Despite higher levels of investment in advanced cybersecurity technologies over the past three years, less than one-fifth of organisations are effectively stopping cyber attacks and finding and fixing breaches fast enough to lower the impact, according to a new report from Accenture.

Based on a survey of more than 4,600 enterprise security practitioners, Accenture’s Third Annual State of Cyber Resilience study explores the extent to which organisations prioritise security, the effectiveness of current security efforts, and the impact of new security-related investments.

The study identified a group of elite ‘leaders’ - 17% of the research sample - that achieve significantly better results from their cybersecurity technology investments than other organisations. Leaders were characterised as among the highest performers in at least three of the four categories of stopping more attacks, finding breaches faster, fixing breaches faster, and reducing the impact of any breach. The study identified a second group, comprising 74% of the respondents, as ‘non-leaders’ who were average performers in terms of cyber resilience but still delivering strong measures.

Kelly Bissell, global head of Accenture Security, said: “Our analysis identifies a group of standout organisations that appear to have cracked the code of cyber security when it comes to best practices. Leaders in our survey are far quicker at detecting a breach, mobilising their response, minimising the damage and getting operations back to normal.”

According to the research, leaders were four times more likely than non-leaders to detect a breach in less than one day (88% / 22%). And when defences fail, nearly all (96%) of the leaders fixed breaches in 15 days or less on average, whereas nearly two-thirds (64%) of non-leaders took 16 days or longer to remediate a breach, with nearly half of those taking more than a month.

The study also found that more than four in five respondents (83%) believe that organisations need to think beyond securing just their own enterprises and take better steps to secure their vendor ecosystems. While cybersecurity programs designed to protect data and other key assets are only actively protecting about 60% of an organisation’s business ecosystem, which includes vendors and other business partners, 40% of breaches come through this route.

Bissell said: “The sizable number of vendor relationships that most organisations have poses a significant challenge to their ability to monitor that business ecosystem. Yet, given the large percentage of breaches that originate in an organisation’s supply chain, companies need to ensure that their cyber defences stretch beyond their own walls.”

Share Story: