In March 2018 Accenture released a report, 2018 State of Cyber Resilience: Gaining Ground on the Cyber Attacker, which provided an updated perspective on enterprise-level efforts to become more cyber-resilient. The researchers surveyed over 4,600 security decision-makers from companies with revenues of $1 billion or higher, located in 15 countries throughout North and South America, Europe and Asia-Pacific.

To reduce the amount of noise stemming from the barrage of attacks enterprises face on a daily basis, the research focused primarily on organizations’ ability to handle targeted attacks — those threatening high-value assets and processes — as opposed to routine incidents aimed at low-hanging fruit.

Top Management Improves Engagement Around Resilience Efforts

The concept of cyber resilience merges cybersecurity, business continuity and enterprise-level resilience. The primary goal is to detect threats and respond to them quickly to minimize and contain the damage, resume operations and protect the confidentiality, integrity and availability of data against future attacks. Good news: Top management and board directors are finally starting to grasp the urgency of the situation, shifting from a reactive to a proactive mindset.

This shift appears to be partly driven by the realization that cyber-resilient organizations are better positioned to introduce innovations to market without having to backtrack — or suffering from negative news headlines due to security holes or data privacy violations. Other key drivers mentioned in the report include the pursuit of customer trust and the ability to balance innovation with sufficient risk management frameworks.

Breaking Down the State of Cyber Resilience

The report described many positive developments, especially when compared to the previous edition from 2017. For example, 87 percent of focused attacks were prevented in 2018 — meaning only about one in eight attacks made it through cybersecurity defenses — as opposed to just 70 percent in 2017. In line with this improvement, 23 percent of organizations reported they were able to identify between 76 and 100 percent of breach attempts, more than twice the reported figure last year.

Judging by these results, organizations appear to have made significant improvements in their ability to prevent threats and detect successful intrusions. They are also doing so in record time: 89 percent of organizations said they could detect a breach within one month, nearly a threefold improvement over the 2017 rate of 32 percent. Meanwhile, 55 percent of organizations said they were able to detect a breach within a week, compared to 10 percent last year.

While organizations have translated these improvements into increased confidence, the report warned that executives might be falling into the trap of “overactive optimism.” The authors asserted that much more than 40 percent of companies should be investing in “breakthrough technologies” — such as machine learning, user behavior analytics (UBA) and automation — to match the higher percentage of executives who claimed that cybersecurity is firmly embedded into the organizational culture. Furthermore, 71 percent of respondents reported that cyberattacks are still a “bit of a black box” and admitted that they “do not quite know how or when they will affect our organization.”

Finally, the report noted that 66 percent of security executives now report to either the CEO or the board. Top leaders are also becoming more engaged with security budget negotiations: 27 percent of respondents said their budgets were authorized by the board (compared to 11 percent in 2017), while 32 percent of budgets fall under the CEO’s authority (versus 22 percent in 2017).

Business leaders are also allocating a larger slice of the overall IT budgetary pie to security. In fact, the percentage of respondents who reported spending more than 10 percent of their IT budget on security efforts has more than tripled since 2017 (74 percent versus 22 percent).

Five Steps to Improve Cyber Resilience

Much of Accenture’s research revealed good news, but the report also outlined a five-step strategy to help organizations improve their cyber resilience posture:

  1. Harden and protect core assets: This starts with identifying high-value assets, including mission-critical data, important trade secrets and customer data that may subject the organization to hefty fines if exposed. The report advised companies to “design and execute your overall security program with cyberattacks in mind” while also considering “the people dimension.”
  2. Test incident response processes regularly: The report specifically called out the need for “coached incident simulation” to help security teams and executives build muscle memory when it comes to remediating threats and minimizing damage.
  3. Invest in “breakthrough technologies”: This includes automated orchestration and advanced identity and access management (IAM). The report noted some organizations overspend on superfluous security technologies that are not as effective as previously thought.
  4. Proactively hunt for threats and share intelligence: Organizations must develop strategic, operational and tactical threat intelligence to stay on top of anomalous activity.
  5. Empower the security leader: Executives should regularly review the role of the chief information security officer (CISO) to ensure he or she has appropriate levels of visibility and support and realign the organizational chart accordingly. As the report noted, companies should “move from individual to shared accountability among senior management and infuse a culture of cyber resilience across the organization.”

Accenture’s report on the state of cyber resilience highlighted the progress many organizations have made in their cyber readiness efforts. However, it also exposed the lack of maturity many companies demonstrate when it comes to measuring the effectiveness of cybersecurity investment decisions — and warned against the false sense of security that can result from “conventional ways to ‘stress-test’ defenses,” such as red on blue exercises.

No matter how much ground security leaders and executives cover in their cyber-resilience journeys, the evolving nature of the threat landscape ensures that there will always be room for improvement.

Learn more: Read the Ponemon Institute’s Third Annual Study on the Cyber Resilient Organization

More from CISO

Bridging the 3.4 Million Workforce Gap in Cybersecurity

As new cybersecurity threats continue to loom, the industry is running short of workers to face them. The 2022 (ISC)2 Cybersecurity Workforce Study identified a 3.4 million worldwide cybersecurity worker gap; the total existing workforce is estimated at 4.7 million. Yet despite adding workers this past year, that gap continued to widen.Nearly 12,000 participants in that study felt that additional staff would have a hugely positive impact on their ability to perform their duties. More hires would boost proper risk…

CEO, CIO or CFO: Who Should Your CISO Report To?

As we move deeper into a digitally dependent future, the growing concern of data breaches and other cyber threats has led to the rise of the Chief Information Security Officer (CISO). This position is essential in almost every company that relies on digital information. They are responsible for developing and implementing strategies to harden the organization's defenses against cyberattacks. However, while many organizations don't question the value of a CISO, there should be more debate over who this important role…

Everyone Wants to Build a Cyber Range: Should You?

In the last few years, IBM X-Force has seen an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the need to drill their plans based on real-world conditions and using real tools, attacks and procedures. What’s driving this increased demand? The increase in remote and hybrid work models emerging from the COVID-19 pandemic has elevated the priority to collaborate and…

Why Quantum Computing Capabilities Are Creating Security Vulnerabilities Today

Quantum computing capabilities are already impacting your organization. While data encryption and operational disruption have long troubled Chief Information Security Officers (CISOs), the threat posed by emerging quantum computing capabilities is far more profound and immediate. Indeed, quantum computing poses an existential risk to the classical encryption protocols that enable virtually all digital transactions. Over the next several years, widespread data encryption mechanisms, such as public-key cryptography (PKC), could become vulnerable. Any classically encrypted communication could be wiretapped and is…