Study: Only 17% of organizations are considered ‘leaders’ in cybersecurity strategy

The heightened awareness of cybersecurity does not necessarily translate into action, as evidenced by the recent study of global professional services company Accenture titled “Accenture’s Third Annual State of Cyber Resilience,” which surveyed over 4,600 enterprise security practitioners around the world.

Accenture Research surveyed (from April to May 2019) executives across 16 countries across the Asia Pacific, Europe, and North and South America from companies with annual revenues of at least $1 billion in 24 industries. About 98% of the respondents were the sole or key decision-maker with regard to the organization’s cybersecurity strategy and spending.

“Our analysis identifies a group of standout organizations that appear to have cracked the code of cybersecurity when it comes to best practices,” said Kelly Bissell, who leads Accenture Security globally, in the study.

“Leaders in our survey are far quicker at detecting a breach, mobilizing their response, minimizing the damage and getting operations back to normal.”

– Kelly Bissell, Accenture Security

Have you read “Study: Early adopter firms outpace others in revenue growth”?

Cybersecurity strategy

“Leaders” as defined in the study are those who have a clear-cut cybersecurity strategy, which includes stopping more attacks, finding and fixing breaches faster, and reducing breach impact. The second group, 74%, are classified as non-leaders or ” average performers in terms of cyber resilience but far from being laggards.”

According to the study, leaders (88%) were “four times more likely” than non-leaders (22%) to detect a breach in less than one day. The leaders also show to be more proactive in engaging users with 30% providing them with security tools and training as opposed to only 9% of non-leaders.

Accenture Security Cybersecurity Leaders

The leaders exhibit more of their cybersecurity resilience with 4 in 5 respondents (83%) who adopted the mindset of securing not only their assets but also of the whole vendor ecosystems. This confirms another plus factor of leaders, which is prioritizing budget allocations (which is a common problem among security officers) to sustain existing cybersecurity strategy and assets. Non-leaders, on the other hand, are focused on piloting and scaling new capabilities.

Vendor relationships

What  is even more encouraging in having leaders in the organization is the fact that they “were nearly three times less likely to have had more than 500,000 customer records exposed through cyberattacks in the last 12 months (15% vs 44%).”

“The sizable number of vendor relationships that most organizations have poses a significant challenge to their ability to monitor that business ecosystem,” Bissell said. “Yet, given the large percentage of breaches that originate in an organization’s supply chain, companies need to ensure that their cyber defenses stretch beyond their own walls.” #