About one-third of targeted attempts to breach corporations' cyber defenses succeed, but three-quarters of executives remain unaccountably confident in their security strategies, Accenture reported Wednesday in a survey of 2,000 security officers representing large enterprises worldwide.
The “alarmingly high” failure rate in defending against attacks is compounded by their “sheer volume,” Accenture said in the report.
“On average, an organization will face more than a hundred focused and targeted breach attempts every year, and respondents say one in three of these will result in a successful security breach,” the report's authors write. “That's two to three effective attacks per month.”
The survey follows recent high-profile data breaches of Sony Corp., Target Corp. and the U.S. Office of Personnel Management, leaks from the e-mail accounts of Democratic Party officials, and a denial of service attack on the servers of Dyn Inc. in October that silenced Twitter Inc. and other major internet companies for several hours.
Each year, businesses spend an estimated $84 billion to defend against data theft that costs them about $2 trillion — damage that could rise to $90 trillion a year by 2030 if current trends continue, according to a forecast earlier this year by Omar Abbosh, Accenture's chief strategy officer.
Even though more than half of the survey's respondents say internal breaches cause the most damage, two-thirds say they lack confidence in their organization's ability to monitor internal threats and the majority continue to focus on defense against external attackers, the report says.
“Cyberattacks are a constant operational reality across every industry today and our survey reveals that catching criminal behavior requires more than the best practices and perspectives of the past,” Kevin Richards, managing director of Accenture Security for North America, said in a statement accompanying the report. “There needs to be a fundamentally different approach to security protection starting with identifying and prioritizing key company assets across the entire value chain.”
Most respondents said it takes “months” to detect successful breaches and 17 percent said the attacks were only discovered “within a year” or longer. Ninety-eight percent of breaches were reported by employees outside the security team.
Reboot Needed
“To survive in this contradictory and increasingly risky landscape, organizations need to reboot their approaches to cybersecurity,” the report's authors write. “Ultimately, many remain unsure of their ability to manage the internal threats with the greatest cybersecurity impact even as they continue to prioritize external initiatives that produce the lowest return on investment.”
There is still too much emphasis on compliance, the authors conclude: “Just as adhering to generally accepted accounting principles does not ensure protection against financial fraud, cybersecurity compliance alone will not protect a company from successful incursions.”
Accenture surveyed 2,000 executives from 12 industries and 15 countries in North and South America, Europe and Asia-Pacific.
Bloomberg News
Copyright 2018 Bloomberg. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Complete your profile to continue reading and get FREE access to Treasury & Risk, part of your ALM digital membership.
Your access to unlimited Treasury & Risk content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Thought leadership on regulatory changes, economic trends, corporate success stories, and tactical solutions for treasurers, CFOs, risk managers, controllers, and other finance professionals
- Informative weekly newsletter featuring news, analysis, real-world case studies, and other critical content
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the employee benefits and financial advisory markets on our other ALM sites, PropertyCasualty360 and ThinkAdvisor
Already have an account? Sign In Now
*May exclude premium content© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
