Accenture’s analysis found that cybersecurity leaders succeed by investing for operational speed; driving rapid value from their new investments; and sustaining what they already have.
Investing for operational speed
Prioritize moving fast
In the current environment of rising costs and growing third-party threats, security investments must work more effectively and efficiently than ever to prove their worth.
The top three measures of cybersecurity success for leaders emphasize speed.
We found that leaders prize how quickly they can detect a security breach, how quickly they can mobilize their response, and how quickly they can get operations back to normal. Beyond these priorities, leaders also measure the success of their resiliency by how many systems were stopped and for how long, and by how accurate they were in finding cyber incidents.
Federal agencies also ranked the same three measures of speed as their top three indicators of success, though they ranked cyber recovery time higher than cyber detection speed or cyber response time.
Driving value from new investments
The rate at which organizations scale investments across their business has a significant impact on their ability to defend against attacks. Leaders perform four times better than their counterparts at scaling technologies—defined as 50 percent or more of tools moving from pilot to full-scale deployment. For the leaders, only 5 percent of cyberattacks resulted in a security breach. For the non-leaders, 21 percent of attacks resulted in a security breach.
Security teams are also more effective for organizations who scale more of their technology investments. Leaders’ security teams actively protect three-quarters of all key assets and discover almost three-quarters of cybersecurity attacks against their organizations. Non-leaders are only able to protect one-half of their key assets and only detect one-half of all cyberattacks against them.
Federal agencies scale security tools well. 68 percent said that more than half of their security tools have been piloted and scaled throughout their organizations, with 22 percent scaling between one-quarter and one-half of their security tools.
When asked about security tools adopted by their organization that require training, 30 percent of leaders provided training for more than three-quarters of users when it was needed, versus just 9 percent of non-leaders
The speed with which organizations find security breaches is faster for those who provide higher levels of training. The best at training found 52 percent of security breaches in less than 24 hours, compared with only 32 percent for the rest. How long it takes to remediate a security breach is also an aspect of better training. For leaders, 65 percent of all security breaches are remediated within 15 days.
Federal agencies lead the pack in terms of cybersecurity training, surpassing even the leaders in this category. 45 percent of federal agencies respondents said they provide training for more than three-quarters of users when it was needed.
79 percent of respondents agreed collaborations with other organizations, government bodies, and the wider security community will be one of the essential weapons they will need to combat cyberattacks in the future.
The organizations best at collaborating—the ones using more than five methods to bring together strategic partners, the security community, cybersecurity consortia, and an internal task force to increase understanding of cybersecurity threats—are two times better at defending against attacks than others. Organizations that collaborate more have a breach ratio of 6 percent, compared to an average of 13 percent for the rest.
Federal agencies are strong in all aspects of collaboration. Around half (51 percent) said they collaborate with strategic partners to test cybersecurity resilience and to share threat intelligence (45 percent).
They also focus efforts on maintaining an internal cybersecurity committee/task force (58 percent).
Sustaining what they already have
Maintain existing investments
Leaders understand the need to be brilliant at the basics. They focus more of their budget allocations on sustaining and optimizing what they already have, compared with non-leaders who place more emphasis on piloting and scaling new capabilities.
Federal agencies allocate their budgets similarly to leaders, with an emphasis on testing new capabilities (30 percent), scaling those capabilities (33 percent), and sustaining what they already have (37 percent).
Perform better at the basics
Security breaches most often happen when organizations fail at fundamental aspects of their protection practices. This is a challenge when the highest proportion of cyberattacks against leaders—35 percent—target customer records (citizen records for federal agencies).
With only 15 percent of leaders reporting having more than 500,000 records exposed in the last year—compared to 44 percent of non-leaders and 39 percent of federal agencies—it is clear they are significantly better at the basics of cybersecurity protection.
Now, more than ever, it is vital for federal agencies to make sure the basics of data-centric security are in place. Bad actors in the form of individuals, organizations, and nation states are trying to undermine the credibility of American institutions. Accessing citizen data through cyberattacks is one of their key strategies, which necessitates an effective federal response for protecting key citizen data.
Keep exploring: Mastering federal cybersecurity execution