The state of cybersecurity resilience 2021
November 3, 2021
November 3, 2021
In our annual survey among 4,744 global respondents around the current state of cybersecurity resilience, we found 85% of CISOs agree or strongly agree that the cybersecurity strategy is developed with business objectives, such as growth or market share, in mind. Yet, 81%, also said that “staying ahead of attackers is a constant battle and the cost is unsustainable” compared with 69% in 2020.
Cyber attacks are up: There were on average 270 attacks per company over the year, a 31% increase over 2020. Third-party risk continues to dominate: successful breaches to the organization through the supply chain have increased from 44% to 61%.
Increase in the average number of attacks per company since 2020
Security investment continues to rise: More than 80% of our survey
respondents say their budgets have increased in the last year. IT security budgets
are now up to 15% of all IT spending,
5 percentage points higher than reported in 2020.
Report budget increases
Cloud still has a complex relationship with security: Despite most
respondents believing in secure cloud, 32% say security is not part of the
cloud discussion from the outset and they’re trying to catch up. Reasons preventing
take-up of the cloud revolve around security issues:
about one-third of all respondents say poor governance and compliance is a problem, that cloud security is too complex and that they do not have the internal skills to structure a proper cloud security framework.
Security is not part of the cloud discussion
About the Authors
The escalating cyber threat landscape illustrates the urgent need to alter the approach to cybersecurity. CEOs need to lead this change by challenging how cyber risk is treated, monitoring security investments and leading culture change on security.
This year, we identified four levels of cyber resilience including an elite group of Cyber Champions—organizations that excel at cyber resilience, but also align with the business strategy to achieve better business outcomes.
There’s money on the table. Organizations stand to reduce their cost of breaches by 48% to 71% if they increase their performance to Cyber Champion levels.
We also continued to explore how winning organizations tackle cyber resilience, evaluating their responses based on the following performance criteria: they stop more attacks, find and fix breaches faster and reduce breach impact.
Click on the arrows to explore how organizations perform.
Cyber Risk Takers
Cyber Champions demonstrate that, with the right balance of alignment between business strategy and cybersecurity, organizations can achieve strong business performance while maintaining superior cyber resilience. Cyber Champions:
Organizations that focus solely on business objectives are missing out on the benefits of cyber resilience. By aligning their cybersecurity efforts with the business strategy, organizations can not only achieve better business outcomes, but also seize the advantage in the race to cyber resilience.
The authors would like to thank Edward Blomquist, Julia Malinska, Anna Marszalik, Eileen Moynihan, Vincenzo Palermo and Ann Vander Hijde for their contributions to this report.