RESEARCH REPORT

In brief

In brief

  • Our cybersecurity report shows cyber attacks are up, security investment continues to rise and cloud still has a complex relationship with security.
  • We reveal four levels of cyber resilience: Cyber Champions, Business Blockers, Cyber Risk Takers and The Vulnerable.
  • Cyber Champions lead; they’re among the top 30% in at least three of four cyber resilience criteria and align business strategy and cybersecurity.
  • For success, organisations need to give CISOs a seat at the top table, be threat-centric and business aligned and get the most out of secure cloud.


The state of cybersecurity resilience now

In our annual survey among 4,744 global respondents around the current state of cybersecurity resilience, we found 85% of CISOs agree or strongly agree that the cybersecurity strategy is developed with business objectives, such as growth or market share, in mind. Yet, 81%, also said that “staying ahead of attackers is a constant battle and the cost is unsustainable” compared with 69% in 2020.

Cyber attacks are up: There were on average 270 attacks per company over the year, a 31% increase over 2020. Third-party risk continues to dominate: successful breaches to the organisation through the supply chain have increased from 44% to 61%.

31%

Increase in the average number of attacks per company since 2020

Security investment continues to rise: More than 80% of our survey respondents say their budgets have increased in the last year. IT security budgets are now up to 15% of all IT spending,
5 percentage points higher than reported in 2020.

82%

Report budget increases

Cloud still has a complex relationship with security: Despite most respondents believing in secure cloud, 32% say security is not part of the cloud discussion from the outset and they’re trying to catch up. Reasons preventing take-up of the cloud revolve around security issues:
about one-third of all respondents say poor governance and compliance is a problem, that cloud security is too complex and that they do not have the internal skills to structure a proper cloud security framework.

32%

Security is not part of the cloud discussion

Championing cybersecurity

This year, we identified four levels of cyber resilience including an elite group of Cyber Champions—organisations that excel at cyber resilience, but also align with the business strategy to achieve better business outcomes.

The four levels of cyber resilience by Accenture state of Cyber Resilience 2021
There’s money on the table. Organisations stand to reduce their cost of breaches by 48% to 71% if they increase their performance to Cyber Champion levels.

We also continued to explore how winning organizations tackle cyber resilience, evaluating their responses based on the following performance criteria: they stop more attacks, find and fix breaches faster and reduce breach impact.

Key measures of cyber resilience

Click on the arrows to explore how organizations perform.

Cyber Champions

Business Blockers

Cyber Risk Takers

The Vulnerable

How to be a Cyber Champion

Cyber Champions demonstrate that, with the right balance of alignment between business strategy and cybersecurity, organisations can achieve strong business performance while maintaining superior cyber resilience. Cyber Champions:

  • Are among the top 30% in at least three of the four cyber resilience criteria.
  • Experience fewer successful breaches – 8 percentage points lower than Business Blockers and 36 percentage points lower than Cyber Risk Takers.
  • Have speedier detection and remediation response times.
  • Better protect themselves from loss of data—only 4% of Cyber Champions lose more than 500,000 records—6.5X less than Cyber Risk Takers.

To be more like Cyber Champions:

Give CISOs a seat at the top table

By drawing on the experience and insights of the wider leadership team, CISOs can gain a broader perspective that serves the whole business well.

Be threat-centric and business aligned

Security leaders must closely align with the business as partners in driving down risk. This alignment helps to embed security into business priorities.

Get the most out of secure cloud

Organisations should seize the opportunity to reset their security posture, earlier and more effectively to the cloud—like our Cyber Champions do.

View All

Organizations that focus solely on business objectives are missing out on the benefits of cyber resilience. By aligning their cybersecurity efforts with the business strategy, organizations can not only achieve better business outcomes, but also seize the advantage in the race to cyber resilience.

The authors would like to thank Edward Blomquist, Julia Malinska, Anna Marszalik, Eileen Moynihan, Vincenzo Palermo and Ann Vander Hijde for their contributions to this report.

About the Authors

Kelly Bissell

Lead –​ Accenture Security


Jacky Fox

Group Technology Officer – Accenture Security


Ryan LaSalle

Senior Managing Director – Accenture Security, North America Lead


Paolo Dal Cin

Senior Managing Director – Accenture Security, Europe and Latin America

MORE ON THIS TOPIC

Cyber Threat Intelligence Report
The importance of cloud security
Ransomware response and recovery

Meet the team

Subscription Center
Stay in the know with our newsletter Stay in the know with our newsletter