In brief

In brief

  • Organizations are improving cyber resilience and performing better under greater pressure as the number of targeted attacks more than doubles.
  • Security teams at Software and Platform companies continue to identify around two-thirds of all breach attempts on average.
  • Now is the time to build on this momentum by drawing on investment capacity to fully realize the benefits of cyber resilience.
  • Accenture reveals five ways that Software and Platform companies can close the gap on cyber attacks and embed security into their organizations.

Closing the gap on cyber attacks

In February 2018, Accenture conducted a global survey on cyber resiliency with 4,669 executives from companies with annual revenues of $1 billion or more, including 221 respondents from Software and Platforms companies.

The cyber-resilient business brings together the capabilities of cybersecurity, business continuity and enterprise resilience. It applies fluid security strategies to respond quickly to threats, so it can minimize the damage and continue to operate under attack. As a result, the cyber-resilient business can introduce innovative offerings and business models securely, strengthen customer trust, and grow with confidence.

Cyber attacks take many forms and have different degrees of impact. The average organization is subjected to a daily deluge of hundreds—if not thousands—of speculative attacks, which are handled by mature security technologies, such as firewalls. For the purposes of this Accenture research, we investigated targeted cyber attacks which have the potential to both penetrate network defenses and cause damage to or extract high-value assets and processes from within the organization.

Software and platforms companies doing well with some room left for improvement

An attack needs to be successful only once, whereas organizations’ cyber resilience needs to be effective every time. The ability to detect an attack has significantly improved over the last year. Despite the increased pressure from targeted cybersecurity attacks more than doubling (232 on average in 2018 vs. 106 in 2017), organizations are demonstrating far more success in heading them off with only one in eight (or around 13 percent) of focused attacks are getting through in 2018. This is much better than the one in three (or around 30 percent) that caused disruption to organizations just over a year ago.

At the same time, the number of successful attacks stagnating globally at ~30 means that, on average, organizations are facing 2-3 security breaches per month. This raises concerns, so there is more work to be done. In comparison, Software and Platforms companies faced on average 251 attacks in 2018, of which 33 (or around 13 percent) were successful, showing further room for improvement.

Five ways to become cyber resilient

  1. Build on a strong foundation: harden and protect your core assets.


Of their organization is not protected by their cybersecurity program, respondents confirm.


Of respondents don’t apply the same security standards to their partners as their own business.

Important to identify the high-value assets of your company and then strengthen their security as Software and Platforms companies today do not protect on average a quarter of their organization with their cybersecurity program. Make sure to prepare for the worst and test those scenarios.

  1. Pressure test your resilience: use coached incident simulation.


Of respondents said “it is not possible to appear strong, prepared and competent” if security is breached.


Of respondents don’t apply the same security standards to their partners as their own business.

As the red team / blue team model—where a red team is tasked with infiltrating your security system and a blue team is tasked with detecting it—has its limitations, we advise using a coached incident simulation, often referred to as purple teaming, which also uses threat intelligence and advanced adversary simulation techniques as well as coaching.

  1. Employ breakthrough technologies: automate defences.


Of respondents said advanced technologies are essential to a secure future

4 OUT OF 10

Of respondents are investing in machine learning/AI and automation technologies

Use AI, big data analytics and machine learning to enable security teams to react and respond in nano- or milliseconds, not minutes, hours or days. Furthermore, implement multi-factor authentication, user behavior monitoring, AI-driven access provisioning and deprovisioning.

  1. Use intelligence and data to be proactive: hunt threats.


Of respondents are confident about restoring normal activity after a breach


Of respondents said cyber attacks were still “a bit of a black box; we do not know how or when they will affect our organization”

Use a data-driven approach and advanced threat intelligence to better anticipate potential attacks and develop a more proactive security posture for your business.

  1. Evolve the role of the CISO.


Of CISOs report direct to the CEO or the board

The next-generation CISO should be business adept and tech-savvy, someone who is equally at home in the boardroom as in the security operations center.

S&P companies are ahead on cybersecurity despite facing more threats—third party partners may pose significant risk.

S&P firms outperformed

On average, S&P companies performed high on 22 out of 33 cybersecurity capabilities evaluated vs global average of 19.
Improvements must continue. Organizations could achieve cyber resilience within two to three years.

About the research

In 2017, Accenture Security surveyed 2,000 executives to understand the extent to which organizations prioritize security, how comprehensive their security plans are, what security capabilities they have, and their level of spend on security.

Just over a year later, Accenture Security undertook a similar survey, this time interviewing 4,600 executives—representing organizations with annual revenues of $1bn or more—from 19 industries and 15 countries across North and South America, Europe and Asia Pacific.

More than 98 percent of respondents were sole or key decision-makers in cybersecurity strategy and spending for their organization.

Kevin Collins

Managing Director – Software & Platforms

Paul Johnson

Senior Principal – Software & Platforms


2018 State of Cyber Resilience report
Four cybersecurity questions every CEO must ask
Building pervasive cyber resilience now

Subscription Center
Stay in the Know with Our Newsletter Stay in the Know with Our Newsletter