RESEARCH REPORT

In brief

In brief

  • Our cybersecurity report shows cyber attacks are up, security investment continues to rise and cloud still has a complex relationship with security.
  • We reveal four levels of cyber resilience: Cyber Champions, Business Blockers, Cyber Risk Takers and The Vulnerable.
  • Cyber Champions lead; they’re among the top 30% in at least three of four cyber resilience criteria and align business strategy and cybersecurity.
  • For success, organisations need to give CISOs a seat at the top table, be threat-centric and business aligned and get the most out of secure cloud.

The state of cybersecurity resilience now

In our annual survey among 4,744 global respondents around the current state of cybersecurity resilience, we found 85% of CISOs agree or strongly agree that the cybersecurity strategy is developed with business objectives, such as growth or market share, in mind. Yet, 81%, also said that “staying ahead of attackers is a constant battle and the cost is unsustainable” compared with 69% in 2020.

Cyber attacks are up: Large UK organisations each faced an average of 885 attempted cyberattacks – more than triple the global average of 270 . Third-party risk continues to dominate: indirect attacks through the supply chain have increased by 26% in the UK, accounting for 64% of breaches.

Despite soaring attempted attacks, UK organisations saw fewer successful breaches than the previous year – 17 compared to 30. This is also significantly lower than the global average of 29 successful breaches. “UK organisations have shown incredible strength and resilience despite the rising numbers of attacks.” Giovanni Cozzolino, Security Lead for Accenture in the UK.

26%

Increase in the number of supply chain attacks against UK companies since 2020

Security investment continues to rise: More than 80% of our survey respondents say their budgets have increased in the last year. In the UK over a quarter of our respondents indicated those budgets had increased by more than 10%.

84%

UK respondents report budget increases

Cloud still has a complex relationship with security: Despite most UK respondents believing in secure cloud, 29% say security is not part of the cloud discussion from the outset and they’re trying to catch up. Reasons preventing take-up of the cloud revolve around security issues: about one-third of all respondents say poor governance and compliance is a problem, that cloud security is too complex and that they do not have the internal skills to structure a proper cloud security framework.

29%

Security is not part of the cloud discussion

Jacky Fox

Managing Director - Accenture Security, Europe Lead

Ryan LaSalle

Senior Managing Director – Accenture Security, North America Lead

Paolo Dal Cin

Lead – Accenture Security

MORE ON THIS TOPIC

Cyber Threat Intelligence Report

Security

Cyber Threat Intelligence Report

Ransomware response and recovery

Security

Ransomware response and recovery

Cybersecurity

Elevating the cybersecurity discussion

The escalating cyber threat landscape illustrates the urgent need to alter the approach to cybersecurity. CEOs need to lead this change by challenging how cyber risk is treated, monitoring security investments and leading culture change on security.

DOWNLOAD REPORT

Championing cybersecurity

This year, we identified four levels of cyber resilience including an elite group of Cyber Champions—organisations that excel at cyber resilience, but also align with the business strategy to achieve better business outcomes.

The four levels of cyber resilience by Accenture state of Cyber Resilience 2021
There’s money on the table. Organisations stand to reduce their cost of breaches by 48% to 71% if they increase their performance to Cyber Champion levels.

We also continued to explore how winning organisations tackle cyber resilience, evaluating their responses based on the following performance criteria: they stop more attacks, find and fix breaches faster and reduce breach impact.

Key measures of cyber resilience

Click on the arrows to explore how organisations perform.

Cyber Champions

Business Blockers

Cyber Risk Takers

The Vulnerable

How to be a Cyber Champion

Cyber Champions demonstrate that, with the right balance of alignment between business strategy and cybersecurity, organisations can achieve strong business performance while maintaining superior cyber resilience. Cyber Champions:

  • Are among the top 30% in at least three of the four cyber resilience criteria.
  • Experience fewer successful breaches – 8 percentage points lower than Business Blockers and 36 percentage points lower than Cyber Risk Takers.
  • Have speedier detection and remediation response times.
  • Better protect themselves from loss of data—only 4% of Cyber Champions lose more than 500,000 records—6.5X less than Cyber Risk Takers.

To be more like Cyber Champions:

Give CISOs a seat at the top table

By drawing on the experience and insights of the wider leadership team, CISOs can gain a broader perspective that serves the whole business well.

Be threat-centric and business aligned

Security leaders must closely align with the business as partners in driving down risk. This alignment helps to embed security into business priorities.

Get the most out of secure cloud

Organisations should seize the opportunity to reset their security posture, earlier and more effectively to the cloud—like our Cyber Champions do.

View All

Organisations that focus solely on business objectives are missing out on the benefits of cyber resilience. By aligning their cybersecurity efforts with the business strategy, organisations can not only achieve better business outcomes, but also seize the advantage in the race to cyber resilience.

The authors would like to thank Edward Blomquist, Julia Malinska, Anna Marszalik, Eileen Moynihan, Vincenzo Palermo and Ann Vander Hijde for their contributions to this report.

Subscription Center
Stay in the know with our newsletter Stay in the know with our newsletter
Subscribe