Other parts of this series:
In my last post, I discussed some of the steps companies can take to deal effectively with the reality of cyber threats, based on our recent global Accenture Security survey. These steps are aimed at:
Defining cybersecurity success
- Protecting the business from the inside out
- Continuing to innovate
- Making security everyone’s job
- Leading from the top
Organizations need to innovate continually to stay ahead of potential hackers. In this final post, I will take a look at the seven domains we identified where investments in cybersecurity improve defenses and strengthen resilience with the greatest impact.
- Business alignment
Our research found that only 27 percent of businesses are able to identify high-value assets and business processes.1 To address this, we recommend that companies understand scenarios that could materially affect the business, identify key drivers, decision points and barriers to strategy development.
- Governance and leadership
In our survey, only 31 percent of respondents said their business has a clear cybersecurity chain of command.2 Companies should focus on cybersecurity accountability, nurture a security-minded culture and create a clear-cut cybersecurity chain of command.
- Strategic threat context
Only 34 percent of the businesses we surveyed stated being competent in business-relevant threat monitoring.3 To align the security program with the business strategy, companies should begin analyzing competitive and geo-political risks, peer monitoring and other areas of cybersecurity threats.
- Cyber resilience
We found that only 31 percent of businesses have systems and processes that are properly designed in accordance with cyber resilience requirements.4 In response, companies need to understand the threat landscape, design key asset protection approaches, and use “design for resilience” techniques to limit a cyber attack’s impact.
- Cyber response readiness
Among the survey respondents, only 34 percent of businesses reported having proper cyber-incident escalation paths.5 To maintain readiness, we recommend you develop a robust response plan, strong cyber incident communications, tested plans to protect and recover key assets, and effective escalation paths.
- The extended ecosystem
Only 30 percent of businesses said they felt competent at dealing with third-party cybersecurity, and only 32 percent felt competent at cybersecurity regulatory compliance.6 Companies should be ready to cooperate during crisis management, develop third-party cybersecurity clauses and agreements, and focus on regulatory compliance.
- Investment efficiency
We found that only 29 percent of cybersecurity investments protect key assets.7 To increase efficiency, companies should drive financial understanding of and compare cybersecurity investments against industry benchmarks, organizational business objectives and cybersecurity trends.
At the end of the day, security is everyone’s job. As digital security strategies and new solutions emerge, organizations that tie security efforts to real business needs can gain justifiable confidence in their ability to deal with relentless and fast-moving threats.
The cybersecurity threat is real—standing still is no longer an option.
To learn more, download the full Building Confidence—Facing the Cybersecurity Conundrum report.
- “Building Confidence – Facing the Cybersecurity Conundrum,” Infographic, Accenture, 2017. Access at: https://www.accenture.com/t20170220T011603__w__/us-en/_acnmedia/PDF-35/Accenture-High-Performance-Security-Infographic.pdf#zoom=50