The scale and scope of cyber attacks is escalating, costing firms significant losses in time, money and reputation. As I outlined in my previous post, results from an Accenture/Ponemon Institute LLC study indicate firms that take a proactive, innovative and strategic approach to cyber security (Leapfrogs) along six key themes are much better prepared to prevent or reduce the probability of these potential losses than are firms that are reactive and conservative in their security approach (Statics).1

Is your firm at risk?2

If you’re not yet convinced that the differences in approach between Leapfrog and Static firms can make a difference in outcomes, we’ve put together some probabilities (based on benchmark interviews with study participants) to help you better understand why taking a Leapfrog approach to cyber security makes sense.

Probabilities were projected over three years, and overall indicated year-over-year downward probability trends for Leapfrogs and upward probably trends for Statics. The results below show net percentage change over a three-year period in three categories.

  • Probability of a material data breach.The likelihood of a material data breach involving the loss of 10K or more records yielded a significant negative probability percentage for Leapfrogs, and a slight positive probability percentage for Statics: -49.4% Leapfrog/+5.7% Static. 
  • Probability of a high-value information theft.The results for theft of high-value information were similar to those for a material data breach, with a significant probability percentage decrease for Leapfrogs, and more than double the probability percentage increase for Statics, as compared to a material data breach: -46.4% Leapfrog/+12.5% Static.
  • Probability of a significant disruption. Vulnerability to a significant business disruption yielded similar, but slightly less dramatic, results as those from the other two attack probabilities: -36.1% Leapfrog/+5.1% Static.

Becoming a Leapfrog

If your firm is like most other enterprises, security has likely risen to the top of the C-suite priority list—as it should. After all, business resilience and brand trust depend on a firm’s cyber security and defense capabilities. With lost reputation as the number one consequence of a breach, followed by extensive financial costs, no firm can afford to sideline security.

Are you ready to align your firm’s business goals with a strong security strategy? Here is what you should do to move from laggard to leader:

  • Champion a strong security posture (based on personal accountability) across the organization
  • Embrace innovation solutions that stay ahead of the hackers in thwarting cyber attacks
  • Proactively leverage advanced technologies to improve both productivity and the user experience
  • Actively and appropriately invest in security intelligence technologies that support cyber defense without duplicating efforts
  • Implement strong governance and control, led by your CISO, to effectively integrate business and security strategies

Cyber security vulnerability does not have to be a default position. A proactive, innovative and strategic approach modeled on Leapfrog behavior can make all the difference in making sure your firm is not only prepared for, but also capable of, thwarting dangerous threats in any circumstance.

For more details on making the cyber security leap, please see:

The Cyber Security Leap: From Laggard to Leader



  1. “The Cyber Security Leap: From Laggard to Leader,” Accenture and the Ponemon Institute LLC, 2015. Access at:
  2. Ibid


Dr. Christian Tölkes

Managing Director, Technology Consulting Lead Financial Services Austria, Switzerland & Germany

View Profile

Submit a Comment

Your email address will not be published. Required fields are marked *