Survey indicates overconfidence may be putting organizations at higher risk for attacks
TORONTO, Jan. 11, 2017 /CNW/ - A new security survey from Accenture (NYSE: ACN) finds that in the past twelve months, roughly one in three targeted attacks resulted in an actual security breach, which equates to three effective attacks per month for the average Canadian company. Still, about two-thirds of Canadians surveyed are confident in their ability to protect their enterprises from cyberattacks.
In the report titled "Building Confidence: Facing the Cybersecurity Conundrum", Accenture surveyed 2,000 enterprise security practitioners, including 124 in Canada, representing companies with annual revenues of $1 billion or more in 15 countries about their perceptions of cyber risks, the effectiveness of current security efforts and the adequacy of existing investments. The survey reveals that the length of time taken to detect these security breaches often compounds the problem, as more than half of Canadian executives (52 percent) disclose that it takes months to detect sophisticated breaches, and as many as a third of all successful breaches are not discovered at all by the security team.
"Cyberattacks are a constant operational reality across every industry today and our survey reveals that catching criminal behavior requires more than the best practices and perspectives of the past. There needs to be a fundamentally different approach to security protection starting with identifying and prioritizing key company assets across the entire value chain," said Russell Thomas, Canadian cybersecurity lead for Accenture. "It is also clear that the need for organizations to take a comprehensive end-to-end approach to digital security — one that integrates cyber defense deeply into the enterprise — has never been greater."
What has Been Done in the Past is not Working
Out with the old and in with the new is easier said than done, especially when it comes to embracing new technologies or cyber defense tools.
- While Canadian survey respondents say internal breaches have the greatest impact, 62 percent prioritize heightened capabilities in perimeter-based controls instead of pivoting to address high-impact internal threats.
- Research findings further show that most Canadian companies do not have effective technology in place to monitor for cyberattacks and are focused on risks and outcomes that have not kept pace with the threat.
- Slightly less than one-third (29 percent) of Canadian respondents say they are competent in business-relevant threat monitoring; 52 percent are confident in their ability to monitor for breaches, and 48 percent say the same about minimizing disruptions.
Getting Smarter about Security Spending
Recent high-profile cyberattacks have driven significant increases in cybersecurity awareness and spending. Yet, the sentiment among those surveyed suggests Canadian organizations will continue to pursue the same countermeasures instead of investing in new and different security controls to mitigate threats.
- For example, given extra budget, 46 percent to 54 percent of Canadian respondents would "double down" on their current cybersecurity spending priorities – even though those investments have not significantly deterred regular and ongoing breaches.
- These priorities for Canadian companies include protecting the company's reputation (54 percent), safeguarding company information (56 percent), and protecting customer data (50 percent). Compared to the global average, Canadian companies exhibit higher confidence in their ability to perform every capability.
- Far fewer Canadian companies would invest the extra funds in efforts that would directly affect their bottom line, such as mitigating against financial losses (20 percent) or investing in cybersecurity training (22 percent).
Key country highlights from the report include:
- Overall, it takes longer to spot a breach in the US and the UK with over a quarter of organizations taking a year or more to detect a successful attack. (30 percent in the US; 26 percent in the UK).
- Organizations in Canada (52 percent), Germany (52 percent) and the UK (50 percent) are the most confident in monitoring for breaches compared to the global average (38 percent).
- Organizations in France, Australia and the US are among the least confident in their ability to monitor for a breach compared to the global average.
- Organizations in France spend the most (9.4 percent) of their total IT budget on cybersecurity compared to the global average of 8.2 percent. Organizations in Canada are among those who spend the lowest amount of their IT budget on cybersecurity (7.3 percent).
For more information on steps organizations can take to effectively deal with cyber threats, visit: www.accenture.com/cybersecurityreport.
Accenture Security helps organizations build resilience from the inside out, so they can confidently focus on innovation and growth. Leveraging its global network of cybersecurity labs, deep industry understanding across client value chains and services that span the security lifecycle, Accenture protects organization's valuable assets, end-to-end. With services that include strategy and risk management, cyber defense, digital identity, application security and managed security, Accenture enables businesses around the world to defend against known sophisticated threats, and the unknown. Follow us @AccentureSecure on Twitter or visit the Accenture Security blog.
Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions – underpinned by the world's largest delivery network – Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With more than 394,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com.
For further information: Theresa Ebden, Accenture, 416-358-6741, [email protected]