It’s not a good habit for any business to invest without seeing a decent return. In some functions, its easily fixable—cut your losses and move onto the next project or campaign. But when it comes to security, if your investments don't hit the mark, you're exposing not only the smooth running of your business, but also, potentially, your brand and reputation.

In our latest report "Invest for Cyber Resilience,” we take a close look at how organizations are prioritizing security, how comprehensive their security plans are, and how their security investments are performing. We found that most organizations are not shy of investing in cybersecurity and, in particular, are showing a strong commitment to new technologies. Today, 84 percent of organizations are spending more than 20 percent of their cybersecurity budget on technologies where artificial intelligence, machine learning or robotic process automation is a fundamental component. That’s a good step up from 67 percent three years ago.

Despite these kinds of investments, many are not seeing the benefits—only 53 percent say their investments are “recovered or returned.” And they have the added pressure of the increasing costs of cybersecurity. In fact, these costs are rapidly proving to be unsustainable—for one in four of the organizations we studied, they’re rising by more than 25 percent a year.

So, what’s the impact of these kinds of pressures? Well, as you might expect, the impacts of security programs and investments are diluted. In terms of coverage, we found only 59 percent of assets are actively protected by cybersecurity programs on average. And when defenses fail, more than half of security breaches take longer than 16 days to remediate—and one quarter take more than a month.

While these findings may not promote confidence, there is a positive outcome for some. We discovered a group of organizations, identified in our report as leaders, who seem to have cracked the secret code behind making security work. These leaders, 17 percent of our sample, demonstrate three key ways that enable their organizations to focus their efforts and drive better results from their security investments.

What do leaders do differently to get the best results from their cybersecurity technology investments? They:

  • Scale more: Organizations best at scaling technology investments from pilot to deployment across the enterprise are four times better than the rest at defending attacks
  • Train more: Organizations best at training are two times better than the rest at defending attacks
  • Collaborate more: Organizations best at collaborating are two times better than the rest at defending attacks

Take a look at more of the findings from our survey of 4,644 senior security executives in organizations with annual revenues of US$1 billion or more from 24 industries and 15 countries. This report is just one of an ongoing and extensive and body of research that we have been building for many years. Think about whether the security spend in your own company is resulting in the performance your security team expects. As we can see from this research, it’s no good relying on investments to just work hard—they need to work smart, too.


Accenture Security

Accenture Security is a leading provider of end-to-end cybersecurity services, including advanced cyber defense, applied cybersecurity solutions and managed security operations. We bring security innovation, coupled with global scale and a worldwide delivery capability through our network of Advanced Technology and Intelligent Operations centers. Helped by our team of highly skilled professionals, we enable clients to innovate safely, build cyber resilience and grow with confidence.  Follow us @AccentureSecure on Twitter or visit us at

Accenture, the Accenture logo, and other trademarks, service marks, and designs are registered or unregistered trademarks of Accenture and its subsidiaries in the United States and in foreign countries. All trademarks are properties of their respective owners. All materials are intended for the original recipient only. The reproduction and distribution of this material is forbidden without express written permission from Accenture. The opinions, statements, and assessments in this report are solely those of the individual author(s) and do not constitute legal advice, nor do they necessarily reflect the views of Accenture, its subsidiaries, or affiliates. Given the inherent nature of threat intelligence, the content contained in this report is based on information gathered and understood at the time of its creation. It is subject to change. Accenture provides the information on an “as-is” basis without representation or warranty and accepts no liability for any action or failure to act taken in response to the information contained or referenced in this report.

Copyright © 2020 Accenture. All rights reserved. Accenture, its logo, and High Performance Delivered are trademarks

Kelly Bissell

Lead – Accenture Security

Subscription Center
Subscribe to Security Blog Subscribe to Security Blog