When it comes to cybersecurity, it feels like we’re at a tipping point. While the subject has always been taken seriously, there’s evidence that nations are beginning to place greater importance on getting cybersecurity right—as evidenced by the UK Government’s new £1.9bn investment strategy. This level of seriousness is matched by businesses, which are spending more than ever on security solutions—it’s predicted that global cybersecurity spending will reach $101.6 billion by 2020.
Room for improvement
However, Accenture’s latest report on cybersecurity: Building Confidence: Facing the Cybersecurity Conundrum suggests that there’s room for further improvement.
We spoke to 2000 global businesses—including 205 in the United Kingdom—about their perceptions of security. We found the majority (74 percent) of respondents were confident in their cybersecurity strategies, and 82 percent of the people we spoke to stated that their organisations have completely embedded cybersecurity into their cultures, and that it is a board-level concern supported by their top executives. Our day-to-day experience backs these finding up—we’re seeing that firms are getting much better at security compared with just a few years ago.
However, despite this perceived improvement, the reality of the situation is that firms are still being breached—and regularly. On average, a large business in the United Kingdom can expect to face more than eighty targeted breach attempts each year—with one in three of these breeching security—so businesses are absorbing around two effective attacks every single month! So, what’s happening here? Why is there such a pronounced gap between perception and reality?
The sticking plaster approach
The answer might lie in the strategy behind cybersecurity investments. The current approach to cybersecurity in many organisations is to deploy "point solutions", which provide what’s effectively a "sticking plaster" for a specific, identified weakness. However, at the enterprise level this approach is like to trying to plug the individual holes in a sieve—and a sieve that is continually spouting new holes.
What’s more, in many cases the point solutions deployed by businesses might be in completely the wrong areas. We found that only 34 percent of organisations in the United Kingdom are able to identify high-value assets and business processes—the other 66% will have little or no idea if the most important parts of their business are adequately protected.
A collective madness?
What should give real cause for concern is that many businesses seem trapped in their investment strategies. If offered additional budget to spend, over half of the survey respondents said they’d spend the extra funds on doing the same things they are doing now. If Einstein’s view that the definition of insanity is doing something repeatedly and expecting different results is right, many businesses today are suffering from a kind of collective madness when it comes to their cybersecurity strategies.
From all this, one thing is clear: With so many successful breaches each year, businesses absolutely must adopt a new approach to cybersecurity—one that protects their most important assets from the inside out, and safeguards the enterprise across the entire value chain. In my next blog, I’ll share some thoughts on how organisations can best go about doing just that.
Read the full report, Building Confidence: Facing the Cybersecurity Conundrum.
Alternatively, if you’re interested in finding out more about how Accenture could help your organisation with their cybersecurity strategy contact Sanjeev Shukla.
Follow Accenture Security on Twitter @AccentureSecure.