With the frequency and scope of serious cyberattacks on the rise, nearly three quarters of organizations (73 percent) globally cannot identify and fully protect their corporate high-value assets and processes, finds a new analysis from Accenture.
According to the newly released Accenture Security Index, only one in three organizations (34 percent) have the ability needed to monitor for threats to critical parts of their business.
“A turning point has been reached for cybersecurity. While organizations have improved their security over the last few years, progress has not kept pace with the sophistication of highly motivated attackers, said Kelly Bissell, managing director of Accenture Security. “A new approach is clearly needed. One that protects the organization from the inside out and across the entire industry value chain—from the wellhead to the oil pump. And the start of this must be a new, more comprehensive definition of what constitutes cybersecurity success based on impact to the business.”
To gauge the effectiveness of current enterprise security efforts and the adequacy of their existing investments, Accenture surveyed 2,000 top enterprise security practitioners representing companies with annual revenues of $1 billion or more. The results of this survey were analyzed in collaboration with Oxford Economics to develop the Accenture Security Index, which aggregates scores across 15 countries and 12 industries, providing the ability to compare the relative strength of all organizations to protect themselves from cyberattacks. The index is based on a comprehensive model measuring 33 specific cybersecurity capabilities. It provides a new benchmark to determine what high performance security looks like and what it takes for organizations to establish cybersecurity success.
Globally, the average organization has high performance in 11 of the 33 cybersecurity capabilities analyzed. At the top end of the scale, only 9 percent of organizations managed to achieve high performance in more than 25 of the 33 cybersecurity capabilities.
A Surprising Degree of Variation in Industry-Level Performance
- Communication companies have the highest performance in 11 capabilities including the protection and recovery of key assets (49 percent) and monitoring for business-relevant threats (47 percent).
- Banking organizations have highest performance in eight capabilities including “what-if” threat analysis (47 percent) and third-party cybersecurity in their extended business ecosystem (44 percent).
- High technology companies rank highest in seven capabilities including the ability to create a security-minded culture (54 percent) and recovering from cyber incidents (48 percent).
- Life Sciences organizations are bringing up the rear with an overall ranking of only 19 percent, meaning organizations exhibited high performance in only six capabilities on average.
- Life Sciences also rank lowest in all but one of the 33 cybersecurity capabilities including the ability to ensure stakeholder involvement (12 percent) and design for the protection of key assets (13 percent).