of respondents in the survey. They also experience the fewest significant attacks.  The report finds Cyber Champions have a speedier response to detection and remediation—a day extra of being fully operational can make all the difference to the bottom line. Overall, the better able to protect themselves from loss of data—only about 4% of Cyber Champions lose more than 500,000 records.

What does it take to be a Cyber Champion? This group is far more likely to:

  • Report to the CEO and board of directors and demonstrate a far closer relationship with the business and CFO;
  • Consult often with CEOs and CFOs when developing their organisation’s cybersecurity strategy;
  • Protect their organisation from loss of data;
  • Embed security into their cloud initiatives; and
  • Measure the maturity of their cybersecurity program at least annually.

Accenture researchers make several recommendations for becoming a Cyber Champion.

  • Give CISOs a seat at the top table – The report recommends CISOs move away from security- focused silos and collaborate with the right executives to understand business risks and priorities. The report finds reporting structure and collaboration is important here. Around 70% of the group report to the CEO and Board and they demonstrate a far closer relationship with the CFO. And Cyber Champions tap into these relationships when it comes to defining the strategy. They consult most with CEOs (51%) and CFOs (49%) when developing their organisation’s cybersecurity strategy— almost twice as much as the Business Blockers.

    When it comes to budget authorization, only 19% of Cyber Champions have their budgets authorized by the CEO or Board, compared to 23% for Business Blockers and 39% for Cyber Risk Takers.
  • Be threat-centric and business aligned – Cyber Champions, according to the report, understand the importance of balancing security and the business—they measure and monitor often to continuously improve their security function and enable the business to manage risk. Nearly 90% of Cyber Champions measure the maturity of their cybersecurity program at least annually or more frequently.

  • Get the most out of secure cloud – Lastly, the report suggests that organisations strive to ensure security be embedded consistently in the cloud, versus tacking on security at the end of the cloud-first journey. When moving to the cloud, organisations should seize the opportunity to reset their security posture, earlier and more effectively. Most Cyber Champions (83%) say that security is a major consideration when moving operations to the cloud versus 70% of the overall sample.

The Bottom Line

While the attack landscape continues to worsen, the Accenture annual State of Cybersecurity Resilience also uncovers best practices among Cyber Champions that are having a demonstrable effect on security and risk mitigation outcomes. By aligning security with the businesses and looking to internal security leaders to be autonomous and collaborative leaders, organisations can ramp up their own security strategy and emerge ahead of the pack as Cyber Champions.

Learn more about becoming a Cyber Champion and read the full State of Cybersecurity Resilience report by visiting Accenture today.

Copyright © 2022 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)