Organizations are confident in their ability to protect themselves, yet breach rates are alarmingly high.

We recently surveyed 2,000 security executives at large, global enterprises and found that about one in three focused, targeted breach attempts succeeded.

Still, 75 percent of respondents were “confident” they were doing the right things with their security strategies, and a similar number said security is “completely embedded” in their cultures, with support from the highest-level executives.

Clearly, there’s a disconnect.

Surviving in this increasingly risky environment requires a cybersecurity “re-boot” to embrace an end-to-end approach that recognizes a spectrum of threats, minimizes exposure and identifies high-priority assets. This takes a few fundamental steps.

An organization will face over a hundred focused, targeted breach attempts every year… one in three of these will result in a successful security breach.

Executives must overcome erroneous perceptions and focus for success

Executives must overcome erroneous perceptions and focus for success



To reframe their cybersecurity perceptions and build a new definition of success, business leaders must ask themselves several critical questions:

  • Are you confident that you have identified all priority business data assets and their location?

  • Are you able to defend your business from a motivated adversary?

  • Do you have the tools and techniques to react and respond to a targeted attack?

  • Do you know what the adversary is really after?

  • How often does your organization “practice” its plan to get better at responses?

  • How do these attacks affect your business?

  • Do you have the right alignment, structure, team members, and other resources to execute on your mission?

We believe security organisations need to improve the alignment of their strategies with business imperatives. While many organisations are making progress in compliance and risk management, security programs must continue to improve detection and prevention of more advanced attack scenarios.


On average an organization will face 106 targeted cyberattacks each year

Watch this video which showcases some of our Australian research highlights.



We recommend a hard look at seven key cybersecurity domains to identify potential opportunities where your money can be most effectively spent.




See the results of our global survey, and learn what must be done.



Redefining security performance and how to achieve it

Ultimately, security is everyone’s job.

While cybersecurity has gained full attention on company agendas, many chief information security officers (CISOs) still feel locked out of the C-suite. This isn’t necessarily a conscious snub; it’s more of a question of the security organization’s maturity level.

To succeed, CISOs have to step beyond their comfort zones and materially engage with enterprise leadership. Doing so will require them to speak the language of business to make the case that the security team is a critical pillar in the battle to protect enterprise value.

At the same time, the CISO needs to build the board’s cyber literacy with the goal of making it an equal priority to business risk assessment.

Effective cybersecurity requires organizations to achieve greater maturity regarding the main role of the security organization: protect the business from devastating losses.

By grasping the bottom-line impact of a breach, organization leadership will be motivated to act quickly.

And, as digital security strategies and new solutions emerge, organizations that tie security efforts to real business needs will gain justifiable confidence in their ability to deal with relentless and fast-moving threats.



Accenture Security sought to get an inside view into how companies deal with cyber threats.