Accenture’s analysis found that cybersecurity leaders succeed by investing for operational speed; driving rapid value from their new investments; and sustaining what they already have.

Investing for operational speed

Prioritize moving fast

In the current environment of rising costs and growing third-party threats, security investments must work more effectively and efficiently than ever to prove their worth.

The top three measures of cybersecurity success for leaders emphasize speed.

We found that leaders prize how quickly they can detect a security breach, how quickly they can mobilize their response, and how quickly they can get operations back to normal. Beyond these priorities, leaders also measure the success of their resiliency by how many systems were stopped and for how long, and by how accurate they were in finding cyber incidents.

Graph of the top three ways organizations measure success of cybersecurity programs across cyber leaders, non-leaders, and federal agencies, showing that cyber leaders rank cyber detection speed, cyber recovery time, and cyber response time at a significantly higher rate than non-leaders and a somewhat higher rate than federal agencies

Federal agencies also ranked the same three measures of speed as their top three indicators of success, though they ranked cyber recovery time higher than cyber detection speed or cyber response time.

Driving value from new investments

Scale more

The rate at which organizations scale investments across their business has a significant impact on their ability to defend against attacks. Leaders perform four times better than their counterparts at scaling technologies—defined as 50 percent or more of tools moving from pilot to full-scale deployment. For the leaders, only 5 percent of cyberattacks resulted in a security breach. For the non-leaders, 21 percent of attacks resulted in a security breach.

Security teams are also more effective for organizations who scale more of their technology investments. Leaders’ security teams actively protect three-quarters of all key assets and discover almost three-quarters of cybersecurity attacks against their organizations. Non-leaders are only able to protect one-half of their key assets and only detect one-half of all cyberattacks against them.

Federal agencies scale security tools well. 68 percent said that more than half of their security tools have been piloted and scaled throughout their organizations, with 22 percent scaling between one-quarter and one-half of their security tools.

Graph of the percentage of security tools piloted then scaled and used throughout the enterprise across cyber leaders, non-leaders, and federal agencies, showing that 68% of federal agencies have scaled 50% or more of tools, compared to 60% of cyber leaders and 48% of non-leaders

Train more

When asked about security tools adopted by their organization that require training, 30 percent of leaders provided training for more than three-quarters of users when it was needed, versus just 9 percent of non-leaders

Graph of the percentage of users who receive training when needed for new security tools adopted by an organization across cyber leaders, non-leaders, and federal agencies, showing that 45% of federal agencies have more than 75% of users receive training when needed, compared to 30% of leaders and 9% of non-leaders

The speed with which organizations find security breaches is faster for those who provide higher levels of training. The best at training found 52 percent of security breaches in less than 24 hours, compared with only 32 percent for the rest. How long it takes to remediate a security breach is also an aspect of better training. For leaders, 65 percent of all security breaches are remediated within 15 days.

Federal agencies lead the pack in terms of cybersecurity training, surpassing even the leaders in this category. 45 percent of federal agencies respondents said they provide training for more than three-quarters of users when it was needed.

Collaborate more

79 percent of respondents agreed collaborations with other organizations, government bodies, and the wider security community will be one of the essential weapons they will need to combat cyberattacks in the future.

The organizations best at collaborating—the ones using more than five methods to bring together strategic partners, the security community, cybersecurity consortia, and an internal task force to increase understanding of cybersecurity threats—are two times better at defending against attacks than others. Organizations that collaborate more have a breach ratio of 6 percent, compared to an average of 13 percent for the rest.

Federal agencies are strong in all aspects of collaboration. Around half (51 percent) said they collaborate with strategic partners to test cybersecurity resilience and to share threat intelligence (45 percent).

Graph of the main ways that leaders, non-leaders, and federal agencies collaborate with partners, showing that cyber leaders lead in most key collaboration strategies, though federal agencies also rank highly on certain strategies, such as maintaining an internal cybersecurity committee/task force

They also focus efforts on maintaining an internal cybersecurity committee/task force (58 percent).

Sustaining what they already have

Maintain existing investments

Leaders understand the need to be brilliant at the basics. They focus more of their budget allocations on sustaining and optimizing what they already have, compared with non-leaders who place more emphasis on piloting and scaling new capabilities.

Graph of how federal agencies benchmark against leaders in budget allocation, comparing their percentage spending in 1) scanning, piloting, trialing new capabilities in a lab or pilot 2) scaling new capabilities and 3) sustaining what they already have

Federal agencies allocate their budgets similarly to leaders, with an emphasis on testing new capabilities (30 percent), scaling those capabilities (33 percent), and sustaining what they already have (37 percent).

Perform better at the basics

Security breaches most often happen when organizations fail at fundamental aspects of their protection practices. This is a challenge when the highest proportion of cyberattacks against leaders—35 percent—target customer records (citizen records for federal agencies).

Graph of the primary target of cybersecurity attacks across customer/citizen records, infrastructure, and stealing/extracting valuable IP for cyber leaders, non-leaders, and federal agencies

With only 15 percent of leaders reporting having more than 500,000 records exposed in the last year—compared to 44 percent of non-leaders and 39 percent of federal agencies—it is clear they are significantly better at the basics of cybersecurity protection.

Now, more than ever, it is vital for federal agencies to make sure the basics of data-centric security are in place. Bad actors in the form of individuals, organizations, and nation states are trying to undermine the credibility of American institutions. Accessing citizen data through cyberattacks is one of their key strategies, which necessitates an effective federal response for protecting key citizen data.

Keep exploring: Mastering federal cybersecurity execution

Aaron Faulkner

​Managing Director – Accenture Federal Services, Cybersecurity Lead

MG(R) George Franz

Managing Director – Accenture Federal Services, Cybersecurity, Defense Lead

David Dalling

Cyber Chief Technology Officer – Accenture Federal Services

Jason Layman

Managing Director – Accenture Federal Services, Technology Strategy & Advisory Lead


Leaders on how to master cybersecurity execution
What if your data could secure itself?
Modernize with impact

Subscription Center
Stay in the know with our newsletter Stay in the know with our newsletter