A new security survey from Accenture finds that in the past twelve months, roughly one in four targeted attacks resulted in an actual security breach, which equates to two to three effective attacks per month for the average company. Still, a majority of security executives (77 percent) surveyed are confident in their ability to protect their enterprises from cyberattacks.
In the report titled “Building Confidence: Facing the Cybersecurity Conundrum," Accenture surveyed 2,000 enterprise security practitioners representing companies with annual revenues of $1 billion or more in 15 countries – including Singapore – about their perceptions of cyber risks, the effectiveness of current security efforts and the adequacy of existing investments.
The survey reveals that close to half of Singaporean companies’ security teams surveyed (45 percent) discovered between 61 to 70 percent of breach attempts.
“Cyberattacks are becoming an operational reality across industries and types of organizations, and our survey shows that detecting criminal behavior, internally or externally, and overcoming threats requires more than just relying on existing strategies and investments. Organizations in Singapore need to improve the alignment of their cybersecurity plans with business imperatives,” said Joshua Kennedy-White,
Asia-Pacific Lead for Accenture Security. “To grow confidently, businesses need to identify areas of strategic importance and risks, embark on a comprehensive end-to-end digital security approach, and invest both commitment and funds to integrate cyber defence deeply into the enterprise.”
What has Been Done in the Past is not Working
Out with the old and in with the new is easier said than done, especially when it comes to embracing new technologies or cyber defence tools. Compared to the global average, Singaporean companies are more confident in their ability to secure the enterprise.
While survey respondents say internal breaches have the greatest impact, 44 percent prioritize heightened capabilities in perimeter-based controls instead of pivoting to address high-impact internal threats.
Three-fifths (60 percent) of Singapore respondents are most confident in measuring the impact of a breach, as compared to the global average of 47 percent.
Only 44 percent of Singapore respondents say they are confident in their ability to perform the essential activity of monitoring for breaches, as compared to the global average of 37 percent, and a similar number (38 percent) say the same about minimizing disruptions.
Getting Smarter about Security Spending
Recent high-profile cyberattacks have driven significant increases in cybersecurity awareness and spending. Yet, the sentiment among those surveyed suggests organizations will continue to pursue the same countermeasures instead of investing in new and different security controls to mitigate threats.
For example, given extra budget, 41 percent to 52 percent of Singapore respondents would “double down” on their current cybersecurity spending priorities – even though those investments have not significantly deterred regular and ongoing breaches.
These priorities include protecting the company’s reputation (52 percent), safeguarding company information (48 percent), and protecting customer data (41 percent).
Far fewer companies would invest the extra funds in efforts that would directly affect their bottom line, such as mitigating against financial losses (31 percent) or investing in cybersecurity training (8 percent).
Key Singapore highlights from the report include:
In Singapore, 23 percent of organizations take up to a year or more to detect a successful attack. This is slightly less time than it took in the US and the UK, where over a quarter of organizations take up to a year or more to detect a successful breach. (30 percent in the US; 26 percent in the UK).
Cybersecurity strategies among businesses in Singapore (35 percent) focus less on protecting customer information than the global average (49 percent).
The average total IT budget on cybersecurity among organizations in Singapore (8.3 percent) is comparable with the global average (8.2 percent). Companies in France spend the most (9.4 percent). Businesses in the US (8 percent) and Australia (7.6 percent) spend the least.
About a third (30 percent) of organizations in Singapore plan to increase their cybersecurity investment “significantly (2 times or more)” in the next three years, as compared to the global average of 16 percent.
Organizations in the UK (50 percent) and Singapore (44 percent) are the most confident in monitoring for breaches compared to the global average (38 percent).