Australian organisations are gaining ground on the damaging impact of targeted cyber attacks, proving that recent security investments are paying off. Despite the number of targeted cyber attacks doubling in the last year, companies are improving cyber resilience and demonstrating they can perform better under pressure. But there is more work to be done. Now is the time to build on this momentum by drawing on investment capacity to fully realise the benefits of cyber resilience. Accenture reveals five steps to close the gap on cyber attackers and continue to embed security into the fabric of their organisations within the next two to three years.

2018 state of cyber resilience

Australian organisations’ cyber resilience has significantly improved over the last year, despite the increased pressure from targeted cybersecurity attacks, which have more than doubled since 2017. Only one in five targeted attacks are getting through in 2018. and digital technologies that created much of this disruption in the first place, are also proving to be an important part of the solution. Seventy-nine percent of survey respondents believe breakthrough technologies, like artificial intelligence, machine or deep learning, user behaviour analytics, and blockchain, are essential to securing the future of their organisations. Growing support and increased investment for cybersecurity in recent years is starting to pay dividends and, as a result, business leaders are gaining ground on cyber attackers.

VIEW THE INFOGRAPHIC

Transforming security for Australia

In the beginning, digital technologies were alien to organisations and their cultures. But over time this changed, as C-suites and boards became more familiar with digital and its unprecedented ability to transform growth. Today, digital is integral to core business strategies. Organisations are poised to do the same with cybersecurity. But first, organisations need to change the way they are approaching security:

Security teams are getting better—but there is still work to be done. Organisations are now preventing 80 percent of all targeted attacks. But they still face two to three security breaches a month.

Australian organisations could be cyber resilient in two to three years—but pressure grows daily. Ninety percent of respondents expect investment in cybersecurity to increase in the next three years but only 30 percent expect that increase to be significant (double or more).

New technology is critical—but investments are lagging. Seventy-nine percent agree new technology is essential. Only two out of five are investing in AI, machine learning and automation technologies.

Confidence remains high—but a more proactive approach to cybersecurity is needed. More than 80 percent of respondents are confident about monitoring for breaches. But 67 percent say cyber attacks are still a “bit of a black box” and do not know when or how they will impact their organisation.

The C-suite and board are more active in cybersecurity—but the CISOs role must adapt. Nineteen percent of cybersecurity budgets are authorised by the board of Directors and 24 percent by the CEO. The CISO’s role needs to evolve, to be more integrated with the business.

RELATED: 2018 State of Cyber Resilience in Australia
RELATED: Accenture Security

Five steps to cyber resilience

Organisations interested in innovative business models, building extended business ecosystems and adopting more flexible workforce arrangements need to find a secure and safe way to do so. Here are five steps that can help:

Build a strong foundation.
Identify high-value assets and harden them. Prioritise legacy systems. And prepare for the worst.

Pressure test resilience like an attacker.
Enhance both red attack and blue defence teams with player-coaches that use threat intelligence and communicate closely to provide analysis on where improvements need to be made.

Employ breakthrough technologies.
Automate defences. Use automated orchestration capabilities and advanced behavioural analytics.

Be proactive and use threat hunting.
Develop strategic and tactical threat intelligence. Monitor for anomalous and suspicious activity.

Evolve the role of CISO.
Progress the next-generation CISO—business adept and tech-savvy.

Security from the inside out

Security teams should feel proud that they are realising greater success, with the right capabilities, in increasingly difficult circumstances. Drawing on investment capacity for cybersecurity is proving to be wise. Performance improvements have been made, even in the face of more attacks. But transformation does not end here. In fact, the analysis shows that if it continues and companies follow the same path, within two to three years they could achieve a sustainable level of cyber resilience—where security becomes “business as usual,” embedded into the fabric of the organisation.

About the research

Survey of 4,600 security decision makers at US$1B+ companies in 15 countries to understand the effectiveness of security efforts and the adequacy of existing investments. Our sample included 401 security decision makers from Australia.

What is a targeted cyber attack?
A targeted cyber attack has the potential to penetrate network defences and either cause damage, or extract high-value assets and processes from within an organisation. This excludes the thousands of low-level, speculative attacks organisations face daily.

What is cyber resilience?
The cyber-resilient business brings together the capabilities of cybersecurity, business continuity and enterprise resilience. It applies fluid security strategies to respond quickly to threats, so it can minimise the damage and continue to operate under attack. As a result, the cyber-resilient business can introduce innovative offerings and business models securely, strengthen customer trust, and grow with confidence.

About the Authors

Kelly Bissell

Global Managing Director – Accenture Security


Ryan M. LaSalle

Managing Director – Accenture Security Growth & Strategy and Cyber Defense


Floris Van Den Dool

Managing Director – Accenture Security Europe & Latin America


Josh Kennedy-White

Managing Director – Accenture Security Africa & Asia Pacific

MORE ON THIS TOPIC


Subscription Center
Stay in the Know with Our Newsletter Stay in the Know with Our Newsletter