Other parts of this series:
My previous blogs in this series about cybersecurity focused on developing better cyber-resiliency. Now, it’s time to talk about the investments companies should be making to protect themselves.
As shown in this banking cybersecurity infographic, many companies we have surveyed invest ineffectively in cybersecurity:1
- 43% – 59% would spend extra budget on the same things they’re doing now instead of hedging other risks.
- Only 28% would invest in mitigating financial loss.
- Only 13% would invest in cybersecurity training.
Organizations should innovate continuously to stay ahead of potential attackers, which may require redirecting some resources to new strategies and programs rather than investing more in current programs.
Organizations seeking to identify opportunities to invest in cybersecurity innovation should look in particular at seven key domains.
- Business alignment assesses cybersecurity incident scenarios to better understand those that could materially affect the business.
- Governance and leadership involves focusing on cybersecurity accountability, nurturing a security-minded culture, monitoring cybersecurity performance, developing incentives for employees and creating a cybersecurity chain of command.
- Strategic threat context drives organizations to explore cybersecurity threats as a means of aligning the security program with the business strategy.
- Cyber resilience is the company’s ability to deliver operational excellence in the face of disruptive cyber adversaries.
- Cyber response readiness means having a robust response plan, strong cyber incident communications, tested plans for the protection and recovery of key assets, effective cyber incident escalation paths, and the ability to obtain solid stakeholder involvement across all business functions.
- The extended ecosystem should be ready to cooperate during crisis management, develop third-party cybersecurity clauses and agreements, and focus on regulatory compliance.
- Investment efficiency strives to drive financial understanding concerning investments across cybersecurity domains and the allocation of funding and resources.
A focus on these domains can improve a company’s cybersecurity capabilities and strengthen its resilience to cyberattacks. However, this effort can require continuous and systematic security investments. Only about a third of total respondents to Accenture’s High Performance Security study expressed confidence in their capabilities in any of the seven cybersecurity domains, which highlights a need to make investing in these areas a priority.1
In that light, check out my next blog about how to “reboot” your cybersecurity approach.
”Building Confidence – Solving Banking’s Cybersecurity Conundrum,” Accenture, 2017. Access at: https://www.accenture.com/us-en/insight-building-confidence-facing-cybersecurity-conundrum