Skip to main content Skip to Footer

LATEST THINKING


The Accenture Security Index Ireland

OVERVIEW

It is no surprise that security is top of mind today for business leadership and governments worldwide. Over 70 percent of surveyed companies say cybersecurity is a board-level concern that their top executives support both financially and culturally. These same companies also suffered two to three focused attacks that breached security each month; attacks they confirmed could take months or even years to detect.

What exactly does an effective security strategy look like? To define high performance security objectively, Accenture developed The Accenture Security Index, which assesses performance across 33 cybersecurity capabilities, at both the industry and national level. Organisations that have a clear picture of where they stand across these capabilities can then take proper measures to substantially reduce cybersecurity threats.

KEY FINDINGS

At the global level, Accenture research found that, on average, the typical organization reported it was competent or highly competent in only 11 of the 33 cybersecurity capabilities, suggesting significant room for improvement across the board. Only 9 percent managed to achieve competence in more than 25 of the 33 capabilities. Industry-level performance includes a high level of variation. Communications, Banking and High Technology respondents performed with higher levels of competence in 14 to 15 cybersecurity capabilities, compared with Life Sciences companies, which typically exhibited competence in only six capabilities.

The country level also exhibits significant variation in performance. The United Kingdom and France tops the list, with higher levels of competence in 15 out of 33 cybersecurity capabilities. In contrast, Spain is at the bottom of the list, with competence in only 7 out of 33 capabilities. Ireland sits in the middle of the range, with 10 out of 33 capabilities.


"Organizations are competent in only 11 of the 33 cybersecurity capabilities."



ANALYSIS

ANALYSIS

Using a comprehensive model, Accenture Using a comprehensive model, Accenture assessed performance across 33 cybersecurity capabilities at both the industry and country level. To capture a clear, objective measure of performance, the survey defined specific criteria to characterize three levels of competence: none/ limited, average or high. For example, a rating of no or limited competence when identifying high-value assets and processes in the business means the organization fails to identify key assets and processes consistently. A high score means the company clearly identifies key assets and processes and reviews cyber impact regularly.


image

RECOMMENDATIONS

RECOMMENDATIONS

The following six recommendations can help to focus the improvement effort of companies that have used to security index to assess their strengths and weaknesses:

1. Define cybersecurity success for the organization: Improve the alignment of the company’s cybersecurity strategy with its business imperatives, and enhance abilities to detect and repel more advanced attacks.

2. Pressure-test security capabilities: Engage “white-hat” external hackers for attack simulations to establish a realistic assessment of internal capabilities. By pressure-testing company defences in this way, leaders quickly understand whether they can withstand a targeted, focused attack.

Pressure-test security capabilities

3. Protect from the inside out: Prioritize the protection of key assets and focus on those internal incursions with greatest potential impact. Instead of attempting to anticipate a variety of external breach possibilities, organizations can concentrate on fewer, critical internal incursions. 

4. Keep innovating: Invest in state-of-the-art programs that enable the company to outmanoeuvre adversaries, instead of spending more on existing programs.

Pressure-test security capabilities

5. Make security everyone’s job:Prioritize training for all employees. Employees play a critical role in detecting and preventing breaches. They represent a company’s first line of defence. Appropriate training can pay disproportionate dividends.

6. Lead from the top: CISOs must materially engage with enterprise leadership and make the case that cybersecurity is a critical priority in protecting company value.

Lead from the top

ROOM FOR IMPROVEMENT IN IRISH COMPANIES

Across 15 countries, average organization has high performance in only 11 cybersecurity capabilities.

Ireland is in the middle range—has high performance in 10 cybersecurity capabilities.

image



REPORT AUTHORS

Kelly Bissell

KELLY BISELL

Managing Director, Accenture Security

Mail to Kelly Bissell. This opens a new window. Follow Kelly Bissell on Twitter. This opens a new window. Connect with Kelly Bissell's Profile on LinkedIn. This opens a new window.
Ryan LaSalle

RYAN LASALLE

Managing Director, Growth & Strategy

Mail to Ryan LaSalle. This opens a new window. Follow Ryan LaSalle on Twitter. This opens a new window. Connect with Ryan LaSalle's Profile on LinkedIn. This opens a new window.
Kevin Richards

KEVIN RICHARDS

Managing Director, Accenture Strategy Security – North America Lead

Mail to Kevin Richards . This opens a new window. Follow Kevin Richards on Twitter. This opens a new window. Connect with Kevin Richards's Profile on LinkedIn. This opens a new window.

LOCAL EXPERTS

Kelly Bissell

PATRICK BRESLIN

Managing Director, Accenture Security, Ireland

Mail to Patrick Breslin. This opens a new window. Connect with Patrick Breslin's Profile on LinkedIn. This opens a new window.
Kelly Bissell

CHRIS DAVEY

Cybersecurity Lead, Accenture Technology

Mail to Chris Davey. This opens a new window. Connect with Chris Davey's Profile on LinkedIn. This opens a new window.
Kelly Bissell

DAVID KIRWAN

Head of Technology, Accenture Ireland

Mail to David Kirwan. This opens a new window. Connect with David Kirwan's Profile on LinkedIn. This opens a new window.