Cybersecurity is improving globally, and cyber resilience is on the rise. Accenture’s latest research shows that most organizations, including federal agencies, are getting better at defending against cyberattacks. But as defenses evolve, so too do the threats. Attackers have already moved on to indirect targets, such as suppliers and other third parties. This leads to massive vulnerability for federal agencies that rely heavily on a contractor network to achieve their missions.
And while vulnerabilities continue to shift, cybersecurity costs are reaching unsustainable levels. Despite the hefty price tags, security investments often fail to deliver the desired security outcomes. This is particularly challenging for large federal agencies that cannot implement security solutions consistently throughout their organizations. Proliferation of outdated, hodgepodge legacy security solutions complicate progress.
But there is good news. Accenture’s analysis reveals there is a group of standout organizations within the public and private sectors that have cracked the cybersecurity code for innovation. Detailed modeling of cybersecurity performance identified an elite group of leaders — 17 percent globally — that achieved significantly higher levels of performance compared to the rest. Federal agencies outperformed the global sample, with 28 percent qualifying as leaders.
These leading organizations set the bar for performance:
- 4x better at stopping attacks
- 4x better at finding breaches faster
- 3x better at fixing breaches faster
- 2x better at reducing breach impact
Our research also identified specific best practices being adopted by these leaders, including:
- Leaders focus on technologies that provide the greatest benefit
- They scale, train, and collaborate more
- Leaders focus on speed for detection, mobilization, and remediation
Leaders reduce cybersecurity costs
Federal agencies can reduce costs—both in terms of the cybersecurity protection cost to the organization and the wider economic impact—by modeling their behavior after that of the leaders:
If agencies perform at the same level as leaders—having the same proportion of attack types and the same time to detect and fix responses—Accenture’s detailed modeling indicates they could reduce the cost per attack by 72 percent.
For the purposes of this research, we investigated targeted cyberattacks. These have the highest potential to both penetrate network defenses, cause damage, and extract high-value assets from within the organization. This excludes the deluge of hundreds—if not thousands—of speculative attacks organizations face on a daily basis.
What is cyber resilience? Cyber resilience brings together the capabilities of cybersecurity, business continuity, and enterprise resilience. It applies holistic security strategies to help federal agencies and other organizations respond quickly to threats so they can minimize the damage and continue to operate under attack.
Keep exploring: The state of federal cyber resilience