Published on the 04/06/2020 | Written by Heather Wright
Costs rising at ‘unsustainable levels’, Accenture says…
Those big dollars you’re paying for cybersecurity? They’re just not paying off.
At least that’s the sentiment of the majority of companies surveyed for Accenture’s third annual State of Cyber Resilience Report.
The report shows 80 percent of Australian respondents believe their cybersecurity investments are failing.
“Cybersecurity cost increases are reaching unsustainable levels and, despite the hefty price tags, security investments often fail to deliver.”
That failure comes as the number of breaches increased 50 percent in Australia from 2018 to 2019, and mirrors Accenture’s international findings, showing the battle to stay ahead of attackers is a constant headache, no matter where you are in the world, with many security investments missing the mark. The global data shows 44 percent of organisations had more than 500,000 customer records exposed in the last year, something 19 percent of Australian respondents reported.
“These findings, coupled with the acceleration of cyber threats due to Covid-19, are accelerating the threat landscape and putting extra pressure on security functions,” Accenture says.
The report finds rising costs, and rising frustration when it comes to cybersecurity, with low detection rates – 58 percent of breaches in Australian companies are found by the security teams themselves – and more than 90 percent of all breaches impacting the affected organisation for more than 24 hours.
The (potentially) better news, however, was that 38 percent of breaches ‘had no impact’ on organisations according to survey respondents.
The security woes come despite increased investment. In fact, Accenture says globally costs are rising at ‘unsustainable levels’.
“Cybersecurity cost increases are reaching unsustainable levels and, despite the hefty price tags, security investments often fail to deliver. As a result, many organisations face a tipping point.”
Forty-three percent of Australian companies say they’ve invested more in cybersecurity in the last two years with that increase amounting to more than 25 percent for 11 percent of respondents. Ninety-one percent of Australian companies say they’re spending more than 20 percent of their cybersecurity budgets on advanced technologies.
Joseph Failla, Accenture Australia and New Zealand security lead, says cybersecurity is an increasing challenge as the prevalence of ‘sophisticated and insidious cyberattacks’ continues to grow.
“Organisations are grappling with the new and sudden reality of Covid-19, which is putting even greater strain on their already under-pressure security systems,” Failla says.
As to where the attacks are coming from, there’s good news and there’s bad news.
Accenture says direct attacks (global) were down 11 percent, and security breaches were down 27 percent. But that masks a hidden threat: The indirect attacks targeting weak links in the supply chain, which accounted for 38 percent of security breaches in Australian companies.
“In the shape-shifting world of cybersecurity, attackers have already moved on to indirect targets, such as vendors and other third parties in the supply chain,” Accenture says. “It is a situation that creates new battlegrounds even before they have mastered the fight in their own backyard.”
Despite the apparent failure of cybersecurity systems, Accenture isn’t about to tell companies to down tools and give up the good fight.
Says Failla: “Using threat intelligence and more strategic approaches to cybersecurity can help Australian organisations stay protected and better equipped to respond effectively when the enemy strikes.”
The global report identifies a number of key attributes of leading cyber-resilient companies, who globally were four times better at stopping attacks and four times better at finding breaches faster, along with being three times better at fixing breaches faster and two times better at reducing breach impacts.
Leaders, Accenture says, behave differently in three core ways: They invest for operational speed, prioritising moving fast and choosing ‘turbo-charging technologies’ such as AI and security orchestration automation and response (Soar) technologies; they drive value from new investments, scaling more, training more and collaborating more; and they sustain what they have by maintaining existing investments while ensuring they keep fundamental data protection practices in place too.
“By focusing on the technologies that provide the greatest benefit and sustaining what they have, they are finding themselves moving fast and first in the race to cyber resilience,” Accenture says.
“What is one key to secure innovation? Leaders show us that they scale, train and collaborate more. So while non-leaders measure their success by focusing on the destination – improved cyber resilience – the leaders focus on how to get there using warp speed to detect, mobilise and remediate.”
The State of Cyber Resilience Research surveyed 4,644 security executives globally, including 373 in Australia. No New Zealand organisations were surveyed.