Persistent cyber risks are having a profound impact on the ability of businesses to safeguard their most valuable assets. Global spending on information security is set to hit $86.4 billion this year, up 7 percent over 2016 as concerns by corporate leaders grow over the business impact of data breaches (Gartner). Keeping pace with these more sophisticated and highly motivated attacks demands that organizations adopt a dynamic, nimble security strategy that builds resilience from the inside out with an industry-specific approach that protects the entire value chain, end to end.

Are NYC-based companies keeping up?

In 2018, NYC-based companies were able to prevent 78 percent of targeted attacks over the past 12 months (lower than the global average of 87 percent) but are becoming faster and more effective at finding breaches when they do occur—64 percent of breaches are identified within seven days. This is higher than the global average of 55 percent. Not only are NYC-based companies becoming faster at identifying they are able to remediate a breach more quickly as well—87 percent of respondents were able to remediate a breach in less than 60 days. This is faster than the global average (74 percent).

Additionally, almost half (42 percent) of NYC-based respondents have seen their organization make a major transformational investment in its cybersecurity capabilities. With 22 percent of IT budgets focused on cybersecurity (3 percent higher than global average) and 31 percent of the respondents expect their organizations to more than double their investments into cybersecurity over the next three years.


NYC companies are faster and more effective at finding breaches compared to global average (55%).


NYC companies are quicker at remediating breaches in < 60 days vs 74% global average.


NYC companies spend a significant portion of their IT budgets on cybersecurity.


NYC CSIOs have control over their cybersecurity budget.

Four steps to achieve cyber resilience

  1. Build a strong foundation: Identify high value assets and harden them. Ensure controls are deployed across the organizational value chain, not just the corporate function.
  2. Pressure test resilience like an attacker: Enhance defense teams and provide analysis on where improvements need to be made.
  3. Employ breakthrough technologies: Free up investment capacity to invest in technologies that can automate your defenses. Utilize automated orchestration capabilities, advanced behavioral analytics, and artificial intelligence / machine learning.
  4. Be proactive and use threat hunting: Develop strategic and tactical threat intelligence tailored to your environment to identify potential risks. Monitor for anomalous activity at the most likely points of attack.

About the research

  • In 2018, Accenture Security surveyed 4,600 executives to understand the extent to which organizations prioritize security, how comprehensive their security plans are, what security capabilities they have, and their level of spend on security. 100 of those executives are based in New York City.
  • The c-suite executives represent 10 separate industries—and each company has at least one billion in yearly revenue.
    • Industries: Banking and Capital Markets, CG&S, High Tech, Industrial Equipment, Insurance, Media, Retail, Software & Platforms, Communications and Utilities

RELATED: Gaining ground on the cyber attacker

Lynn McMahon

Office Managing Director – New York Metro


Subscription Center
Stay in the Know with Our Newsletter Stay in the Know with Our Newsletter