CEO and Boards: Prioritizing a Security Crisis
May 25, 2022
Business decisions are hanging in the balance as the war in Ukraine challenges the status quo. It is no surprise, then, that well-established cybersecurity threats, such as ransomware, may not be at the top of the boardroom agenda now.
Yet the oversight could be costly—and not just financially. In its State of Cybersecurity Resilience 2021 research, for example, Accenture found that 20 percent of costs associated with ransomware and extortion incidents are attributed to brand reputation damage.
Business priorities are in the spotlight following any ransomware attack, and your security team should have an incident response plan in place that details how to get the business up and running again. But Accenture’s research suggests that the connection between business strategy and security efforts could benefit from being even more closely aligned.
Board members need to consider how the business currently responds to cyber crisis events and ask themselves:
Disruptive roadblocks such as pandemics and geopolitical issues aside, opportunity is knocking on the boardroom door. Recent times have shown us how business models can be reinvented, supply chains restructured, and increases in productivity made a byproduct of remote working.
Businesses have gained new momentum from this period of compressed transformation, and we’ve all been amazed by the scientific and technological breakthroughs that have made it possible. But perhaps most importantly, we’ve been shown how collaboration and communication make all the difference to the end game.
Because boards steer the business, their decision-making must be influenced by the right information. Having a holistic “bigger picture” means they can adjust the overall strategy to suit. In its State of Cybersecurity Resilience 2021 research, Accenture found that many organizations are already improving the C-suite channel to security teams—72 percent of chief information security officers are now reporting to key business decision makers, whether that’s boards (23 percent) or CEOs (49 percent).
As Accenture cyberthreat intelligence has identified, ransomware is anyone’s game and is proving to be easier than ever—now, you can buy access and malware and simply execute a ransomware attack. This means ransomware and extortion practices are growing—there’s a 107 percent year-over-year increase in ransomware and extortion attacks and 33 percent increase in intrusion volume from ransomware and extortion.
Below are three areas boardrooms should consider closing the gaps between the business and security:
With more agile, robust, and transparent crisis management capabilities, the CEO, board, and rest of the company can handle ransomware events better and improve overall cyber resilience.
Accenture is a global professional services company with leading capabilities in digital, cloud and security. Combining unmatched experience and specialized skills across more than 40 industries, we offer Strategy and Consulting, Technology and Operations services and Accenture Song—all powered by the world’s largest network of Advanced Technology and Intelligent Operations centers. Our 699,000 people deliver on the promise of technology and human ingenuity every day, serving clients in more than 120 countries. We embrace the power of change to create value and shared success for our clients, people, shareholders, partners and communities. Visit us at accenture.com.
Accenture Security is a leading provider of end-to-end cybersecurity services, including advanced cyber defense, applied cybersecurity solutions and managed security operations. We bring security innovation, coupled with global scale and a worldwide delivery capability through our network of Advanced Technology and Intelligent Operations centers. Helped by our team of highly skilled professionals, we enable clients to innovate safely, build cyber resilience and grow with confidence. Follow us @AccentureSecure on Twitter, LinkedIn or visit us at accenture.com/security.
This document is produced by consultants at Accenture as general guidance. It is not intended to provide specific advice on your circumstances. If you require advice or further details on any matters referred to, please contact your Accenture representative.
Copyright © 2022 Accenture. All rights reserved. Accenture, and its logo are trademarks of Accenture.