March 01, 2020
Follow the leaders and you’ll do cybersecurity better
By: Kelly Bissell

You only have to look around you, whether at work or at home, to see evidence that life is good. Most of us are lucky enough to have the right tools and conditions to help us be efficient and effective in our jobs. And a lot of people are living well within Maslow’s hierarchy of needs. But as any behavioral scientist will tell you, what seems initially positive on the outside often masks underlying issues.

It’s a situation we’re seeing in the Third Annual State of Cyber Resilience report. At first glance, the basics of cybersecurity are improving and cyber resilience is on the rise. Our latest research shows that most organizations are getting better at preventing direct cyberattacks. But in the shape-shifting world of cybersecurity, attackers have already moved on to indirect targets, such as vendors and other third parties in the supply chain. For many, this means new battlegrounds even before they have mastered the fight in their own back yard. At the same time, cybersecurity cost increases are reaching unsustainable levels and, despite the hefty price tags, security investments often fail to deliver. As a result, many organizations face a tipping point.

Leaders are doing it for themselves

Our analysis reveals there is a group of standout organizations that have found a way through. This group of leaders—around 17 percent of our sample—stop more attacks, find and fix breaches faster, and reduce the breach impact.

Here’s some practical pointers to how the non-leaders might step up:

What leaders do Performance targets for non-leaders
Leaders have nearly a fourfold advantage in stopping targeted cyberattacks. Reduce the number of cyberattacks that result in a security breach from 1-in-8 to 1-in-27 or better.
Leaders have a fourfold advantage in detection speed. Reduce the average detection rate for a security breach from up to seven days or more to less than one day.
Leaders have a threefold advantage in speed of remediation. Reduce the average time to remediate a security breach from up to a month or more to 15 days or less.
Leaders have a twofold advantage in containing damage impact. Ensure at least four out of five security breaches have no impact or only a minor impact.

Of course, it isn’t only targets that matter. There’s a mind-set at play here, too. So, what do leaders do differently to become more resilient? Three things set them apart:

  • Invest in what works: Leaders choose speed enabling technologies. In particular, Artificial Intelligence (AI) and Security Orchestration Automation and Response (SOAR) technologies form the backbone of leaders’ investment strategies. Leaders also know which technologies help to achieve a broader level of cybersecurity success to “fill the gaps” in performance.
  • Drive value from investments: Leaders scale more. Their security teams are more effective and they protect more key assets. Leaders train more, and are faster at discovering and fixing breaches and protect more key assets. Leaders collaborate more, and they protect more key assets and improve regulatory alignment. Organizations that collaborate more have a breach ratio of 6 percent against an average of 13 percent for the rest.
  • Sustain what they have: Leaders focus more of their budget allocations on sustaining what they already have. They perform better at the basics—only 15 percent of leaders having more than 500,000 records exposed in the last year—compared with 44 percent of non-leaders.

I am heartened by our findings from this year’s report. The fact of the matter is that we at least know what differentiates a leader and that gives the non-leaders, who are by no means laggards but could do with a helping hand, a chance to catch up.

If you’d like to find out where your organization stands when it comes to the effectiveness of your cybersecurity investments, why not get in touch? Our Accenture Security Diagnostic enables you to benchmark your organization’s cybersecurity program capabilities against those of your peers wrapped up in a personalized report. At least you’ll find out if there is anything lurking under the surface of your current cybersecurity strategy’s success.

About Accenture Security

Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions—underpinned by the world’s largest delivery network—Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With more than 469,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at

Accenture Security helps organizations build resilience from the inside out, so they can confidently focus on innovation and growth. Leveraging its global network of cybersecurity labs, deep industry understanding across client value chains and services that span the security lifecycle, Accenture protects organizations’ valuable assets, end-to-end. With services that include strategy and risk management, cyber defense, digital identity, application security and managed security, Accenture enables businesses around the world to defend against known sophisticated threats, and the unknown. Follow us @AccentureSecure on Twitter or visit us at

This document is produced by consultants at Accenture as general guidance. It is not intended to provide specific advice on your circumstances. If you require advice or further details on any matters referred to, please contact your Accenture representative.
Copyright © 2020 Accenture. All rights reserved. Accenture and its logo are trademarks of Accenture.

Popular Tags

    More blogs on this topic