How to be more cyber resilient?

In recent blogs I’ve discussed a range of challenges that are impacting industrial companies, such as economic uncertainty, acceleration in digitization of the industry, and the transition from products to outcome driven services. In this installment I’m visiting another issue of equal importance—the state of cybersecurity and what actions should be taken to achieve cyber resilience. Simply defined cyber resilience is the ability of companies to successfully anticipate, identify and contain threats; minimize the damage and continue to operate under attack.

While the basics of cybersecurity are improving and cyber resilience is on the rise, attackers have moved to indirect targets, such as vendors and other third parties in the supply chain and/or the ecosystem. As the industry becomes more dependent on ecosystems, cybersecurity will become more critical than ever. Indirect attacks against weak links in the supply chain now account for 40 percent of security breaches, according to the Accenture Third Annual State of Cyber Resilience report.

This situation has opened a new front in the cybersecurity war.  And as a consequence, costs associated with constantly innovating to build cyber resilience have increased. Many organizations are finding it difficult to justify the level of their cybersecurity innovation investment with the cyber resilience outcomes achieved. Nearly one quarter of respondents reported cost increases of more than 25 percent a year across a broad range of 17 cybersecurity protection components.

Moreover, many chief information security officers (CISOs) feel that the sizable number of vendors that the enterprise works with outstrips their capacity to monitor them in the face of increasing indirect attacks. The research also identifies serious gaps in protection, very low detection rates, a much longer business impact, and exposure of customer data. 

What Leaders do Differently

The good news is that there is a group of standout organizations that are setting the bar for innovation and achieving cyber resilience. By focusing on the technologies that provide the greatest benefit and sustaining legacy capabilities, these leaders are able to innovate more and thus outpace others seeking cyber resilience.

The research shows that leaders have a four-fold advantage in stopping more attacks. Also, they identify a higher number of direct attacks against them – an average of 239 cyberattacks compared to 166 for non-leaders. In addition, they only experience nine security breaches a year compared with an average of 22 per year for peers. Leaders are four times faster in detecting breaches, applying three cybersecurity technologies that include Artificial Intelligence (AI): Security Orchestration Automation and Response (SOAR) and Next-Generation Firewalls (NGF).

Fully 96 percent of the leaders said they are faster at plugging security breaches by doing so in 15 days or less on average and have a two-fold advantage in containing damage impact. The report reveals that key to their success is that leaders scale, train, and collaborate more.

Actions to Improve Cybersecurity

There are several actions organizations can take to drive greater innovation success and master cybersecurity execution much like the leaders.

• Prioritize measuring and improving speed of detection, response and recovery to enhance cybersecurity performance and achieve greater levels of cyber resilience.
•  Refocus investment priorities toward technologies that measure cybersecurity performance relative to faster detection, response time, and shorter recovery times.
• Scale faster to determine how effective investments in new security technologies can be in improving detection rates and protecting more key assets. But, do so only when they are fully deployed across the enterprise.
• Train more to make security tools more effective. This will enable better protection of more key assets and accelerate discovery and remediation of breaches.
• Increase collaboration to realize better returns on technology investments with a better containment of business impact and greater protection for key assets and the extended ecosystem.
• Sustain capabilities that enable better performance of cybersecurity basics. Move more quickly from piloting new capabilities to scaling them across the enterprise. And put steps in place that fortify datacentric security to better protect important assets.

 Achieve Cyber Resilience

Companies that take these steps will have a better chance of prevailing against cyberattacks and moving closer to cyber resilience. This will be particularly important for industrial equipment (IE) companies, as they pivot to connected digital products, services, and experiences that will increase risks requiring even more security investment and protection.

Leaders in multiple industries, including those in the IE sector, recognize that cyber resilience is not a destination but rather a continuous process to address the constantly changing threat to the business landscape. This will necessitate constant cybersecurity innovation that evolves with the business. According to Accenture research, IE leaders are four times better at defending against attacks than peers by scaling security technologies more. This example and those of leaders in other surveyed industries are providing the blueprint for success to achieve cyber resilience.

Disclaimer:

?The opinions, statements, and assessments in this report are solely those of the individual author(s) and do not constitute legal advice, nor do they necessarily reflect the views of Accenture, its subsidiaries, or affiliates.

This document is intended for general informational purposes only and does not take into account the reader’s specific circumstances, and may not reflect the most current developments. Accenture disclaims, to the fullest extent permitted by applicable law, any and all liability for the accuracy and completeness of the information in this presentation and for any acts or omissions made based on such information. Accenture does not provide legal, regulatory, audit, or tax advice. Readers are responsible for obtaining such advice from their own legal counsel or other licensed professionals.

Copyright ? 2020 Accenture.

All rights reserved. Accenture and its logo are registered trademarks.