One in three cyberattacks resulted in a full-scale security breach over the past 12 months, according to a new security survey from Accenture.
Accenture’s Building Confidence: Facing the Cybersecurity Conundrum survey found that the average company experiences two to three effective attacks per month.
While 75% of executives remain confident that they can protect their enterprises from cyberattacks, Accenture’s report found that it takes months to detect sophisticated breaches, and as many as a third of all successful breaches are not discovered at all by the security team.
The study also showed that it takes longest to spot a breach in the US and the UK, with more than a quarter of organisations in each country taking at least 12 months to detect a successful attack.
“Cyberattacks are a constant operational reality across every industry today and our survey reveals that catching criminal behaviour requires more than the best practices and perspectives of the past,” said Kevin Richards, managing director of Accenture Security, North America. “There needs to be a fundamentally different approach to security protection starting with identifying and prioritising key company assets across the entire value chain. It is also clear that the need for organisations to take a comprehensive end-to-end approach to digital security – one that integrates cyber defence deeply into the enterprise – has never been greater.”
Accenture’s research indicated that only 37% of companies were confident that they had the ability to monitor their systems for breaches, while a similar number said the same about minimising disruptions.
According to the survey, 52% of organisations in Germany and 50% in the UK are confident that they can effectively monitor security breaches, much higher than the global average of 38%. Conversely, companies in France, Australia and the US are the least confident in their ability to monitor for a breach compared to the global average.
Although recent high-profile cyberattacks have driven significant increases in cybersecurity awareness and spending, most of the respondents do not expect to invest in new and different security controls to mitigate threats.
Currently, 58% of surveyed companies have prioritised improving in perimeter-based controls instead of addressing high-impact internal threats. If they were able to access extra budget, 44-55% of respondents would ‘double down’ on their current cybersecurity spending priorities – even though those investments have not significantly deterred regular and ongoing breaches. These priorities include protecting the company’s reputation (54%), safeguarding company information (47%), and protecting customer data (44%).
Meanwhile, only 28% would invest additional budget in mitigating against financial losses, and just 17% would prioritise cybersecurity training.
Organisations in France spend the most (9.4%) of their total IT budget on cybersecurity compared to the global average of 8.2%. Those in Australia and the US spend the lowest percentage of their total IT budget on cybersecurity – 7.6% in Australia and 8% in the US.
Share this story