Though the number of cyber attacks and frauds is going up sharply by the day, the majority of large companies are found to be not well prepared to thwart the attacks.
According to a survey conducted by Accenture, over 55 per cent of large companies are not effectively stopping cyberattacks, finding and fixing breaches quickly, or reducing the impact of breaches. The US-based firm offers professional services with leading capabilities in digital, cloud and security.
The study also reveals that four in five respondents (81 per cent) believe that “staying ahead of attackers is a constant battle and the cost is unsustainable”. Compare this with last year’s 69 per cent of the respondents who shared a similar view.
While 82 per cent of the respondents increased their cybersecurity spending in the last year, the number of successful breaches went up to 270, up by 31 per cent over the previous year. The nature of breaches that were reported includes unauthorised access to data, applications, services, networks and devices.
Also read: Cybersecurity for ‘new India’
Accenture surveyed over 4,700 executives globally, representing companies with annual revenues of at least $1 billion in 23 industries and 18 countries across North and South America, Europe and the Asia Pacific.
The report, titled State of Cyber Security Resilience 2021 study, explored the extent to which organisations prioritised security, the effectiveness of current security efforts, and how their security investments are performing.
“From run-of-the-mill cybercriminals to sophisticated nation-state actors, cyber adversaries are getting more resourceful at finding new ways to carry out their attacks,” Kelly Bissell, who leads Accenture Security globally, said. “Our analysis reveals that organisations too often focus solely on business outcomes at the expense of cyber security, creating greater risk,” Bissel said.
“While getting the balance right isn’t easy, those who have a clear view of the threat landscape and a strong alignment on business priorities and outcomes achieve greater levels of cyber resilience,” the study said. The report highlights the need to extend cyber security efforts beyond a company’s walls to its entire ecosystem as breaches can happen through the supply chain.
Though two-thirds (67 per cent) of organisations believe that their ecosystem is secure, indirect attacks accounted for 61 per cent of all cyberattacks this past year, up from 44 per cent over the year before.
Interestingly, the study found that a small group of companies had not only excelled at cyber resilience but also aligned it with their business strategies to achieve better business outcomes and return on cyber security investments.
Also read: Tech support scams continue to remain one of the top phishing threats: Report
“Spending more on cyber security without being closely aligned to the business doesn’t make your organisation safer,” Jacky Fox, group technology officer at Accenture Security, said.
“When it comes to managing cyber risks, organisations can’t afford to lean one way or the other. To achieve sustained and measurable cyber resilience, chief information security officers need to move away from security-focused silos so they can collaborate with the right executives in their organisation to gain a 360-degree view of the business risks and priorities,” the executive said.
To define four levels of cyber resilience, an analysis was conducted on a sample subset of 3,455 organisations, with Cyber Champions accounting for 5 per cent of those. The study was fielded from March to April 2021.