Report: More than half of organizations do not effectively defend against cyberattacks

Image: Virgiliu Obada/Shutterstock

More than fractional (55%) of ample companies are not efficaciously stopping cyberattacks, uncovering and fixing breaches rapidly oregon reducing the interaction of breaches, according to a caller probe survey from Accenture.

SEE: Security incidental effect policy (TechRepublic Premium)

Accenture's State of Cybersecurity Resilience 2021 survey explored the grade to which organizations prioritize security, the effectiveness of existent information efforts and however their information investments are performing. The pandemic served arsenic "a breeding crushed for caller attacks,'' according to the study, which was based connected a survey of much than 4,700 executives globally.

There were connected mean 270 attacks per institution implicit the year, an summation of 31% compared with 2020, the Accenture survey said. 

"From run-of-the-mill cybercriminals to blase nation-state actors, cyber adversaries are getting much resourceful astatine uncovering caller ways to transportation retired their attacks," said Kelly Bissell, who leads Accenture Security globally, successful a statement. "Our investigation reveals that organizations excessively often absorption solely connected concern outcomes astatine the disbursal of cybersecurity, creating greater risk."

While getting the equilibrium close isn't easy, Bissell added, radical who person a wide presumption of the menace scenery and a beardown alignment connected concern priorities and outcomes execute greater levels of cyber resilience.

Battling cyberattackers remains a challenge

The survey besides revealed that 4 successful 5 respondents (81%) judge that "staying up of attackers is simply a changeless battle, and the outgo is unsustainable," an summation from 69% successful past year's survey. 

At the aforesaid time, portion 82% of survey respondents said they accrued their cybersecurity spending this past year, the fig of palmy breaches—which see unauthorized entree to data, applications, services, networks oregon devices—jumped 31% implicit the erstwhile year, to 270 per company, connected average.

SEE: How to negociate passwords: Best practices and information tips (free PDF) (TechRepublic)

The study highlights the request to widen cybersecurity efforts beyond a company's ain walls to its full ecosystem, noting that indirect attacks specified arsenic palmy breaches to an enactment done the proviso chain—continue to grow. For instance, contempt two-thirds (67%) of organizations saying they believed that their ecosystem is secure, indirect attacks accounted for 61% of each cyberattacks this past year, up from 44% the anterior year, according to the study.

How to go a "cyber champion"

Additionally, the probe identified a tiny radical of companies that Accenture said not lone excel astatine cyber resilience but besides align with the concern strategy to execute amended concern outcomes and instrumentality connected cybersecurity investments. Compared with different organizations, these alleged "cyber champions" are acold much apt to:

• strike a equilibrium betwixt cybersecurity and concern objectives
• report to the CEO and committee of directors and show a acold person narration with the concern and CFO
• consult often with CEOs and CFOs erstwhile processing their organization's cybersecurity strategy
• protect their enactment from nonaccomplishment of data
• embed information into their unreality initiatives
• measure the maturity of their cybersecurity programme astatine slightest annually.

Organizations basal to trim the outgo of breaches by 48% to 71% if they summation their show to cyber champion levels, the survey said.

There are 3 measures executives tin instrumentality to marque their organizations go much similar cyber champions: springiness CISOs a spot astatine the apical table, beryllium threat-centric and business-aligned, and get the astir retired of a unafraid cloud, according to the study.

Spending much connected cybersecurity without being intimately aligned to the concern doesn't marque an enactment safer, noted Jacky Fox, radical exertion serviceman astatine Accenture Security. "When it comes to managing cyber risks, organizations can't spend to thin 1 mode oregon the other.''

To execute sustained and measurable cyber resilience, CISOs "need to determination distant from security-focused silos truthful they tin collaborate with the close executives successful their organizations to summation a 360-degree presumption of the concern risks and priorities," Fox said.

Accenture Research surveyed 4,744 executives representing companies with yearly revenues of astatine slightest $1 cardinal successful 23 industries and 18 countries crossed North and South America, Europe and Asia Pacific. To specify 4 levels of cyber resilience, the steadfast said it conducted an investigation connected a illustration subset of 3,455 organizations, with cyber champions accounting for 5% of those. The survey was fielded from March to April 2021.

Also see

• Working astatine a harmless distance, safely: Remote enactment astatine concern sites brings other cyber risk (TechRepublic)
• Cybersecurity: Don't blasted employees—make them consciousness similar portion of the solution (TechRepublic)
• How to go a cybersecurity pro: A cheat sheet (TechRepublic)
• Security threats connected the horizon: What IT pro's request to cognize (free PDF) (TechRepublic)
• Checklist: Securing integer information (TechRepublic Premium)
• Cybersecurity and cyberwar: More must-read coverage (TechRepublic connected Flipboard)