The state of cybersecurity resilience 2021
November 3, 2021
November 3, 2021
In our annual survey among 4,744 global respondents around the current state of cybersecurity resilience, we found 85% of CISOs agree or strongly agree that the cybersecurity strategy is developed with business objectives, such as growth or market share, in mind. Yet, 81%, also said that “staying ahead of attackers is a constant battle and the cost is unsustainable” compared with 69% in 2020.
Cyber attacks are up: Large UK organisations each faced an average of 885 attempted cyberattacks – more than triple the global average of 270 . Third-party risk continues to dominate: indirect attacks through the supply chain have increased by 26% in the UK, accounting for 64% of breaches.
Despite soaring attempted attacks, UK organisations saw fewer successful breaches than the previous year – 17 compared to 30. This is also significantly lower than the global average of 29 successful breaches. “UK organisations have shown incredible strength and resilience despite the rising numbers of attacks.” Giovanni Cozzolino, Security Lead for Accenture in the UK.
26%
Increase in the number of supply chain attacks against UK companies since 2020
Security investment continues to rise: More than 80% of our survey respondents say their budgets have increased in the last year. In the UK over a quarter of our respondents indicated those budgets had increased by more than 10%.
84%
UK respondents report budget increases
Cloud still has a complex relationship with security: Despite most UK respondents believing in secure cloud, 29% say security is not part of the cloud discussion from the outset and they’re trying to catch up. Reasons preventing take-up of the cloud revolve around security issues: about one-third of all respondents say poor governance and compliance is a problem, that cloud security is too complex and that they do not have the internal skills to structure a proper cloud security framework.
29%
Security is not part of the cloud discussion
The escalating cyber threat landscape illustrates the urgent need to alter the approach to cybersecurity. CEOs need to lead this change by challenging how cyber risk is treated, monitoring security investments and leading culture change on security.
This year, we identified four levels of cyber resilience including an elite group of Cyber Champions—organisations that excel at cyber resilience, but also align with the business strategy to achieve better business outcomes.
There’s money on the table. Organisations stand to reduce their cost of breaches by 48% to 71% if they increase their performance to Cyber Champion levels.
We also continued to explore how winning organisations tackle cyber resilience, evaluating their responses based on the following performance criteria: they stop more attacks, find and fix breaches faster and reduce breach impact.
Click on the arrows to explore how organisations perform.
Cyber Champions |
Business Blockers |
Cyber Risk Takers |
The Vulnerable |
|
---|---|---|---|---|
Cyber Champions demonstrate that, with the right balance of alignment between business strategy and cybersecurity, organisations can achieve strong business performance while maintaining superior cyber resilience. Cyber Champions:
Organisations that focus solely on business objectives are missing out on the benefits of cyber resilience. By aligning their cybersecurity efforts with the business strategy, organisations can not only achieve better business outcomes, but also seize the advantage in the race to cyber resilience.
The authors would like to thank Edward Blomquist, Julia Malinska, Anna Marszalik, Eileen Moynihan, Vincenzo Palermo and Ann Vander Hijde for their contributions to this report.