How (Un)Lucky are You? One in Three Cyberattacks Result in a Security Breach
One in three targeted cyberattacks over the past 12 months results in a security breach, according a new survey from Accenture.
Despite this alarming number of incidents, 75 percent of respondents were “confident” they were doing the right things with their security strategies, and a similar number said security is “completely embedded” in their cultures, with support from the highest-level executives. Disconnect between the number of incidents and feeling confident about security strategies, according to Accenture, highlights the need for a “reboot” and for companies to “embrace an end-to-end approach to recognizing threats and minimizing exposure.
In the report titled "Building Confidence: Facing the Cybersecurity Conundrum," Accenture surveyed 2,000 enterprise security practitioners representing companies with annual revenues of $1 billion or more in 15 countries about their perceptions of cyber risks, the effectiveness of current security efforts and the adequacy of existing investments. The survey reveals that the length of time taken to detect these security breaches often compounds the problem, as more than half of executives (51 percent) disclose that it takes months to detect sophisticated breaches, and as many as a third of all successful breaches are not discovered at all by the security team.
“Cyberattacks are a constant operational reality across every industry today and our survey reveals that catching criminal behavior requires more than the best practices and perspectives of the past,” said Kevin Richards, managing director, Accenture Security, North America. “There needs to be a fundamentally different approach to security protection starting with identifying and prioritizing key company assets across the entire value chain. It is also clear that the need for organizations to take a comprehensive end-to-end approach to digital security—one that integrates cyber defense deeply into the enterprise—has never been greater.”
Additionally, the survey found that internal security teams discover only 65 percent of effective breaches, with employees, law enforcement and “white hats” (e.g., “ethical” hackers) finding most of the rest.
Part of the security challenge is prioritizing where to focus resources to effectively protect the organization. More than 50 percent of survey respondents say internal breaches made by malicious insiders have the greatest cybersecurity impact. Even so, two out of three respondents say they lack confidence in their organizations’ abilities to monitor internally for breach activities.