Almost 63% of companies experience ‘significant’ cyber attacks daily or weekly, yet only 25% of organisations incorporate measures into their technology and operating models to make them more resilient, according to a new Accenture survey.
Accenture’s Business resilience in the face of cyber risk indicated that 88% of the more than 900 executives surveyed believe their cyber defence strategy is robust, understood and fully functional, while 86% claimed they measure their organisation’s resilience to determine what improvements are needed.
However, only 9% of executives said their company proactively runs inward-directed attacks and intentional failures to test their systems on a continuous basis, and just 49% map and prioritise security, operational and failure scenarios. Plus, only 45% had produced threat models to existing and planned business operations, while just 38% had thoroughly documented relationships between their technology and operational assets to identify resilience risks and dependencies in their organisation.
“Given the prevalence of cyber attacks on today’s companies and government organisations, the only question for most is when a cyber attack will occur, not if it will occur,” said Brian Walker, managing director of Accenture Technology Strategy. “While savvy executives know where their weak spots are, and work across the C-suite to prepare accordingly, testing systems, planning for various scenarios, and producing response and continuity plans that guide quick actions when a breach occurs, the data clearly shows that companies by and large have more work to do.”
According to the report, successful enterprises have at least two C-suite executives who are responsible for monitoring and improving security resilience, rather than just one CIO, or chief information security officer (CISO) or chief risk officer. In fact, 19% of the surveyed companies had a dedicated resilience officer.
“To enable and protect the company, CEOs should work closely with their CIO, CISO and others across their leadership team as well as their board of directors, to make decisions about investments, and advance their business continuity efforts,” said Walker. “They cannot prevent an attack or failure, but they can mitigate the damage it can cause by taking steps to make their business more resilient, agile and fault-tolerant.”
To do this, Accenture’s report recommended that companies create a digital ecosystem that allows them to join up with other enterprises to access technologies residing outside of their enterprise and augment their digital capabilities. Companies should also simplify IT architecture and address their evolving digital requirements and make resilience a part of their overall operating model.
Share this story