Rapidly evolving cyber security threats pose substantial ongoing challenges to financial services businesses, pushing security preparedness to the top of the C-suite agenda—and with good reason. According to a Forrester Research prediction, as of 2015, 80% or more of enterprises were likely to have faced a security breach.1

As hackers get more sophisticated, aggressive and prolific, the statistics are likely to become even more daunting. The burning question is, how do firms achieve better security performance while facing an ever-changing cyber threat environment?

The answer could lay in the results of a joint study between Accenture and Ponemon Institute LLC. The study’s purpose was to identify the success factors of enterprises that significantly improved their Security Effectiveness Scoring over a period of two years. After an evaluation of 237 companies, Accenture and the Ponemon Institute were able to divide them into two groups—those who had significantly increased their security performance (Leapfrogs) and those who had not (Statics).2

And the survey says….3

What emerged from the research were six distinct themes wherein practices differed significantly between the two groups. Generally speaking, the results showed security is a top priority for Leapfrog companies, and is deeply aligned with strategic goals. Led by an empowered chief information security officer (CISO), Leapfrog companies:

  • Embrace disruptive technology
  • Proactively respond to changes in the threat landscape
  • Make significant financial investments in security

By comparison, Static companies wrap cyber security in a veil of stealth, secrecy and under-funding, and take a compliance-based, reactive approach to threat prevention.

The results of the study have considerable implications for firms in terms of how to be more effective in meeting increasing security challenges. By following the examples of Leapfrog organizations, your firm could enhance its ability to more quickly detect and respond to threats, malicious attacks and data breaches. By emulating Static companies, you should expect your firm’s risk vulnerability to increase over time.

Making the leap

Is your firm ready to make the leap to a more innovative and proactive approach to cyber security? In my next post, I’ll share details about the sixth themes of differentiation between Leapfrogs and Statics.

For more details on making the cyber security leap, please see:

The Cyber Security Leap: From Laggard to Leader



  1. “Making Leaders Successful Every Day,” Forrester Research presentation, 2014. Access at: http://web.silversky.com/rs/perimeterusa/images/Security_Wrap_Up_and_Predictions_Webinar.pdf?mkt_tok=3RkMMJWWfF9wsRouv6jPZKXonjHpfsX57%2B0sUaKwlMI%2F0ER3fOvrPUfGjI4JSsRjI%2BSLDwEYGJlv6SgFSrDAMaZi27gLXhI%3D
  2. “The Cyber Security Leap: From Laggard to Leader,” Accenture and the Ponemon Institute LLC, 2015. Access at: https://www.accenture.com/us-en/insight-cybersecurity-research-report
  3. Ibid

Dr. Christian Tölkes

Managing Director, Technology Consulting Lead Financial Services Austria, Switzerland & Germany

View Profile

Submit a Comment

Your email address will not be published. Required fields are marked *