How resilient are companies to the waves of cyber attacks? This is what the study “State of Cybersecurity Resilience 2021” by Accenture tries to answer and points out shortcomings. […]
More than half, namely 55 percent, of large companies are not able to quickly identify cyberattacks, effectively combat them or limit their impact in a short time. This is one of the key messages of the current survey “State of Cybersecurity Resilience 2021” by the consulting company Accenture, which is based on the survey of more than 4700 executives worldwide.
In addition, it was examined to what extent companies attach great importance to the topic of cybersecurity, how effective the current security measures are and how their investments in defense and security measures are developing.
More attacks despite higher cybersecurity budgets
Four out of five respondents (81 percent) believe that it is a constant race to be one step ahead of the attackers, which in turn drives the costs to unsustainable heights. At the same time, 82 percent of respondents increased their spending on cybersecurity in the past year. Nevertheless, the number of successful cyber attacks – which include unauthorized access to data, applications, services, networks or devices – has increased by 31 percent compared to the previous year to an average of 270 per company.«
Our study shows that companies are rightly focusing on their business results, but unfortunately often neglect the sustainable protection of the same by still not taking a holistic and proactive approach to cybersecurity,” notes Uwe Kissmann, Managing Director Cyber Defence Services Accenture EMEA. “Only those companies that have a clear overview of the threat landscape and consistently align their security with their business goals and results will also achieve a higher level of cyber resilience,” he concludes from the study.
The entire corporate ecosystem must be protected
The study also makes it clear that cybersecurity measures must take place not only within one’s own company, but also in the entire ecosystem within which the company operates, as indirect attacks – e.g. successful attacks on a company via the supply chain – continue to increase. Although two-thirds (67 percent) of companies believe that their ecosystem is secure, indirect attacks actually accounted for 61 percent of all cyber attacks last year. In the previous year, it was only 44 percent.
“The days of purely security-oriented silos are over,” says Uwe Kissmann, Managing Director Cyber Defence Services at Accenture EMEA (c) Accenture
The study also identified a small group of companies that are not only characterized by their cyber resilience, but also adapt their business strategy to achieve better results and a higher profitability of their cyber security investments. These “cyber champions” are mainly found in the insurance, telecommunications and high-tech companies as well as the retail trade sectors.
The anatomy of the “Cyber Champions”
According to Accenture’s cyber resilience report, “cyber champions” have a much higher probability of success compared to other companies
- achieving a balance between cybersecurity and business objectives,
- to report to the CEO/the Board and thus establish a much closer relationship with the company and the CFO,
- to be in close contact with CEOs and CFOs in the development of your company’s cybersecurity strategy,
- protect your company from data loss,
- Integrate security aspects into your cloud initiatives and
- review the maturity of your cybersecurity program at least once a year.
“Increased investment in cybersecurity alone will not make the organization safer. They must be closely aligned with their own business processes,” says Kissmann. “The days of purely security-oriented silos are over: if sustainable and measurable cyber resilience is to be achieved, the relevant decision-makers within your company must work together. This is the only way to get the necessary all-round view of business risks and priorities,” is his conclusion.