Organizations Still Struggle with Cyberattacks
the frequency and scope of serious cyberattacks on the rise,
nearly three quarters of organizations (73 percent) globally
cannot identify and fully protect their corporate high-value
assets and processes. According to the newly released
Accenture Security Index, only
one in three organizations (34 percent) have the ability needed
to monitor for threats to critical parts of their business.
To gauge the effectiveness of current enterprise security
efforts and the adequacy of their existing investments,
Accenture surveyed 2,000 top enterprise security practitioners
representing companies with annual revenues of $1 billion or
more. The results of this survey were analyzed in collaboration
with Oxford Economics to develop the Accenture Security Index,
which aggregates scores across 15 countries and 12 industries,
providing the ability to compare the relative strength of all
organizations to protect themselves from cyberattacks. The index
is based on a comprehensive model measuring 33 specific
cybersecurity capabilities. It provides a new benchmark to
determine what high performance security looks like and what it
takes for organizations to establish cybersecurity success.
•In the UK, which tops the country roster along with France for cybersecurity performance, the average organization achieved high performance in 44 percent – or 15 out of 33 – capabilities.
•The UK ranks highest overall for cooperation with third-parties during crisis management (52 percent) and communication of cyber incidents as part of business alignment (55 percent).
•In comparison, Spain ranks at the bottom of the performance list with companies claiming high performance in only 22 percent – or seven of 33 cybersecurity capabilities.
•The US is fifth on the list, with the typical company having high performance in 12 of the 33 capabilities. In line with its overall ranking, the US has average performance across the remaining cybersecurity capabilities with the exception of governance and leadership where it ranks second overall in creating a security-minded culture (53 percent) and cooperation with third-parties during crisis management (42 percent).
A Surprising Degree of Variation in Industry-Level Performance •Communication companies have the highest performance in 11 capabilities including the protection and recovery of key assets (49 percent) and monitoring for business-relevant threats (47 percent).
•High technology companies rank highest in seven capabilities including the ability to create a security-minded culture (54 percent) and recovering from cyber incidents (48 percent).
•Life Sciences organizations are bringing up the rear with an overall ranking of only 19 percent, meaning organizations exhibited high performance in only six capabilities on average.
•Life Sciences also rank lowest in all but one of the 33 cybersecurity capabilities including the ability to ensure stakeholder involvement (12 percent) and design for the protection of key assets (13 percent).