2018 state of cyber resilience in software & platforms gaining … … · defending against...
TRANSCRIPT
GAINING GROUND ON THE CYBER ATTACKER
2018 State of Cyber Resilience in Software amp Platforms
2
In February 2018 Accenture conducted a global survey on cyber resiliency with 4669 executives from companies with annual revenues of $1 billion or more including 221 respondents from Software amp Platforms companies
2
Executive summarybull Software amp Platforms companies are doing well with regards to
cybersecurity with some room left for improvement
bull Cybersecurity budget is approved by C-level and amounts to around 20 percent of Software amp Platforms companiesrsquo IT budget and continues to rise
bull Newtechnologiessuchasartificialintelligence(AI)machineordeeplearning user behavior analytics and blockchain are essential to securing the future of these organizations
bull Both internal and external focus is needed as attacks may come from outside or inside the organization and a company should protect its whole value chain including internal assets as well as their ecosystem of partners
bull Around two percent of FTEs work with security at Software amp Platforms companies versus the global average of around three percent
bull Though Software amp Platforms companies are generally highly confidentintheircybersecuritycapabilitiesandeffectiveness theyseemedsomewhatlessconfidentintheircybersecurityeffectiveness related to third-party partners and compliance
3
Introduction
The cyber-resilient business brings together the capabilities of cybersecurity business continuity and enterprise resilience It applies fluid security strategies to respond quickly to threats so it can minimize the damage and continue to operate under attack As a result the cyber-resilient business can introduce innovative offerings and business models securely strengthen customer trust and grow with confidence
Cyber attacks take many forms and have different degrees of impact The average organization is subjected to a daily deluge of hundredsmdashif not thousandsmdashof speculative attacks which are handled by mature security technologies such as firewalls For the purposes of this Accenture research we investigated targeted cyber attacks which have the potential to both penetrate network defenses and cause damage to or extract high-value assets and processes from within the organization
In 2017 Accenture Security surveyed 2000 executives to understand the extent to which organizations prioritize security how comprehensive their security plans are what security capabilities they have and their level of spend on security
Just over a year later Accenture Security undertook a similar survey this time interviewing 4669 executives representing companies with annual revenues of US$1 billion or more from 18 industries and 15 countries across North and South America Europe and Asia Pacific More than 98 percent of respondents were sole or key decision makers in cybersecurity strategy and spending for their organization In this second survey 221 executives represented Software amp Platforms companies from 14 countries with annual revenues of US$6 billion or more (see Figure 1)
FIGURE 1 221 executives represented Software amp Platforms companies from 14 countries with annual revenues of US$6 billion or more in our survey carried out in Feb 2018
US
UKAustraliaJapanFrance
Chief Information Security Officer
Chief SecurityOfficer
Chief ComplianceOfficer
Chief Risk Officer
$6ndash99B
$10ndash199B
$20ndash499B
$50B+Chief Security Architect
Corporate Security Officer
GermanyNetherlandsCanadaNorwayItalyBrazilIreland
Respondents by location Respondents by role Respondents by org revenue
21202015151110109 55 55
70
70
33
199 3
221221
87
71
58
14
221
77
SpainSingapore
4
Software amp Platforms companies doing well with some room left for improvement
We asked survey respondents to rank their performance based on a list of 33 cybersecurity capabilities across 7 domains (see Figure 2) On average Software amp Platforms companies performed high on 22 of these capabilities outperforming the global average of 19 (see Figure 3)
FIGURE 2 Respondents were asked to rate their performance on 33 cybersecurity capabilities across 7 domains
Cyber Response
Plans
Cyber Incident Escalation Plans
Stakeholder Involvement
Cyber Incident Communication
Recovery of Key Assets
WhatndashIf Analysis
Peer Situation Monitoring
Business Relevant Threat
Monitoring
Threat Vector Monitoring
Recovery Ability
Design for Resilience
Exposure Driven Design
Continuous Improvement
Threat Landscape Alignment
High-Value Assets
amp Business Processes
Physical amp Safety
Risks
Actual IT Support
Scenarios of Material
Impact
Key Protection Assumptions
High Value Assets amp Business
Processes
Business Exposure
ResilienceReadiness
InvestmentEfficiency
Governanceamp Leadership
ExtendedEcosystem
CyberResponseReadiness
StrategicThreatContext
Physical amp Safety
Risks
IT Risk Support
Cyber Attack Scenarios
Contractual Dependability
Contractual Assurance
Regulatory Compliance
Focus
Operational Cooperation
Securing Future
Architecture
Protection of Key Assets
Security in ProjectFunding
Security in Investment
Funding
Risk Analysis amp Budgeting
Cybersecurity Strategy
5
FIGURE 4 Room for improvement as companies face 2-3 security breaches per month
An attack needs to be successful only once whereas organizationsrsquo cyber resilience needs to be effective every time The ability to detect an attack has significantly improved over the last year Despite the increased pressure from targeted cybersecurity attacks more than doubling (232 on average in 2018 vs 106 in 2017 see Figure 4) organizations are demonstrating far more success in heading them off with only one in eight (or around 13 percent) of focused attacks are getting through in 2018 This is much better than the one in three (or around 30 percent_ that caused disruption to organizations just over a year ago
At the same time the number of successful attacks stagnating globally at ~30 means that on average organizations are facing 2-3 security breaches per month This raises concerns so there is more work to be done In comparison Software amp Platforms companies faced on average 251 attacks in 2018 of which 33 (or around 13 percent) were successful showing further room for improvement
Security breaches Prevented targeted attacks
2017 Global 2018 Global
32(30)
30(13)
74(70)
202(87)106
232
2018 SampP
33(13)
218(87)
251
Security breaches Prevented targeted attacks
2017 Global 2018 Global
32(30)
30(13)
74(70)
202(87)106
232
2018 SampP
33(13)
218(87)
251
FIGURE 3 Software amp Platforms companies performed high on 22 of 33 cybersecurity capabilities vs the global average of 19
Capabilities rated high performing
Capabilities NOT rated high performing
2018 Global 2018 SampP
14 11
19 22
33 33
Capabilities rated high performing
Capabilities NOT rated high performing
2018 Global 2018 SampP
14 11
19 22
33 33
6
FIGURE 5 Software amp Platforms security teams discovered on average 68 of breach attempts and get most help identifying the rest of the attempts from white hats internal employees and law enforcement
Of course security teams are not always the first to know about attacks The insidious nature of cybercrime means that there are continually evolving ways to infiltrate an organization But more collaboration is taking place for the attacks that security teams do not identify When the survey asked how Software amp Platforms companies learn about breaches undetected by their security teams 64 percent said from white hats 63 percent from their own employees and 56 percent said from law enforcement (see Figure 5) Such collaboration and threat information sharing is positive and needs to grow further as there is safety in numbers when defending against cyber attacks
Despite the rising pressure of targeted cyber attacks security teams at Software amp Platforms companies continue to identify around two-thirds or 68 percent of all breach attempts on average (see Figure 5) However this masks a divergence in performance among organizations 23 percent of respondents were in the top category ie able to identify between 76 percent and 100 percent of breach attempts while 15 percent of respondents fell into the lowest category able to identify less than half of all breach attempts So while many organizations are performing well some are clearly struggling with the increased pressure of attacks
Proportion of cyber attacks discovered by security teams
26
37
23
15Less than 50
51-65
76 or more
66-75
For breaches not detected by your security team how do you most frequently learn about them (Ranked top 3)
63
56
52
64White hatsInternally by our
employees
Externally by a peercompetitor in our industry
Law enforcement
51Externally by the media
Attacks identified by security team
Attacks NOT identified by security team
2018 SampP
32
68
251
7
Cybersecurity budget approved by C-level and on the rise
FIGURE 6 67 say their Board CEO or Executive Committee authorizes their cybersecurity budget
FIGURE 7 Software amp Platforms companies spend 20 of their IT budget on cybersecurity
Percentage of IT budget spent on security
Rest of IT budget
2018 Global 2018 SampP
81 80
19 20
Percentage of IT budget spent on security
Rest of IT budget
2018 Global 2018 SampP
81 80
19 20
Of those surveyed 67 percent say their Board CEO or Executive Committee authorizes their cybersecurity spend compared to the global average of 59 percent (see Figure 6) Consequently budget authorization rests at the highest levels of companies
This elevated status of cyber resilience within the business is helping to fuel improvements Security spending reached 20 percent of the IT budget in Software amp Platforms companies (see Figure 7)Who authorizes your cybersecurity budget
Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee
2018 Global 2018 SampP
27
12
11
36
117
32 31
96 1 11
104
Who authorizes your cybersecurity budget
Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee
2018 Global 2018 SampP
27
12
11
36
117
32 31
96 1 11
104
Who authorizes your cybersecurity budget
Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee
2018 Global 2018 SampP
27
12
11
36
117
32 31
96 1 11
104
Who authorizes your cybersecurity budget
8
FIGURE 8 43 of Software amp Platforms companies expect to increase their cybersecurity budget significantly over the next three years while only 28 claim to have done so in the past three years
FIGURE 9 With more budget security investments would be directed toward technologies and innovations over training
Given the additional budget Software amp Platforms companies would invest in breakthrough technologies 65 percent of respondents would spend it on adding innovations in cybersecurity and 58 percent would spend it on filling known gaps in cybersecurity technology but only 14 percent would spend it on end-user training (see Figure 9)
The general outlook for investment is positive with 90 percent of Software amp Platforms respondents expecting their organizationrsquos overall investment in cybersecurity to stay the same or increase in the next three years (see Figure 8) At the same time only 43 percent of them expect that increased investment to be significant (double or more)mdashhardly a fast-track to embedding security into the fabric of the organization This however is still an increase compared to the 28 percent who claim they have significantly increased their cybersecurity budget over the past three years
Past 3 years
Increased significantly (doubled or more)
Increased modestly
2018 Global 2018 SampP
65
22 28
13
62
9 1
Next 3 years
Decreased modestly
Stayed the same Decreased significantly (by half or more)
2018 Global 2018 SampP
43
48
11
31
59
9 1 7
Past 3 years
Increased significantly (doubled or more)
Increased modestly
2018 Global 2018 SampP
65
22 28
13
62
9 1
Next 3 years
Decreased modestly
Stayed the same Decreased significantly (by half or more)
2018 Global 2018 SampP
43
48
11
31
59
9 1 7
Past 3 years
Increased significantly (doubled or more)
Increased modestly
2018 Global 2018 SampP
65
22 28
13
62
9 1
Next 3 years
Decreased modestly
Stayed the same Decreased significantly (by half or more)
2018 Global 2018 SampP
43
48
11
31
59
9 1 7
If you were given more budget for sybersecurityhow would you use it
58
65
56
45
37
14
62
59
54
52
36
13
Filling known gaps in cybersecurity technology
Adding new innovations in cybersecurity
Filling security staffing gaps
Better reporting tools
End-user training
Filling known gaps in capabilities (other than
staffing amp technology)
Global 2018 SampP
If you were given more budget for cybersecurity how would you use it
9
New technologies are important for the future
The evolution of digital technologies is a double-edged sword It has been essential to organizationsrsquo success globally while increasing the risk of cyber threat 89 percent of Software amp Platforms respondents agree that the adoption of new innovative business models ecosystems liquid workforces etc can increase the attack surface and make organizations more vulnerable to the threat of cyber attacks (see Figure 10)
At the same time the digital technologies that created market disruption and spawned the next wave of successful cyber attacks are also proving to be part of the solution to tackling cybersecurity Our research shows that 90 percent of Software amp Platforms respondents believe that breakthrough technologies such as artificial intelligence (AI) machine or deep learning user behavior analytics and blockchain are essential to securing the future of their organizations (see Figure 11)
FIGURE 10 As companies adopt new innovative business models ecosystems liquid workforce etc the risk and security attack surface area increases exponentially
FIGURE 11 New technologies as AI machine deep learning user behavior analytics blockchain etc are essential to securing the future of the organization
Disagree AgreeStrongly agree
2018 Global 2018 SampP
82
18
89
11
Disagree AgreeStrongly agree
2018 Global 2018 SampP
82
18
89
11
Disagree AgreeStrongly agree
2018 Global 2018 SampP
83
17
90
10
Disagree AgreeStrongly agree
2018 Global 2018 SampP
83
17
90
10
10
FIGURE 12 Only 32 of Software amp Platforms respondents invest in Machine learning and AI today
Indeed it is breakthrough technologies that will drive the next round of cyber resiliencemdashalthough only one in three (or around 32 percent) of Software amp Platforms business leaders are already investing in areas like machine learningAI and automation as most of them instead invest in IoT security security intelligence platforms and blockchain (see Figure 12)
In which of the following newemerging technologies are you investing to evolve your security programm (multiple responses)
61
54
49
48
37
37
32
55
54
48
45
45
44
43
IoT security
Security intelligence platforms
Threat hunting
Continuous control monitoringand reporting
Managed security services
Machine learningAI
38
37
41
40
Password-less authentication
Robotic process automation (RPA)
Blockchain
Global 2018 SampP
In which of the following newemerging technologies are you investing to evolve your security program (Multiple responses)
11
Both internal and external focus needed
In terms of delivering the next wave of improvements it is easy to focus exclusively on counteracting external attacks but organizations should not neglect the enemy within When looking at the incidents security teams fail to prevent the top two attacks with the greatest impact are external attacks such as hackers and internal attacks such as malicious insiders (see Figure 13) Furthermore these two types of attacks are also the most frequent ones according to respondents This serves as a timely reminder for organizations to protect themselves from the inside out against the equally damaging threats of internal and external attacks
FIGURE 13 External attacks such as hackers and internal attacks such as malicious insiders are both the most frequent attacks and those with the greatest impact
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Most damaging breaches ranked by frequency amp impact
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Among the successful breaches please indicate which of the following causes had the greatest impact
12
FIGURE 15 41 of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their partners as to their own business
FIGURE 14 On average one-quarter of a Software amp Platforms company is not protected by a cybersecurity program
On average Software amp Platforms respondents said a cybersecurity program does not protect one-quarter (27 percent) of their organization (see Figure 14) including corporate IT and the systems in the corporate office Protection of third parties ranked lowest of all at only 36 percent
Cybersecurity performance should also extend beyond the organizationsrsquo own four walls but for many organizations they are only as good as their weakest link Subsidiary and third-party risk is top of mind especially when 41 percent of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their extended ecosystem of partners as they apply to their own business (see Figure 15)
Consequently Software amp Platforms companies must do more to put the basics of cybersecurity in place to protect their most valuable assetsmdashfrom the inside outmdashacross their entire industry value chain
Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards
Not protected Protected
2018 Global 2018 SampP
67
33
73
27
Not protected Protected
2018 Global 2018 SampP
67
33
73
27
Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards
We do not review cybersecurity standards of partners
We review cybersecurity standards of partners but do not impose any standards or requirements
We hold partners to a min standards for cybersecurity that is below our business standards and audit regularly
We hold partners to the same cybersecurity standards as our business and audit regularly
We hold partners to higher cybersecurity standards than our business
2018 Global 2018 SampP
46
16
14
18
6
37
21
15
22
5
13
FIGURE 16 Share of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE
2 of FTEs work with security at Software amp Platforms companies
Organizations rely on their internal security workforce but also supplement it with contractors and outsourced staff Software amp Platforms companies have less of their total headcount around 2 percent work with security compared to the global average of almost 3 percent At the same time Software amp Platforms companies have more employees working with ldquoSecurity Strategy and Leadershiprdquo PMO and ldquoSecurity Architecture and Engineeringrdquo On the other hand Software amp Platforms companies have fewer contractors and consultants as well as fewer outsourced FTEs than the global average (see Figure 16)
Percentage of various Internal Security FTE ContractorsConsultants and Outsoursed FTE as a percentage of Total FTE
2
073
059
088
06
075
286
073
071
07
067
066
Security FTE
Security operations
Security strategy andleadership PMO
Security architectureand engineering
Risk and compliance
033
02
057
032
Contractorsconsultants
Outsourced
Digital identity
Global 2018 SampP
Percentage of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE
14
FIGURE 17 Software amp Platforms respondents feel least confident about their organizationrsquos effectiveness when it comes to Third Party amp Compliance while they are generally confident about their cybersecurity capabilities and effectiveness
Confidence is high amongst Software amp Platforms respondents on all capabilities we asked them about For example 86 percent feel confident about their companyrsquos ability to monitor breaches 87 percent feel confident about identifying the cause of a breach and 84 percent feel confident about restoring normal activity after a breach (see Figure 17)
Although confidence is also generally high amongst respondents in their organizationrsquos cybersecurity effectiveness only 76 percent feel confident in their Third Party amp Compliance-related effectiveness (see Figure 17)
Software amp Platforms companies rate themselves the least effective in Third Party amp Compliance
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
How confident are you in the effectiveness of each of the following for your organization
15
Five steps to cyber resilienceBuild on a strong foundation harden and protect your core assets Important to identify the high-value assets of your company and then strengthen their security as Software amp Platforms companies today do not protect on average a quarter of their organization with their cybersecurity program Make sure to prepare for the worst and test those scenarios
Pressure test your resilience use coached incident simulation As the red team blue team modelmdashwhere a red team is tasked with infiltrating your security system and a blue team is tasked with detecting itmdashhas its limitations we advise using a coached incident simulation often referred to as purple teaming which also uses threat intelligence and advanced adversary simulation techniques as well as coaching
Employ breakthrough technologies automate defenses Use AI big data analytics and machine learning to enable security teams to react and respond in nano- or milliseconds not minutes hours or days Furthermore implement multi-factor authentication user behavior monitoring AI-driven access provisioning and deprovisioning
Use intelligence and data to be proactive hunt threats Use a data-driven approach and advanced threat intelligence to better anticipate potential attacks and develop a more proactive security posture for your business
Evolve the role of the CISO The next-generation CISO should be business adept and tech-savvy someone who is equally at home in the boardroom as in the security operations center
01
02
03
04
05
15
ABOUT ACCENTUREAccenture is a leading global professional services company providing a broad range of services and solutions in strategy consulting digital technology and operations Combining unmatched experience and specialized skills across more than 40 industries and all business functions ndash underpinned by the worldrsquos largest delivery network ndash Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders With 459000 people serving clients in more than 120 countries Accenture drives innovation to improve the way the world works and lives Visit us at wwwaccenturecom
Copyright copy 2018 Accenture All rights reserved
Accenture and its logo are trademarks of Accenture
For more information contact Kevin Collins kevinjcollinsaccenturecom
Paul Johnson pauldjohnsonaccenturecom
2
In February 2018 Accenture conducted a global survey on cyber resiliency with 4669 executives from companies with annual revenues of $1 billion or more including 221 respondents from Software amp Platforms companies
2
Executive summarybull Software amp Platforms companies are doing well with regards to
cybersecurity with some room left for improvement
bull Cybersecurity budget is approved by C-level and amounts to around 20 percent of Software amp Platforms companiesrsquo IT budget and continues to rise
bull Newtechnologiessuchasartificialintelligence(AI)machineordeeplearning user behavior analytics and blockchain are essential to securing the future of these organizations
bull Both internal and external focus is needed as attacks may come from outside or inside the organization and a company should protect its whole value chain including internal assets as well as their ecosystem of partners
bull Around two percent of FTEs work with security at Software amp Platforms companies versus the global average of around three percent
bull Though Software amp Platforms companies are generally highly confidentintheircybersecuritycapabilitiesandeffectiveness theyseemedsomewhatlessconfidentintheircybersecurityeffectiveness related to third-party partners and compliance
3
Introduction
The cyber-resilient business brings together the capabilities of cybersecurity business continuity and enterprise resilience It applies fluid security strategies to respond quickly to threats so it can minimize the damage and continue to operate under attack As a result the cyber-resilient business can introduce innovative offerings and business models securely strengthen customer trust and grow with confidence
Cyber attacks take many forms and have different degrees of impact The average organization is subjected to a daily deluge of hundredsmdashif not thousandsmdashof speculative attacks which are handled by mature security technologies such as firewalls For the purposes of this Accenture research we investigated targeted cyber attacks which have the potential to both penetrate network defenses and cause damage to or extract high-value assets and processes from within the organization
In 2017 Accenture Security surveyed 2000 executives to understand the extent to which organizations prioritize security how comprehensive their security plans are what security capabilities they have and their level of spend on security
Just over a year later Accenture Security undertook a similar survey this time interviewing 4669 executives representing companies with annual revenues of US$1 billion or more from 18 industries and 15 countries across North and South America Europe and Asia Pacific More than 98 percent of respondents were sole or key decision makers in cybersecurity strategy and spending for their organization In this second survey 221 executives represented Software amp Platforms companies from 14 countries with annual revenues of US$6 billion or more (see Figure 1)
FIGURE 1 221 executives represented Software amp Platforms companies from 14 countries with annual revenues of US$6 billion or more in our survey carried out in Feb 2018
US
UKAustraliaJapanFrance
Chief Information Security Officer
Chief SecurityOfficer
Chief ComplianceOfficer
Chief Risk Officer
$6ndash99B
$10ndash199B
$20ndash499B
$50B+Chief Security Architect
Corporate Security Officer
GermanyNetherlandsCanadaNorwayItalyBrazilIreland
Respondents by location Respondents by role Respondents by org revenue
21202015151110109 55 55
70
70
33
199 3
221221
87
71
58
14
221
77
SpainSingapore
4
Software amp Platforms companies doing well with some room left for improvement
We asked survey respondents to rank their performance based on a list of 33 cybersecurity capabilities across 7 domains (see Figure 2) On average Software amp Platforms companies performed high on 22 of these capabilities outperforming the global average of 19 (see Figure 3)
FIGURE 2 Respondents were asked to rate their performance on 33 cybersecurity capabilities across 7 domains
Cyber Response
Plans
Cyber Incident Escalation Plans
Stakeholder Involvement
Cyber Incident Communication
Recovery of Key Assets
WhatndashIf Analysis
Peer Situation Monitoring
Business Relevant Threat
Monitoring
Threat Vector Monitoring
Recovery Ability
Design for Resilience
Exposure Driven Design
Continuous Improvement
Threat Landscape Alignment
High-Value Assets
amp Business Processes
Physical amp Safety
Risks
Actual IT Support
Scenarios of Material
Impact
Key Protection Assumptions
High Value Assets amp Business
Processes
Business Exposure
ResilienceReadiness
InvestmentEfficiency
Governanceamp Leadership
ExtendedEcosystem
CyberResponseReadiness
StrategicThreatContext
Physical amp Safety
Risks
IT Risk Support
Cyber Attack Scenarios
Contractual Dependability
Contractual Assurance
Regulatory Compliance
Focus
Operational Cooperation
Securing Future
Architecture
Protection of Key Assets
Security in ProjectFunding
Security in Investment
Funding
Risk Analysis amp Budgeting
Cybersecurity Strategy
5
FIGURE 4 Room for improvement as companies face 2-3 security breaches per month
An attack needs to be successful only once whereas organizationsrsquo cyber resilience needs to be effective every time The ability to detect an attack has significantly improved over the last year Despite the increased pressure from targeted cybersecurity attacks more than doubling (232 on average in 2018 vs 106 in 2017 see Figure 4) organizations are demonstrating far more success in heading them off with only one in eight (or around 13 percent) of focused attacks are getting through in 2018 This is much better than the one in three (or around 30 percent_ that caused disruption to organizations just over a year ago
At the same time the number of successful attacks stagnating globally at ~30 means that on average organizations are facing 2-3 security breaches per month This raises concerns so there is more work to be done In comparison Software amp Platforms companies faced on average 251 attacks in 2018 of which 33 (or around 13 percent) were successful showing further room for improvement
Security breaches Prevented targeted attacks
2017 Global 2018 Global
32(30)
30(13)
74(70)
202(87)106
232
2018 SampP
33(13)
218(87)
251
Security breaches Prevented targeted attacks
2017 Global 2018 Global
32(30)
30(13)
74(70)
202(87)106
232
2018 SampP
33(13)
218(87)
251
FIGURE 3 Software amp Platforms companies performed high on 22 of 33 cybersecurity capabilities vs the global average of 19
Capabilities rated high performing
Capabilities NOT rated high performing
2018 Global 2018 SampP
14 11
19 22
33 33
Capabilities rated high performing
Capabilities NOT rated high performing
2018 Global 2018 SampP
14 11
19 22
33 33
6
FIGURE 5 Software amp Platforms security teams discovered on average 68 of breach attempts and get most help identifying the rest of the attempts from white hats internal employees and law enforcement
Of course security teams are not always the first to know about attacks The insidious nature of cybercrime means that there are continually evolving ways to infiltrate an organization But more collaboration is taking place for the attacks that security teams do not identify When the survey asked how Software amp Platforms companies learn about breaches undetected by their security teams 64 percent said from white hats 63 percent from their own employees and 56 percent said from law enforcement (see Figure 5) Such collaboration and threat information sharing is positive and needs to grow further as there is safety in numbers when defending against cyber attacks
Despite the rising pressure of targeted cyber attacks security teams at Software amp Platforms companies continue to identify around two-thirds or 68 percent of all breach attempts on average (see Figure 5) However this masks a divergence in performance among organizations 23 percent of respondents were in the top category ie able to identify between 76 percent and 100 percent of breach attempts while 15 percent of respondents fell into the lowest category able to identify less than half of all breach attempts So while many organizations are performing well some are clearly struggling with the increased pressure of attacks
Proportion of cyber attacks discovered by security teams
26
37
23
15Less than 50
51-65
76 or more
66-75
For breaches not detected by your security team how do you most frequently learn about them (Ranked top 3)
63
56
52
64White hatsInternally by our
employees
Externally by a peercompetitor in our industry
Law enforcement
51Externally by the media
Attacks identified by security team
Attacks NOT identified by security team
2018 SampP
32
68
251
7
Cybersecurity budget approved by C-level and on the rise
FIGURE 6 67 say their Board CEO or Executive Committee authorizes their cybersecurity budget
FIGURE 7 Software amp Platforms companies spend 20 of their IT budget on cybersecurity
Percentage of IT budget spent on security
Rest of IT budget
2018 Global 2018 SampP
81 80
19 20
Percentage of IT budget spent on security
Rest of IT budget
2018 Global 2018 SampP
81 80
19 20
Of those surveyed 67 percent say their Board CEO or Executive Committee authorizes their cybersecurity spend compared to the global average of 59 percent (see Figure 6) Consequently budget authorization rests at the highest levels of companies
This elevated status of cyber resilience within the business is helping to fuel improvements Security spending reached 20 percent of the IT budget in Software amp Platforms companies (see Figure 7)Who authorizes your cybersecurity budget
Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee
2018 Global 2018 SampP
27
12
11
36
117
32 31
96 1 11
104
Who authorizes your cybersecurity budget
Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee
2018 Global 2018 SampP
27
12
11
36
117
32 31
96 1 11
104
Who authorizes your cybersecurity budget
Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee
2018 Global 2018 SampP
27
12
11
36
117
32 31
96 1 11
104
Who authorizes your cybersecurity budget
8
FIGURE 8 43 of Software amp Platforms companies expect to increase their cybersecurity budget significantly over the next three years while only 28 claim to have done so in the past three years
FIGURE 9 With more budget security investments would be directed toward technologies and innovations over training
Given the additional budget Software amp Platforms companies would invest in breakthrough technologies 65 percent of respondents would spend it on adding innovations in cybersecurity and 58 percent would spend it on filling known gaps in cybersecurity technology but only 14 percent would spend it on end-user training (see Figure 9)
The general outlook for investment is positive with 90 percent of Software amp Platforms respondents expecting their organizationrsquos overall investment in cybersecurity to stay the same or increase in the next three years (see Figure 8) At the same time only 43 percent of them expect that increased investment to be significant (double or more)mdashhardly a fast-track to embedding security into the fabric of the organization This however is still an increase compared to the 28 percent who claim they have significantly increased their cybersecurity budget over the past three years
Past 3 years
Increased significantly (doubled or more)
Increased modestly
2018 Global 2018 SampP
65
22 28
13
62
9 1
Next 3 years
Decreased modestly
Stayed the same Decreased significantly (by half or more)
2018 Global 2018 SampP
43
48
11
31
59
9 1 7
Past 3 years
Increased significantly (doubled or more)
Increased modestly
2018 Global 2018 SampP
65
22 28
13
62
9 1
Next 3 years
Decreased modestly
Stayed the same Decreased significantly (by half or more)
2018 Global 2018 SampP
43
48
11
31
59
9 1 7
Past 3 years
Increased significantly (doubled or more)
Increased modestly
2018 Global 2018 SampP
65
22 28
13
62
9 1
Next 3 years
Decreased modestly
Stayed the same Decreased significantly (by half or more)
2018 Global 2018 SampP
43
48
11
31
59
9 1 7
If you were given more budget for sybersecurityhow would you use it
58
65
56
45
37
14
62
59
54
52
36
13
Filling known gaps in cybersecurity technology
Adding new innovations in cybersecurity
Filling security staffing gaps
Better reporting tools
End-user training
Filling known gaps in capabilities (other than
staffing amp technology)
Global 2018 SampP
If you were given more budget for cybersecurity how would you use it
9
New technologies are important for the future
The evolution of digital technologies is a double-edged sword It has been essential to organizationsrsquo success globally while increasing the risk of cyber threat 89 percent of Software amp Platforms respondents agree that the adoption of new innovative business models ecosystems liquid workforces etc can increase the attack surface and make organizations more vulnerable to the threat of cyber attacks (see Figure 10)
At the same time the digital technologies that created market disruption and spawned the next wave of successful cyber attacks are also proving to be part of the solution to tackling cybersecurity Our research shows that 90 percent of Software amp Platforms respondents believe that breakthrough technologies such as artificial intelligence (AI) machine or deep learning user behavior analytics and blockchain are essential to securing the future of their organizations (see Figure 11)
FIGURE 10 As companies adopt new innovative business models ecosystems liquid workforce etc the risk and security attack surface area increases exponentially
FIGURE 11 New technologies as AI machine deep learning user behavior analytics blockchain etc are essential to securing the future of the organization
Disagree AgreeStrongly agree
2018 Global 2018 SampP
82
18
89
11
Disagree AgreeStrongly agree
2018 Global 2018 SampP
82
18
89
11
Disagree AgreeStrongly agree
2018 Global 2018 SampP
83
17
90
10
Disagree AgreeStrongly agree
2018 Global 2018 SampP
83
17
90
10
10
FIGURE 12 Only 32 of Software amp Platforms respondents invest in Machine learning and AI today
Indeed it is breakthrough technologies that will drive the next round of cyber resiliencemdashalthough only one in three (or around 32 percent) of Software amp Platforms business leaders are already investing in areas like machine learningAI and automation as most of them instead invest in IoT security security intelligence platforms and blockchain (see Figure 12)
In which of the following newemerging technologies are you investing to evolve your security programm (multiple responses)
61
54
49
48
37
37
32
55
54
48
45
45
44
43
IoT security
Security intelligence platforms
Threat hunting
Continuous control monitoringand reporting
Managed security services
Machine learningAI
38
37
41
40
Password-less authentication
Robotic process automation (RPA)
Blockchain
Global 2018 SampP
In which of the following newemerging technologies are you investing to evolve your security program (Multiple responses)
11
Both internal and external focus needed
In terms of delivering the next wave of improvements it is easy to focus exclusively on counteracting external attacks but organizations should not neglect the enemy within When looking at the incidents security teams fail to prevent the top two attacks with the greatest impact are external attacks such as hackers and internal attacks such as malicious insiders (see Figure 13) Furthermore these two types of attacks are also the most frequent ones according to respondents This serves as a timely reminder for organizations to protect themselves from the inside out against the equally damaging threats of internal and external attacks
FIGURE 13 External attacks such as hackers and internal attacks such as malicious insiders are both the most frequent attacks and those with the greatest impact
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Most damaging breaches ranked by frequency amp impact
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Among the successful breaches please indicate which of the following causes had the greatest impact
12
FIGURE 15 41 of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their partners as to their own business
FIGURE 14 On average one-quarter of a Software amp Platforms company is not protected by a cybersecurity program
On average Software amp Platforms respondents said a cybersecurity program does not protect one-quarter (27 percent) of their organization (see Figure 14) including corporate IT and the systems in the corporate office Protection of third parties ranked lowest of all at only 36 percent
Cybersecurity performance should also extend beyond the organizationsrsquo own four walls but for many organizations they are only as good as their weakest link Subsidiary and third-party risk is top of mind especially when 41 percent of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their extended ecosystem of partners as they apply to their own business (see Figure 15)
Consequently Software amp Platforms companies must do more to put the basics of cybersecurity in place to protect their most valuable assetsmdashfrom the inside outmdashacross their entire industry value chain
Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards
Not protected Protected
2018 Global 2018 SampP
67
33
73
27
Not protected Protected
2018 Global 2018 SampP
67
33
73
27
Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards
We do not review cybersecurity standards of partners
We review cybersecurity standards of partners but do not impose any standards or requirements
We hold partners to a min standards for cybersecurity that is below our business standards and audit regularly
We hold partners to the same cybersecurity standards as our business and audit regularly
We hold partners to higher cybersecurity standards than our business
2018 Global 2018 SampP
46
16
14
18
6
37
21
15
22
5
13
FIGURE 16 Share of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE
2 of FTEs work with security at Software amp Platforms companies
Organizations rely on their internal security workforce but also supplement it with contractors and outsourced staff Software amp Platforms companies have less of their total headcount around 2 percent work with security compared to the global average of almost 3 percent At the same time Software amp Platforms companies have more employees working with ldquoSecurity Strategy and Leadershiprdquo PMO and ldquoSecurity Architecture and Engineeringrdquo On the other hand Software amp Platforms companies have fewer contractors and consultants as well as fewer outsourced FTEs than the global average (see Figure 16)
Percentage of various Internal Security FTE ContractorsConsultants and Outsoursed FTE as a percentage of Total FTE
2
073
059
088
06
075
286
073
071
07
067
066
Security FTE
Security operations
Security strategy andleadership PMO
Security architectureand engineering
Risk and compliance
033
02
057
032
Contractorsconsultants
Outsourced
Digital identity
Global 2018 SampP
Percentage of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE
14
FIGURE 17 Software amp Platforms respondents feel least confident about their organizationrsquos effectiveness when it comes to Third Party amp Compliance while they are generally confident about their cybersecurity capabilities and effectiveness
Confidence is high amongst Software amp Platforms respondents on all capabilities we asked them about For example 86 percent feel confident about their companyrsquos ability to monitor breaches 87 percent feel confident about identifying the cause of a breach and 84 percent feel confident about restoring normal activity after a breach (see Figure 17)
Although confidence is also generally high amongst respondents in their organizationrsquos cybersecurity effectiveness only 76 percent feel confident in their Third Party amp Compliance-related effectiveness (see Figure 17)
Software amp Platforms companies rate themselves the least effective in Third Party amp Compliance
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
How confident are you in the effectiveness of each of the following for your organization
15
Five steps to cyber resilienceBuild on a strong foundation harden and protect your core assets Important to identify the high-value assets of your company and then strengthen their security as Software amp Platforms companies today do not protect on average a quarter of their organization with their cybersecurity program Make sure to prepare for the worst and test those scenarios
Pressure test your resilience use coached incident simulation As the red team blue team modelmdashwhere a red team is tasked with infiltrating your security system and a blue team is tasked with detecting itmdashhas its limitations we advise using a coached incident simulation often referred to as purple teaming which also uses threat intelligence and advanced adversary simulation techniques as well as coaching
Employ breakthrough technologies automate defenses Use AI big data analytics and machine learning to enable security teams to react and respond in nano- or milliseconds not minutes hours or days Furthermore implement multi-factor authentication user behavior monitoring AI-driven access provisioning and deprovisioning
Use intelligence and data to be proactive hunt threats Use a data-driven approach and advanced threat intelligence to better anticipate potential attacks and develop a more proactive security posture for your business
Evolve the role of the CISO The next-generation CISO should be business adept and tech-savvy someone who is equally at home in the boardroom as in the security operations center
01
02
03
04
05
15
ABOUT ACCENTUREAccenture is a leading global professional services company providing a broad range of services and solutions in strategy consulting digital technology and operations Combining unmatched experience and specialized skills across more than 40 industries and all business functions ndash underpinned by the worldrsquos largest delivery network ndash Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders With 459000 people serving clients in more than 120 countries Accenture drives innovation to improve the way the world works and lives Visit us at wwwaccenturecom
Copyright copy 2018 Accenture All rights reserved
Accenture and its logo are trademarks of Accenture
For more information contact Kevin Collins kevinjcollinsaccenturecom
Paul Johnson pauldjohnsonaccenturecom
3
Introduction
The cyber-resilient business brings together the capabilities of cybersecurity business continuity and enterprise resilience It applies fluid security strategies to respond quickly to threats so it can minimize the damage and continue to operate under attack As a result the cyber-resilient business can introduce innovative offerings and business models securely strengthen customer trust and grow with confidence
Cyber attacks take many forms and have different degrees of impact The average organization is subjected to a daily deluge of hundredsmdashif not thousandsmdashof speculative attacks which are handled by mature security technologies such as firewalls For the purposes of this Accenture research we investigated targeted cyber attacks which have the potential to both penetrate network defenses and cause damage to or extract high-value assets and processes from within the organization
In 2017 Accenture Security surveyed 2000 executives to understand the extent to which organizations prioritize security how comprehensive their security plans are what security capabilities they have and their level of spend on security
Just over a year later Accenture Security undertook a similar survey this time interviewing 4669 executives representing companies with annual revenues of US$1 billion or more from 18 industries and 15 countries across North and South America Europe and Asia Pacific More than 98 percent of respondents were sole or key decision makers in cybersecurity strategy and spending for their organization In this second survey 221 executives represented Software amp Platforms companies from 14 countries with annual revenues of US$6 billion or more (see Figure 1)
FIGURE 1 221 executives represented Software amp Platforms companies from 14 countries with annual revenues of US$6 billion or more in our survey carried out in Feb 2018
US
UKAustraliaJapanFrance
Chief Information Security Officer
Chief SecurityOfficer
Chief ComplianceOfficer
Chief Risk Officer
$6ndash99B
$10ndash199B
$20ndash499B
$50B+Chief Security Architect
Corporate Security Officer
GermanyNetherlandsCanadaNorwayItalyBrazilIreland
Respondents by location Respondents by role Respondents by org revenue
21202015151110109 55 55
70
70
33
199 3
221221
87
71
58
14
221
77
SpainSingapore
4
Software amp Platforms companies doing well with some room left for improvement
We asked survey respondents to rank their performance based on a list of 33 cybersecurity capabilities across 7 domains (see Figure 2) On average Software amp Platforms companies performed high on 22 of these capabilities outperforming the global average of 19 (see Figure 3)
FIGURE 2 Respondents were asked to rate their performance on 33 cybersecurity capabilities across 7 domains
Cyber Response
Plans
Cyber Incident Escalation Plans
Stakeholder Involvement
Cyber Incident Communication
Recovery of Key Assets
WhatndashIf Analysis
Peer Situation Monitoring
Business Relevant Threat
Monitoring
Threat Vector Monitoring
Recovery Ability
Design for Resilience
Exposure Driven Design
Continuous Improvement
Threat Landscape Alignment
High-Value Assets
amp Business Processes
Physical amp Safety
Risks
Actual IT Support
Scenarios of Material
Impact
Key Protection Assumptions
High Value Assets amp Business
Processes
Business Exposure
ResilienceReadiness
InvestmentEfficiency
Governanceamp Leadership
ExtendedEcosystem
CyberResponseReadiness
StrategicThreatContext
Physical amp Safety
Risks
IT Risk Support
Cyber Attack Scenarios
Contractual Dependability
Contractual Assurance
Regulatory Compliance
Focus
Operational Cooperation
Securing Future
Architecture
Protection of Key Assets
Security in ProjectFunding
Security in Investment
Funding
Risk Analysis amp Budgeting
Cybersecurity Strategy
5
FIGURE 4 Room for improvement as companies face 2-3 security breaches per month
An attack needs to be successful only once whereas organizationsrsquo cyber resilience needs to be effective every time The ability to detect an attack has significantly improved over the last year Despite the increased pressure from targeted cybersecurity attacks more than doubling (232 on average in 2018 vs 106 in 2017 see Figure 4) organizations are demonstrating far more success in heading them off with only one in eight (or around 13 percent) of focused attacks are getting through in 2018 This is much better than the one in three (or around 30 percent_ that caused disruption to organizations just over a year ago
At the same time the number of successful attacks stagnating globally at ~30 means that on average organizations are facing 2-3 security breaches per month This raises concerns so there is more work to be done In comparison Software amp Platforms companies faced on average 251 attacks in 2018 of which 33 (or around 13 percent) were successful showing further room for improvement
Security breaches Prevented targeted attacks
2017 Global 2018 Global
32(30)
30(13)
74(70)
202(87)106
232
2018 SampP
33(13)
218(87)
251
Security breaches Prevented targeted attacks
2017 Global 2018 Global
32(30)
30(13)
74(70)
202(87)106
232
2018 SampP
33(13)
218(87)
251
FIGURE 3 Software amp Platforms companies performed high on 22 of 33 cybersecurity capabilities vs the global average of 19
Capabilities rated high performing
Capabilities NOT rated high performing
2018 Global 2018 SampP
14 11
19 22
33 33
Capabilities rated high performing
Capabilities NOT rated high performing
2018 Global 2018 SampP
14 11
19 22
33 33
6
FIGURE 5 Software amp Platforms security teams discovered on average 68 of breach attempts and get most help identifying the rest of the attempts from white hats internal employees and law enforcement
Of course security teams are not always the first to know about attacks The insidious nature of cybercrime means that there are continually evolving ways to infiltrate an organization But more collaboration is taking place for the attacks that security teams do not identify When the survey asked how Software amp Platforms companies learn about breaches undetected by their security teams 64 percent said from white hats 63 percent from their own employees and 56 percent said from law enforcement (see Figure 5) Such collaboration and threat information sharing is positive and needs to grow further as there is safety in numbers when defending against cyber attacks
Despite the rising pressure of targeted cyber attacks security teams at Software amp Platforms companies continue to identify around two-thirds or 68 percent of all breach attempts on average (see Figure 5) However this masks a divergence in performance among organizations 23 percent of respondents were in the top category ie able to identify between 76 percent and 100 percent of breach attempts while 15 percent of respondents fell into the lowest category able to identify less than half of all breach attempts So while many organizations are performing well some are clearly struggling with the increased pressure of attacks
Proportion of cyber attacks discovered by security teams
26
37
23
15Less than 50
51-65
76 or more
66-75
For breaches not detected by your security team how do you most frequently learn about them (Ranked top 3)
63
56
52
64White hatsInternally by our
employees
Externally by a peercompetitor in our industry
Law enforcement
51Externally by the media
Attacks identified by security team
Attacks NOT identified by security team
2018 SampP
32
68
251
7
Cybersecurity budget approved by C-level and on the rise
FIGURE 6 67 say their Board CEO or Executive Committee authorizes their cybersecurity budget
FIGURE 7 Software amp Platforms companies spend 20 of their IT budget on cybersecurity
Percentage of IT budget spent on security
Rest of IT budget
2018 Global 2018 SampP
81 80
19 20
Percentage of IT budget spent on security
Rest of IT budget
2018 Global 2018 SampP
81 80
19 20
Of those surveyed 67 percent say their Board CEO or Executive Committee authorizes their cybersecurity spend compared to the global average of 59 percent (see Figure 6) Consequently budget authorization rests at the highest levels of companies
This elevated status of cyber resilience within the business is helping to fuel improvements Security spending reached 20 percent of the IT budget in Software amp Platforms companies (see Figure 7)Who authorizes your cybersecurity budget
Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee
2018 Global 2018 SampP
27
12
11
36
117
32 31
96 1 11
104
Who authorizes your cybersecurity budget
Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee
2018 Global 2018 SampP
27
12
11
36
117
32 31
96 1 11
104
Who authorizes your cybersecurity budget
Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee
2018 Global 2018 SampP
27
12
11
36
117
32 31
96 1 11
104
Who authorizes your cybersecurity budget
8
FIGURE 8 43 of Software amp Platforms companies expect to increase their cybersecurity budget significantly over the next three years while only 28 claim to have done so in the past three years
FIGURE 9 With more budget security investments would be directed toward technologies and innovations over training
Given the additional budget Software amp Platforms companies would invest in breakthrough technologies 65 percent of respondents would spend it on adding innovations in cybersecurity and 58 percent would spend it on filling known gaps in cybersecurity technology but only 14 percent would spend it on end-user training (see Figure 9)
The general outlook for investment is positive with 90 percent of Software amp Platforms respondents expecting their organizationrsquos overall investment in cybersecurity to stay the same or increase in the next three years (see Figure 8) At the same time only 43 percent of them expect that increased investment to be significant (double or more)mdashhardly a fast-track to embedding security into the fabric of the organization This however is still an increase compared to the 28 percent who claim they have significantly increased their cybersecurity budget over the past three years
Past 3 years
Increased significantly (doubled or more)
Increased modestly
2018 Global 2018 SampP
65
22 28
13
62
9 1
Next 3 years
Decreased modestly
Stayed the same Decreased significantly (by half or more)
2018 Global 2018 SampP
43
48
11
31
59
9 1 7
Past 3 years
Increased significantly (doubled or more)
Increased modestly
2018 Global 2018 SampP
65
22 28
13
62
9 1
Next 3 years
Decreased modestly
Stayed the same Decreased significantly (by half or more)
2018 Global 2018 SampP
43
48
11
31
59
9 1 7
Past 3 years
Increased significantly (doubled or more)
Increased modestly
2018 Global 2018 SampP
65
22 28
13
62
9 1
Next 3 years
Decreased modestly
Stayed the same Decreased significantly (by half or more)
2018 Global 2018 SampP
43
48
11
31
59
9 1 7
If you were given more budget for sybersecurityhow would you use it
58
65
56
45
37
14
62
59
54
52
36
13
Filling known gaps in cybersecurity technology
Adding new innovations in cybersecurity
Filling security staffing gaps
Better reporting tools
End-user training
Filling known gaps in capabilities (other than
staffing amp technology)
Global 2018 SampP
If you were given more budget for cybersecurity how would you use it
9
New technologies are important for the future
The evolution of digital technologies is a double-edged sword It has been essential to organizationsrsquo success globally while increasing the risk of cyber threat 89 percent of Software amp Platforms respondents agree that the adoption of new innovative business models ecosystems liquid workforces etc can increase the attack surface and make organizations more vulnerable to the threat of cyber attacks (see Figure 10)
At the same time the digital technologies that created market disruption and spawned the next wave of successful cyber attacks are also proving to be part of the solution to tackling cybersecurity Our research shows that 90 percent of Software amp Platforms respondents believe that breakthrough technologies such as artificial intelligence (AI) machine or deep learning user behavior analytics and blockchain are essential to securing the future of their organizations (see Figure 11)
FIGURE 10 As companies adopt new innovative business models ecosystems liquid workforce etc the risk and security attack surface area increases exponentially
FIGURE 11 New technologies as AI machine deep learning user behavior analytics blockchain etc are essential to securing the future of the organization
Disagree AgreeStrongly agree
2018 Global 2018 SampP
82
18
89
11
Disagree AgreeStrongly agree
2018 Global 2018 SampP
82
18
89
11
Disagree AgreeStrongly agree
2018 Global 2018 SampP
83
17
90
10
Disagree AgreeStrongly agree
2018 Global 2018 SampP
83
17
90
10
10
FIGURE 12 Only 32 of Software amp Platforms respondents invest in Machine learning and AI today
Indeed it is breakthrough technologies that will drive the next round of cyber resiliencemdashalthough only one in three (or around 32 percent) of Software amp Platforms business leaders are already investing in areas like machine learningAI and automation as most of them instead invest in IoT security security intelligence platforms and blockchain (see Figure 12)
In which of the following newemerging technologies are you investing to evolve your security programm (multiple responses)
61
54
49
48
37
37
32
55
54
48
45
45
44
43
IoT security
Security intelligence platforms
Threat hunting
Continuous control monitoringand reporting
Managed security services
Machine learningAI
38
37
41
40
Password-less authentication
Robotic process automation (RPA)
Blockchain
Global 2018 SampP
In which of the following newemerging technologies are you investing to evolve your security program (Multiple responses)
11
Both internal and external focus needed
In terms of delivering the next wave of improvements it is easy to focus exclusively on counteracting external attacks but organizations should not neglect the enemy within When looking at the incidents security teams fail to prevent the top two attacks with the greatest impact are external attacks such as hackers and internal attacks such as malicious insiders (see Figure 13) Furthermore these two types of attacks are also the most frequent ones according to respondents This serves as a timely reminder for organizations to protect themselves from the inside out against the equally damaging threats of internal and external attacks
FIGURE 13 External attacks such as hackers and internal attacks such as malicious insiders are both the most frequent attacks and those with the greatest impact
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Most damaging breaches ranked by frequency amp impact
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Among the successful breaches please indicate which of the following causes had the greatest impact
12
FIGURE 15 41 of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their partners as to their own business
FIGURE 14 On average one-quarter of a Software amp Platforms company is not protected by a cybersecurity program
On average Software amp Platforms respondents said a cybersecurity program does not protect one-quarter (27 percent) of their organization (see Figure 14) including corporate IT and the systems in the corporate office Protection of third parties ranked lowest of all at only 36 percent
Cybersecurity performance should also extend beyond the organizationsrsquo own four walls but for many organizations they are only as good as their weakest link Subsidiary and third-party risk is top of mind especially when 41 percent of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their extended ecosystem of partners as they apply to their own business (see Figure 15)
Consequently Software amp Platforms companies must do more to put the basics of cybersecurity in place to protect their most valuable assetsmdashfrom the inside outmdashacross their entire industry value chain
Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards
Not protected Protected
2018 Global 2018 SampP
67
33
73
27
Not protected Protected
2018 Global 2018 SampP
67
33
73
27
Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards
We do not review cybersecurity standards of partners
We review cybersecurity standards of partners but do not impose any standards or requirements
We hold partners to a min standards for cybersecurity that is below our business standards and audit regularly
We hold partners to the same cybersecurity standards as our business and audit regularly
We hold partners to higher cybersecurity standards than our business
2018 Global 2018 SampP
46
16
14
18
6
37
21
15
22
5
13
FIGURE 16 Share of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE
2 of FTEs work with security at Software amp Platforms companies
Organizations rely on their internal security workforce but also supplement it with contractors and outsourced staff Software amp Platforms companies have less of their total headcount around 2 percent work with security compared to the global average of almost 3 percent At the same time Software amp Platforms companies have more employees working with ldquoSecurity Strategy and Leadershiprdquo PMO and ldquoSecurity Architecture and Engineeringrdquo On the other hand Software amp Platforms companies have fewer contractors and consultants as well as fewer outsourced FTEs than the global average (see Figure 16)
Percentage of various Internal Security FTE ContractorsConsultants and Outsoursed FTE as a percentage of Total FTE
2
073
059
088
06
075
286
073
071
07
067
066
Security FTE
Security operations
Security strategy andleadership PMO
Security architectureand engineering
Risk and compliance
033
02
057
032
Contractorsconsultants
Outsourced
Digital identity
Global 2018 SampP
Percentage of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE
14
FIGURE 17 Software amp Platforms respondents feel least confident about their organizationrsquos effectiveness when it comes to Third Party amp Compliance while they are generally confident about their cybersecurity capabilities and effectiveness
Confidence is high amongst Software amp Platforms respondents on all capabilities we asked them about For example 86 percent feel confident about their companyrsquos ability to monitor breaches 87 percent feel confident about identifying the cause of a breach and 84 percent feel confident about restoring normal activity after a breach (see Figure 17)
Although confidence is also generally high amongst respondents in their organizationrsquos cybersecurity effectiveness only 76 percent feel confident in their Third Party amp Compliance-related effectiveness (see Figure 17)
Software amp Platforms companies rate themselves the least effective in Third Party amp Compliance
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
How confident are you in the effectiveness of each of the following for your organization
15
Five steps to cyber resilienceBuild on a strong foundation harden and protect your core assets Important to identify the high-value assets of your company and then strengthen their security as Software amp Platforms companies today do not protect on average a quarter of their organization with their cybersecurity program Make sure to prepare for the worst and test those scenarios
Pressure test your resilience use coached incident simulation As the red team blue team modelmdashwhere a red team is tasked with infiltrating your security system and a blue team is tasked with detecting itmdashhas its limitations we advise using a coached incident simulation often referred to as purple teaming which also uses threat intelligence and advanced adversary simulation techniques as well as coaching
Employ breakthrough technologies automate defenses Use AI big data analytics and machine learning to enable security teams to react and respond in nano- or milliseconds not minutes hours or days Furthermore implement multi-factor authentication user behavior monitoring AI-driven access provisioning and deprovisioning
Use intelligence and data to be proactive hunt threats Use a data-driven approach and advanced threat intelligence to better anticipate potential attacks and develop a more proactive security posture for your business
Evolve the role of the CISO The next-generation CISO should be business adept and tech-savvy someone who is equally at home in the boardroom as in the security operations center
01
02
03
04
05
15
ABOUT ACCENTUREAccenture is a leading global professional services company providing a broad range of services and solutions in strategy consulting digital technology and operations Combining unmatched experience and specialized skills across more than 40 industries and all business functions ndash underpinned by the worldrsquos largest delivery network ndash Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders With 459000 people serving clients in more than 120 countries Accenture drives innovation to improve the way the world works and lives Visit us at wwwaccenturecom
Copyright copy 2018 Accenture All rights reserved
Accenture and its logo are trademarks of Accenture
For more information contact Kevin Collins kevinjcollinsaccenturecom
Paul Johnson pauldjohnsonaccenturecom
4
Software amp Platforms companies doing well with some room left for improvement
We asked survey respondents to rank their performance based on a list of 33 cybersecurity capabilities across 7 domains (see Figure 2) On average Software amp Platforms companies performed high on 22 of these capabilities outperforming the global average of 19 (see Figure 3)
FIGURE 2 Respondents were asked to rate their performance on 33 cybersecurity capabilities across 7 domains
Cyber Response
Plans
Cyber Incident Escalation Plans
Stakeholder Involvement
Cyber Incident Communication
Recovery of Key Assets
WhatndashIf Analysis
Peer Situation Monitoring
Business Relevant Threat
Monitoring
Threat Vector Monitoring
Recovery Ability
Design for Resilience
Exposure Driven Design
Continuous Improvement
Threat Landscape Alignment
High-Value Assets
amp Business Processes
Physical amp Safety
Risks
Actual IT Support
Scenarios of Material
Impact
Key Protection Assumptions
High Value Assets amp Business
Processes
Business Exposure
ResilienceReadiness
InvestmentEfficiency
Governanceamp Leadership
ExtendedEcosystem
CyberResponseReadiness
StrategicThreatContext
Physical amp Safety
Risks
IT Risk Support
Cyber Attack Scenarios
Contractual Dependability
Contractual Assurance
Regulatory Compliance
Focus
Operational Cooperation
Securing Future
Architecture
Protection of Key Assets
Security in ProjectFunding
Security in Investment
Funding
Risk Analysis amp Budgeting
Cybersecurity Strategy
5
FIGURE 4 Room for improvement as companies face 2-3 security breaches per month
An attack needs to be successful only once whereas organizationsrsquo cyber resilience needs to be effective every time The ability to detect an attack has significantly improved over the last year Despite the increased pressure from targeted cybersecurity attacks more than doubling (232 on average in 2018 vs 106 in 2017 see Figure 4) organizations are demonstrating far more success in heading them off with only one in eight (or around 13 percent) of focused attacks are getting through in 2018 This is much better than the one in three (or around 30 percent_ that caused disruption to organizations just over a year ago
At the same time the number of successful attacks stagnating globally at ~30 means that on average organizations are facing 2-3 security breaches per month This raises concerns so there is more work to be done In comparison Software amp Platforms companies faced on average 251 attacks in 2018 of which 33 (or around 13 percent) were successful showing further room for improvement
Security breaches Prevented targeted attacks
2017 Global 2018 Global
32(30)
30(13)
74(70)
202(87)106
232
2018 SampP
33(13)
218(87)
251
Security breaches Prevented targeted attacks
2017 Global 2018 Global
32(30)
30(13)
74(70)
202(87)106
232
2018 SampP
33(13)
218(87)
251
FIGURE 3 Software amp Platforms companies performed high on 22 of 33 cybersecurity capabilities vs the global average of 19
Capabilities rated high performing
Capabilities NOT rated high performing
2018 Global 2018 SampP
14 11
19 22
33 33
Capabilities rated high performing
Capabilities NOT rated high performing
2018 Global 2018 SampP
14 11
19 22
33 33
6
FIGURE 5 Software amp Platforms security teams discovered on average 68 of breach attempts and get most help identifying the rest of the attempts from white hats internal employees and law enforcement
Of course security teams are not always the first to know about attacks The insidious nature of cybercrime means that there are continually evolving ways to infiltrate an organization But more collaboration is taking place for the attacks that security teams do not identify When the survey asked how Software amp Platforms companies learn about breaches undetected by their security teams 64 percent said from white hats 63 percent from their own employees and 56 percent said from law enforcement (see Figure 5) Such collaboration and threat information sharing is positive and needs to grow further as there is safety in numbers when defending against cyber attacks
Despite the rising pressure of targeted cyber attacks security teams at Software amp Platforms companies continue to identify around two-thirds or 68 percent of all breach attempts on average (see Figure 5) However this masks a divergence in performance among organizations 23 percent of respondents were in the top category ie able to identify between 76 percent and 100 percent of breach attempts while 15 percent of respondents fell into the lowest category able to identify less than half of all breach attempts So while many organizations are performing well some are clearly struggling with the increased pressure of attacks
Proportion of cyber attacks discovered by security teams
26
37
23
15Less than 50
51-65
76 or more
66-75
For breaches not detected by your security team how do you most frequently learn about them (Ranked top 3)
63
56
52
64White hatsInternally by our
employees
Externally by a peercompetitor in our industry
Law enforcement
51Externally by the media
Attacks identified by security team
Attacks NOT identified by security team
2018 SampP
32
68
251
7
Cybersecurity budget approved by C-level and on the rise
FIGURE 6 67 say their Board CEO or Executive Committee authorizes their cybersecurity budget
FIGURE 7 Software amp Platforms companies spend 20 of their IT budget on cybersecurity
Percentage of IT budget spent on security
Rest of IT budget
2018 Global 2018 SampP
81 80
19 20
Percentage of IT budget spent on security
Rest of IT budget
2018 Global 2018 SampP
81 80
19 20
Of those surveyed 67 percent say their Board CEO or Executive Committee authorizes their cybersecurity spend compared to the global average of 59 percent (see Figure 6) Consequently budget authorization rests at the highest levels of companies
This elevated status of cyber resilience within the business is helping to fuel improvements Security spending reached 20 percent of the IT budget in Software amp Platforms companies (see Figure 7)Who authorizes your cybersecurity budget
Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee
2018 Global 2018 SampP
27
12
11
36
117
32 31
96 1 11
104
Who authorizes your cybersecurity budget
Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee
2018 Global 2018 SampP
27
12
11
36
117
32 31
96 1 11
104
Who authorizes your cybersecurity budget
Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee
2018 Global 2018 SampP
27
12
11
36
117
32 31
96 1 11
104
Who authorizes your cybersecurity budget
8
FIGURE 8 43 of Software amp Platforms companies expect to increase their cybersecurity budget significantly over the next three years while only 28 claim to have done so in the past three years
FIGURE 9 With more budget security investments would be directed toward technologies and innovations over training
Given the additional budget Software amp Platforms companies would invest in breakthrough technologies 65 percent of respondents would spend it on adding innovations in cybersecurity and 58 percent would spend it on filling known gaps in cybersecurity technology but only 14 percent would spend it on end-user training (see Figure 9)
The general outlook for investment is positive with 90 percent of Software amp Platforms respondents expecting their organizationrsquos overall investment in cybersecurity to stay the same or increase in the next three years (see Figure 8) At the same time only 43 percent of them expect that increased investment to be significant (double or more)mdashhardly a fast-track to embedding security into the fabric of the organization This however is still an increase compared to the 28 percent who claim they have significantly increased their cybersecurity budget over the past three years
Past 3 years
Increased significantly (doubled or more)
Increased modestly
2018 Global 2018 SampP
65
22 28
13
62
9 1
Next 3 years
Decreased modestly
Stayed the same Decreased significantly (by half or more)
2018 Global 2018 SampP
43
48
11
31
59
9 1 7
Past 3 years
Increased significantly (doubled or more)
Increased modestly
2018 Global 2018 SampP
65
22 28
13
62
9 1
Next 3 years
Decreased modestly
Stayed the same Decreased significantly (by half or more)
2018 Global 2018 SampP
43
48
11
31
59
9 1 7
Past 3 years
Increased significantly (doubled or more)
Increased modestly
2018 Global 2018 SampP
65
22 28
13
62
9 1
Next 3 years
Decreased modestly
Stayed the same Decreased significantly (by half or more)
2018 Global 2018 SampP
43
48
11
31
59
9 1 7
If you were given more budget for sybersecurityhow would you use it
58
65
56
45
37
14
62
59
54
52
36
13
Filling known gaps in cybersecurity technology
Adding new innovations in cybersecurity
Filling security staffing gaps
Better reporting tools
End-user training
Filling known gaps in capabilities (other than
staffing amp technology)
Global 2018 SampP
If you were given more budget for cybersecurity how would you use it
9
New technologies are important for the future
The evolution of digital technologies is a double-edged sword It has been essential to organizationsrsquo success globally while increasing the risk of cyber threat 89 percent of Software amp Platforms respondents agree that the adoption of new innovative business models ecosystems liquid workforces etc can increase the attack surface and make organizations more vulnerable to the threat of cyber attacks (see Figure 10)
At the same time the digital technologies that created market disruption and spawned the next wave of successful cyber attacks are also proving to be part of the solution to tackling cybersecurity Our research shows that 90 percent of Software amp Platforms respondents believe that breakthrough technologies such as artificial intelligence (AI) machine or deep learning user behavior analytics and blockchain are essential to securing the future of their organizations (see Figure 11)
FIGURE 10 As companies adopt new innovative business models ecosystems liquid workforce etc the risk and security attack surface area increases exponentially
FIGURE 11 New technologies as AI machine deep learning user behavior analytics blockchain etc are essential to securing the future of the organization
Disagree AgreeStrongly agree
2018 Global 2018 SampP
82
18
89
11
Disagree AgreeStrongly agree
2018 Global 2018 SampP
82
18
89
11
Disagree AgreeStrongly agree
2018 Global 2018 SampP
83
17
90
10
Disagree AgreeStrongly agree
2018 Global 2018 SampP
83
17
90
10
10
FIGURE 12 Only 32 of Software amp Platforms respondents invest in Machine learning and AI today
Indeed it is breakthrough technologies that will drive the next round of cyber resiliencemdashalthough only one in three (or around 32 percent) of Software amp Platforms business leaders are already investing in areas like machine learningAI and automation as most of them instead invest in IoT security security intelligence platforms and blockchain (see Figure 12)
In which of the following newemerging technologies are you investing to evolve your security programm (multiple responses)
61
54
49
48
37
37
32
55
54
48
45
45
44
43
IoT security
Security intelligence platforms
Threat hunting
Continuous control monitoringand reporting
Managed security services
Machine learningAI
38
37
41
40
Password-less authentication
Robotic process automation (RPA)
Blockchain
Global 2018 SampP
In which of the following newemerging technologies are you investing to evolve your security program (Multiple responses)
11
Both internal and external focus needed
In terms of delivering the next wave of improvements it is easy to focus exclusively on counteracting external attacks but organizations should not neglect the enemy within When looking at the incidents security teams fail to prevent the top two attacks with the greatest impact are external attacks such as hackers and internal attacks such as malicious insiders (see Figure 13) Furthermore these two types of attacks are also the most frequent ones according to respondents This serves as a timely reminder for organizations to protect themselves from the inside out against the equally damaging threats of internal and external attacks
FIGURE 13 External attacks such as hackers and internal attacks such as malicious insiders are both the most frequent attacks and those with the greatest impact
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Most damaging breaches ranked by frequency amp impact
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Among the successful breaches please indicate which of the following causes had the greatest impact
12
FIGURE 15 41 of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their partners as to their own business
FIGURE 14 On average one-quarter of a Software amp Platforms company is not protected by a cybersecurity program
On average Software amp Platforms respondents said a cybersecurity program does not protect one-quarter (27 percent) of their organization (see Figure 14) including corporate IT and the systems in the corporate office Protection of third parties ranked lowest of all at only 36 percent
Cybersecurity performance should also extend beyond the organizationsrsquo own four walls but for many organizations they are only as good as their weakest link Subsidiary and third-party risk is top of mind especially when 41 percent of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their extended ecosystem of partners as they apply to their own business (see Figure 15)
Consequently Software amp Platforms companies must do more to put the basics of cybersecurity in place to protect their most valuable assetsmdashfrom the inside outmdashacross their entire industry value chain
Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards
Not protected Protected
2018 Global 2018 SampP
67
33
73
27
Not protected Protected
2018 Global 2018 SampP
67
33
73
27
Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards
We do not review cybersecurity standards of partners
We review cybersecurity standards of partners but do not impose any standards or requirements
We hold partners to a min standards for cybersecurity that is below our business standards and audit regularly
We hold partners to the same cybersecurity standards as our business and audit regularly
We hold partners to higher cybersecurity standards than our business
2018 Global 2018 SampP
46
16
14
18
6
37
21
15
22
5
13
FIGURE 16 Share of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE
2 of FTEs work with security at Software amp Platforms companies
Organizations rely on their internal security workforce but also supplement it with contractors and outsourced staff Software amp Platforms companies have less of their total headcount around 2 percent work with security compared to the global average of almost 3 percent At the same time Software amp Platforms companies have more employees working with ldquoSecurity Strategy and Leadershiprdquo PMO and ldquoSecurity Architecture and Engineeringrdquo On the other hand Software amp Platforms companies have fewer contractors and consultants as well as fewer outsourced FTEs than the global average (see Figure 16)
Percentage of various Internal Security FTE ContractorsConsultants and Outsoursed FTE as a percentage of Total FTE
2
073
059
088
06
075
286
073
071
07
067
066
Security FTE
Security operations
Security strategy andleadership PMO
Security architectureand engineering
Risk and compliance
033
02
057
032
Contractorsconsultants
Outsourced
Digital identity
Global 2018 SampP
Percentage of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE
14
FIGURE 17 Software amp Platforms respondents feel least confident about their organizationrsquos effectiveness when it comes to Third Party amp Compliance while they are generally confident about their cybersecurity capabilities and effectiveness
Confidence is high amongst Software amp Platforms respondents on all capabilities we asked them about For example 86 percent feel confident about their companyrsquos ability to monitor breaches 87 percent feel confident about identifying the cause of a breach and 84 percent feel confident about restoring normal activity after a breach (see Figure 17)
Although confidence is also generally high amongst respondents in their organizationrsquos cybersecurity effectiveness only 76 percent feel confident in their Third Party amp Compliance-related effectiveness (see Figure 17)
Software amp Platforms companies rate themselves the least effective in Third Party amp Compliance
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
How confident are you in the effectiveness of each of the following for your organization
15
Five steps to cyber resilienceBuild on a strong foundation harden and protect your core assets Important to identify the high-value assets of your company and then strengthen their security as Software amp Platforms companies today do not protect on average a quarter of their organization with their cybersecurity program Make sure to prepare for the worst and test those scenarios
Pressure test your resilience use coached incident simulation As the red team blue team modelmdashwhere a red team is tasked with infiltrating your security system and a blue team is tasked with detecting itmdashhas its limitations we advise using a coached incident simulation often referred to as purple teaming which also uses threat intelligence and advanced adversary simulation techniques as well as coaching
Employ breakthrough technologies automate defenses Use AI big data analytics and machine learning to enable security teams to react and respond in nano- or milliseconds not minutes hours or days Furthermore implement multi-factor authentication user behavior monitoring AI-driven access provisioning and deprovisioning
Use intelligence and data to be proactive hunt threats Use a data-driven approach and advanced threat intelligence to better anticipate potential attacks and develop a more proactive security posture for your business
Evolve the role of the CISO The next-generation CISO should be business adept and tech-savvy someone who is equally at home in the boardroom as in the security operations center
01
02
03
04
05
15
ABOUT ACCENTUREAccenture is a leading global professional services company providing a broad range of services and solutions in strategy consulting digital technology and operations Combining unmatched experience and specialized skills across more than 40 industries and all business functions ndash underpinned by the worldrsquos largest delivery network ndash Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders With 459000 people serving clients in more than 120 countries Accenture drives innovation to improve the way the world works and lives Visit us at wwwaccenturecom
Copyright copy 2018 Accenture All rights reserved
Accenture and its logo are trademarks of Accenture
For more information contact Kevin Collins kevinjcollinsaccenturecom
Paul Johnson pauldjohnsonaccenturecom
5
FIGURE 4 Room for improvement as companies face 2-3 security breaches per month
An attack needs to be successful only once whereas organizationsrsquo cyber resilience needs to be effective every time The ability to detect an attack has significantly improved over the last year Despite the increased pressure from targeted cybersecurity attacks more than doubling (232 on average in 2018 vs 106 in 2017 see Figure 4) organizations are demonstrating far more success in heading them off with only one in eight (or around 13 percent) of focused attacks are getting through in 2018 This is much better than the one in three (or around 30 percent_ that caused disruption to organizations just over a year ago
At the same time the number of successful attacks stagnating globally at ~30 means that on average organizations are facing 2-3 security breaches per month This raises concerns so there is more work to be done In comparison Software amp Platforms companies faced on average 251 attacks in 2018 of which 33 (or around 13 percent) were successful showing further room for improvement
Security breaches Prevented targeted attacks
2017 Global 2018 Global
32(30)
30(13)
74(70)
202(87)106
232
2018 SampP
33(13)
218(87)
251
Security breaches Prevented targeted attacks
2017 Global 2018 Global
32(30)
30(13)
74(70)
202(87)106
232
2018 SampP
33(13)
218(87)
251
FIGURE 3 Software amp Platforms companies performed high on 22 of 33 cybersecurity capabilities vs the global average of 19
Capabilities rated high performing
Capabilities NOT rated high performing
2018 Global 2018 SampP
14 11
19 22
33 33
Capabilities rated high performing
Capabilities NOT rated high performing
2018 Global 2018 SampP
14 11
19 22
33 33
6
FIGURE 5 Software amp Platforms security teams discovered on average 68 of breach attempts and get most help identifying the rest of the attempts from white hats internal employees and law enforcement
Of course security teams are not always the first to know about attacks The insidious nature of cybercrime means that there are continually evolving ways to infiltrate an organization But more collaboration is taking place for the attacks that security teams do not identify When the survey asked how Software amp Platforms companies learn about breaches undetected by their security teams 64 percent said from white hats 63 percent from their own employees and 56 percent said from law enforcement (see Figure 5) Such collaboration and threat information sharing is positive and needs to grow further as there is safety in numbers when defending against cyber attacks
Despite the rising pressure of targeted cyber attacks security teams at Software amp Platforms companies continue to identify around two-thirds or 68 percent of all breach attempts on average (see Figure 5) However this masks a divergence in performance among organizations 23 percent of respondents were in the top category ie able to identify between 76 percent and 100 percent of breach attempts while 15 percent of respondents fell into the lowest category able to identify less than half of all breach attempts So while many organizations are performing well some are clearly struggling with the increased pressure of attacks
Proportion of cyber attacks discovered by security teams
26
37
23
15Less than 50
51-65
76 or more
66-75
For breaches not detected by your security team how do you most frequently learn about them (Ranked top 3)
63
56
52
64White hatsInternally by our
employees
Externally by a peercompetitor in our industry
Law enforcement
51Externally by the media
Attacks identified by security team
Attacks NOT identified by security team
2018 SampP
32
68
251
7
Cybersecurity budget approved by C-level and on the rise
FIGURE 6 67 say their Board CEO or Executive Committee authorizes their cybersecurity budget
FIGURE 7 Software amp Platforms companies spend 20 of their IT budget on cybersecurity
Percentage of IT budget spent on security
Rest of IT budget
2018 Global 2018 SampP
81 80
19 20
Percentage of IT budget spent on security
Rest of IT budget
2018 Global 2018 SampP
81 80
19 20
Of those surveyed 67 percent say their Board CEO or Executive Committee authorizes their cybersecurity spend compared to the global average of 59 percent (see Figure 6) Consequently budget authorization rests at the highest levels of companies
This elevated status of cyber resilience within the business is helping to fuel improvements Security spending reached 20 percent of the IT budget in Software amp Platforms companies (see Figure 7)Who authorizes your cybersecurity budget
Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee
2018 Global 2018 SampP
27
12
11
36
117
32 31
96 1 11
104
Who authorizes your cybersecurity budget
Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee
2018 Global 2018 SampP
27
12
11
36
117
32 31
96 1 11
104
Who authorizes your cybersecurity budget
Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee
2018 Global 2018 SampP
27
12
11
36
117
32 31
96 1 11
104
Who authorizes your cybersecurity budget
8
FIGURE 8 43 of Software amp Platforms companies expect to increase their cybersecurity budget significantly over the next three years while only 28 claim to have done so in the past three years
FIGURE 9 With more budget security investments would be directed toward technologies and innovations over training
Given the additional budget Software amp Platforms companies would invest in breakthrough technologies 65 percent of respondents would spend it on adding innovations in cybersecurity and 58 percent would spend it on filling known gaps in cybersecurity technology but only 14 percent would spend it on end-user training (see Figure 9)
The general outlook for investment is positive with 90 percent of Software amp Platforms respondents expecting their organizationrsquos overall investment in cybersecurity to stay the same or increase in the next three years (see Figure 8) At the same time only 43 percent of them expect that increased investment to be significant (double or more)mdashhardly a fast-track to embedding security into the fabric of the organization This however is still an increase compared to the 28 percent who claim they have significantly increased their cybersecurity budget over the past three years
Past 3 years
Increased significantly (doubled or more)
Increased modestly
2018 Global 2018 SampP
65
22 28
13
62
9 1
Next 3 years
Decreased modestly
Stayed the same Decreased significantly (by half or more)
2018 Global 2018 SampP
43
48
11
31
59
9 1 7
Past 3 years
Increased significantly (doubled or more)
Increased modestly
2018 Global 2018 SampP
65
22 28
13
62
9 1
Next 3 years
Decreased modestly
Stayed the same Decreased significantly (by half or more)
2018 Global 2018 SampP
43
48
11
31
59
9 1 7
Past 3 years
Increased significantly (doubled or more)
Increased modestly
2018 Global 2018 SampP
65
22 28
13
62
9 1
Next 3 years
Decreased modestly
Stayed the same Decreased significantly (by half or more)
2018 Global 2018 SampP
43
48
11
31
59
9 1 7
If you were given more budget for sybersecurityhow would you use it
58
65
56
45
37
14
62
59
54
52
36
13
Filling known gaps in cybersecurity technology
Adding new innovations in cybersecurity
Filling security staffing gaps
Better reporting tools
End-user training
Filling known gaps in capabilities (other than
staffing amp technology)
Global 2018 SampP
If you were given more budget for cybersecurity how would you use it
9
New technologies are important for the future
The evolution of digital technologies is a double-edged sword It has been essential to organizationsrsquo success globally while increasing the risk of cyber threat 89 percent of Software amp Platforms respondents agree that the adoption of new innovative business models ecosystems liquid workforces etc can increase the attack surface and make organizations more vulnerable to the threat of cyber attacks (see Figure 10)
At the same time the digital technologies that created market disruption and spawned the next wave of successful cyber attacks are also proving to be part of the solution to tackling cybersecurity Our research shows that 90 percent of Software amp Platforms respondents believe that breakthrough technologies such as artificial intelligence (AI) machine or deep learning user behavior analytics and blockchain are essential to securing the future of their organizations (see Figure 11)
FIGURE 10 As companies adopt new innovative business models ecosystems liquid workforce etc the risk and security attack surface area increases exponentially
FIGURE 11 New technologies as AI machine deep learning user behavior analytics blockchain etc are essential to securing the future of the organization
Disagree AgreeStrongly agree
2018 Global 2018 SampP
82
18
89
11
Disagree AgreeStrongly agree
2018 Global 2018 SampP
82
18
89
11
Disagree AgreeStrongly agree
2018 Global 2018 SampP
83
17
90
10
Disagree AgreeStrongly agree
2018 Global 2018 SampP
83
17
90
10
10
FIGURE 12 Only 32 of Software amp Platforms respondents invest in Machine learning and AI today
Indeed it is breakthrough technologies that will drive the next round of cyber resiliencemdashalthough only one in three (or around 32 percent) of Software amp Platforms business leaders are already investing in areas like machine learningAI and automation as most of them instead invest in IoT security security intelligence platforms and blockchain (see Figure 12)
In which of the following newemerging technologies are you investing to evolve your security programm (multiple responses)
61
54
49
48
37
37
32
55
54
48
45
45
44
43
IoT security
Security intelligence platforms
Threat hunting
Continuous control monitoringand reporting
Managed security services
Machine learningAI
38
37
41
40
Password-less authentication
Robotic process automation (RPA)
Blockchain
Global 2018 SampP
In which of the following newemerging technologies are you investing to evolve your security program (Multiple responses)
11
Both internal and external focus needed
In terms of delivering the next wave of improvements it is easy to focus exclusively on counteracting external attacks but organizations should not neglect the enemy within When looking at the incidents security teams fail to prevent the top two attacks with the greatest impact are external attacks such as hackers and internal attacks such as malicious insiders (see Figure 13) Furthermore these two types of attacks are also the most frequent ones according to respondents This serves as a timely reminder for organizations to protect themselves from the inside out against the equally damaging threats of internal and external attacks
FIGURE 13 External attacks such as hackers and internal attacks such as malicious insiders are both the most frequent attacks and those with the greatest impact
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Most damaging breaches ranked by frequency amp impact
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Among the successful breaches please indicate which of the following causes had the greatest impact
12
FIGURE 15 41 of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their partners as to their own business
FIGURE 14 On average one-quarter of a Software amp Platforms company is not protected by a cybersecurity program
On average Software amp Platforms respondents said a cybersecurity program does not protect one-quarter (27 percent) of their organization (see Figure 14) including corporate IT and the systems in the corporate office Protection of third parties ranked lowest of all at only 36 percent
Cybersecurity performance should also extend beyond the organizationsrsquo own four walls but for many organizations they are only as good as their weakest link Subsidiary and third-party risk is top of mind especially when 41 percent of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their extended ecosystem of partners as they apply to their own business (see Figure 15)
Consequently Software amp Platforms companies must do more to put the basics of cybersecurity in place to protect their most valuable assetsmdashfrom the inside outmdashacross their entire industry value chain
Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards
Not protected Protected
2018 Global 2018 SampP
67
33
73
27
Not protected Protected
2018 Global 2018 SampP
67
33
73
27
Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards
We do not review cybersecurity standards of partners
We review cybersecurity standards of partners but do not impose any standards or requirements
We hold partners to a min standards for cybersecurity that is below our business standards and audit regularly
We hold partners to the same cybersecurity standards as our business and audit regularly
We hold partners to higher cybersecurity standards than our business
2018 Global 2018 SampP
46
16
14
18
6
37
21
15
22
5
13
FIGURE 16 Share of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE
2 of FTEs work with security at Software amp Platforms companies
Organizations rely on their internal security workforce but also supplement it with contractors and outsourced staff Software amp Platforms companies have less of their total headcount around 2 percent work with security compared to the global average of almost 3 percent At the same time Software amp Platforms companies have more employees working with ldquoSecurity Strategy and Leadershiprdquo PMO and ldquoSecurity Architecture and Engineeringrdquo On the other hand Software amp Platforms companies have fewer contractors and consultants as well as fewer outsourced FTEs than the global average (see Figure 16)
Percentage of various Internal Security FTE ContractorsConsultants and Outsoursed FTE as a percentage of Total FTE
2
073
059
088
06
075
286
073
071
07
067
066
Security FTE
Security operations
Security strategy andleadership PMO
Security architectureand engineering
Risk and compliance
033
02
057
032
Contractorsconsultants
Outsourced
Digital identity
Global 2018 SampP
Percentage of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE
14
FIGURE 17 Software amp Platforms respondents feel least confident about their organizationrsquos effectiveness when it comes to Third Party amp Compliance while they are generally confident about their cybersecurity capabilities and effectiveness
Confidence is high amongst Software amp Platforms respondents on all capabilities we asked them about For example 86 percent feel confident about their companyrsquos ability to monitor breaches 87 percent feel confident about identifying the cause of a breach and 84 percent feel confident about restoring normal activity after a breach (see Figure 17)
Although confidence is also generally high amongst respondents in their organizationrsquos cybersecurity effectiveness only 76 percent feel confident in their Third Party amp Compliance-related effectiveness (see Figure 17)
Software amp Platforms companies rate themselves the least effective in Third Party amp Compliance
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
How confident are you in the effectiveness of each of the following for your organization
15
Five steps to cyber resilienceBuild on a strong foundation harden and protect your core assets Important to identify the high-value assets of your company and then strengthen their security as Software amp Platforms companies today do not protect on average a quarter of their organization with their cybersecurity program Make sure to prepare for the worst and test those scenarios
Pressure test your resilience use coached incident simulation As the red team blue team modelmdashwhere a red team is tasked with infiltrating your security system and a blue team is tasked with detecting itmdashhas its limitations we advise using a coached incident simulation often referred to as purple teaming which also uses threat intelligence and advanced adversary simulation techniques as well as coaching
Employ breakthrough technologies automate defenses Use AI big data analytics and machine learning to enable security teams to react and respond in nano- or milliseconds not minutes hours or days Furthermore implement multi-factor authentication user behavior monitoring AI-driven access provisioning and deprovisioning
Use intelligence and data to be proactive hunt threats Use a data-driven approach and advanced threat intelligence to better anticipate potential attacks and develop a more proactive security posture for your business
Evolve the role of the CISO The next-generation CISO should be business adept and tech-savvy someone who is equally at home in the boardroom as in the security operations center
01
02
03
04
05
15
ABOUT ACCENTUREAccenture is a leading global professional services company providing a broad range of services and solutions in strategy consulting digital technology and operations Combining unmatched experience and specialized skills across more than 40 industries and all business functions ndash underpinned by the worldrsquos largest delivery network ndash Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders With 459000 people serving clients in more than 120 countries Accenture drives innovation to improve the way the world works and lives Visit us at wwwaccenturecom
Copyright copy 2018 Accenture All rights reserved
Accenture and its logo are trademarks of Accenture
For more information contact Kevin Collins kevinjcollinsaccenturecom
Paul Johnson pauldjohnsonaccenturecom
6
FIGURE 5 Software amp Platforms security teams discovered on average 68 of breach attempts and get most help identifying the rest of the attempts from white hats internal employees and law enforcement
Of course security teams are not always the first to know about attacks The insidious nature of cybercrime means that there are continually evolving ways to infiltrate an organization But more collaboration is taking place for the attacks that security teams do not identify When the survey asked how Software amp Platforms companies learn about breaches undetected by their security teams 64 percent said from white hats 63 percent from their own employees and 56 percent said from law enforcement (see Figure 5) Such collaboration and threat information sharing is positive and needs to grow further as there is safety in numbers when defending against cyber attacks
Despite the rising pressure of targeted cyber attacks security teams at Software amp Platforms companies continue to identify around two-thirds or 68 percent of all breach attempts on average (see Figure 5) However this masks a divergence in performance among organizations 23 percent of respondents were in the top category ie able to identify between 76 percent and 100 percent of breach attempts while 15 percent of respondents fell into the lowest category able to identify less than half of all breach attempts So while many organizations are performing well some are clearly struggling with the increased pressure of attacks
Proportion of cyber attacks discovered by security teams
26
37
23
15Less than 50
51-65
76 or more
66-75
For breaches not detected by your security team how do you most frequently learn about them (Ranked top 3)
63
56
52
64White hatsInternally by our
employees
Externally by a peercompetitor in our industry
Law enforcement
51Externally by the media
Attacks identified by security team
Attacks NOT identified by security team
2018 SampP
32
68
251
7
Cybersecurity budget approved by C-level and on the rise
FIGURE 6 67 say their Board CEO or Executive Committee authorizes their cybersecurity budget
FIGURE 7 Software amp Platforms companies spend 20 of their IT budget on cybersecurity
Percentage of IT budget spent on security
Rest of IT budget
2018 Global 2018 SampP
81 80
19 20
Percentage of IT budget spent on security
Rest of IT budget
2018 Global 2018 SampP
81 80
19 20
Of those surveyed 67 percent say their Board CEO or Executive Committee authorizes their cybersecurity spend compared to the global average of 59 percent (see Figure 6) Consequently budget authorization rests at the highest levels of companies
This elevated status of cyber resilience within the business is helping to fuel improvements Security spending reached 20 percent of the IT budget in Software amp Platforms companies (see Figure 7)Who authorizes your cybersecurity budget
Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee
2018 Global 2018 SampP
27
12
11
36
117
32 31
96 1 11
104
Who authorizes your cybersecurity budget
Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee
2018 Global 2018 SampP
27
12
11
36
117
32 31
96 1 11
104
Who authorizes your cybersecurity budget
Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee
2018 Global 2018 SampP
27
12
11
36
117
32 31
96 1 11
104
Who authorizes your cybersecurity budget
8
FIGURE 8 43 of Software amp Platforms companies expect to increase their cybersecurity budget significantly over the next three years while only 28 claim to have done so in the past three years
FIGURE 9 With more budget security investments would be directed toward technologies and innovations over training
Given the additional budget Software amp Platforms companies would invest in breakthrough technologies 65 percent of respondents would spend it on adding innovations in cybersecurity and 58 percent would spend it on filling known gaps in cybersecurity technology but only 14 percent would spend it on end-user training (see Figure 9)
The general outlook for investment is positive with 90 percent of Software amp Platforms respondents expecting their organizationrsquos overall investment in cybersecurity to stay the same or increase in the next three years (see Figure 8) At the same time only 43 percent of them expect that increased investment to be significant (double or more)mdashhardly a fast-track to embedding security into the fabric of the organization This however is still an increase compared to the 28 percent who claim they have significantly increased their cybersecurity budget over the past three years
Past 3 years
Increased significantly (doubled or more)
Increased modestly
2018 Global 2018 SampP
65
22 28
13
62
9 1
Next 3 years
Decreased modestly
Stayed the same Decreased significantly (by half or more)
2018 Global 2018 SampP
43
48
11
31
59
9 1 7
Past 3 years
Increased significantly (doubled or more)
Increased modestly
2018 Global 2018 SampP
65
22 28
13
62
9 1
Next 3 years
Decreased modestly
Stayed the same Decreased significantly (by half or more)
2018 Global 2018 SampP
43
48
11
31
59
9 1 7
Past 3 years
Increased significantly (doubled or more)
Increased modestly
2018 Global 2018 SampP
65
22 28
13
62
9 1
Next 3 years
Decreased modestly
Stayed the same Decreased significantly (by half or more)
2018 Global 2018 SampP
43
48
11
31
59
9 1 7
If you were given more budget for sybersecurityhow would you use it
58
65
56
45
37
14
62
59
54
52
36
13
Filling known gaps in cybersecurity technology
Adding new innovations in cybersecurity
Filling security staffing gaps
Better reporting tools
End-user training
Filling known gaps in capabilities (other than
staffing amp technology)
Global 2018 SampP
If you were given more budget for cybersecurity how would you use it
9
New technologies are important for the future
The evolution of digital technologies is a double-edged sword It has been essential to organizationsrsquo success globally while increasing the risk of cyber threat 89 percent of Software amp Platforms respondents agree that the adoption of new innovative business models ecosystems liquid workforces etc can increase the attack surface and make organizations more vulnerable to the threat of cyber attacks (see Figure 10)
At the same time the digital technologies that created market disruption and spawned the next wave of successful cyber attacks are also proving to be part of the solution to tackling cybersecurity Our research shows that 90 percent of Software amp Platforms respondents believe that breakthrough technologies such as artificial intelligence (AI) machine or deep learning user behavior analytics and blockchain are essential to securing the future of their organizations (see Figure 11)
FIGURE 10 As companies adopt new innovative business models ecosystems liquid workforce etc the risk and security attack surface area increases exponentially
FIGURE 11 New technologies as AI machine deep learning user behavior analytics blockchain etc are essential to securing the future of the organization
Disagree AgreeStrongly agree
2018 Global 2018 SampP
82
18
89
11
Disagree AgreeStrongly agree
2018 Global 2018 SampP
82
18
89
11
Disagree AgreeStrongly agree
2018 Global 2018 SampP
83
17
90
10
Disagree AgreeStrongly agree
2018 Global 2018 SampP
83
17
90
10
10
FIGURE 12 Only 32 of Software amp Platforms respondents invest in Machine learning and AI today
Indeed it is breakthrough technologies that will drive the next round of cyber resiliencemdashalthough only one in three (or around 32 percent) of Software amp Platforms business leaders are already investing in areas like machine learningAI and automation as most of them instead invest in IoT security security intelligence platforms and blockchain (see Figure 12)
In which of the following newemerging technologies are you investing to evolve your security programm (multiple responses)
61
54
49
48
37
37
32
55
54
48
45
45
44
43
IoT security
Security intelligence platforms
Threat hunting
Continuous control monitoringand reporting
Managed security services
Machine learningAI
38
37
41
40
Password-less authentication
Robotic process automation (RPA)
Blockchain
Global 2018 SampP
In which of the following newemerging technologies are you investing to evolve your security program (Multiple responses)
11
Both internal and external focus needed
In terms of delivering the next wave of improvements it is easy to focus exclusively on counteracting external attacks but organizations should not neglect the enemy within When looking at the incidents security teams fail to prevent the top two attacks with the greatest impact are external attacks such as hackers and internal attacks such as malicious insiders (see Figure 13) Furthermore these two types of attacks are also the most frequent ones according to respondents This serves as a timely reminder for organizations to protect themselves from the inside out against the equally damaging threats of internal and external attacks
FIGURE 13 External attacks such as hackers and internal attacks such as malicious insiders are both the most frequent attacks and those with the greatest impact
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Most damaging breaches ranked by frequency amp impact
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Among the successful breaches please indicate which of the following causes had the greatest impact
12
FIGURE 15 41 of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their partners as to their own business
FIGURE 14 On average one-quarter of a Software amp Platforms company is not protected by a cybersecurity program
On average Software amp Platforms respondents said a cybersecurity program does not protect one-quarter (27 percent) of their organization (see Figure 14) including corporate IT and the systems in the corporate office Protection of third parties ranked lowest of all at only 36 percent
Cybersecurity performance should also extend beyond the organizationsrsquo own four walls but for many organizations they are only as good as their weakest link Subsidiary and third-party risk is top of mind especially when 41 percent of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their extended ecosystem of partners as they apply to their own business (see Figure 15)
Consequently Software amp Platforms companies must do more to put the basics of cybersecurity in place to protect their most valuable assetsmdashfrom the inside outmdashacross their entire industry value chain
Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards
Not protected Protected
2018 Global 2018 SampP
67
33
73
27
Not protected Protected
2018 Global 2018 SampP
67
33
73
27
Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards
We do not review cybersecurity standards of partners
We review cybersecurity standards of partners but do not impose any standards or requirements
We hold partners to a min standards for cybersecurity that is below our business standards and audit regularly
We hold partners to the same cybersecurity standards as our business and audit regularly
We hold partners to higher cybersecurity standards than our business
2018 Global 2018 SampP
46
16
14
18
6
37
21
15
22
5
13
FIGURE 16 Share of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE
2 of FTEs work with security at Software amp Platforms companies
Organizations rely on their internal security workforce but also supplement it with contractors and outsourced staff Software amp Platforms companies have less of their total headcount around 2 percent work with security compared to the global average of almost 3 percent At the same time Software amp Platforms companies have more employees working with ldquoSecurity Strategy and Leadershiprdquo PMO and ldquoSecurity Architecture and Engineeringrdquo On the other hand Software amp Platforms companies have fewer contractors and consultants as well as fewer outsourced FTEs than the global average (see Figure 16)
Percentage of various Internal Security FTE ContractorsConsultants and Outsoursed FTE as a percentage of Total FTE
2
073
059
088
06
075
286
073
071
07
067
066
Security FTE
Security operations
Security strategy andleadership PMO
Security architectureand engineering
Risk and compliance
033
02
057
032
Contractorsconsultants
Outsourced
Digital identity
Global 2018 SampP
Percentage of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE
14
FIGURE 17 Software amp Platforms respondents feel least confident about their organizationrsquos effectiveness when it comes to Third Party amp Compliance while they are generally confident about their cybersecurity capabilities and effectiveness
Confidence is high amongst Software amp Platforms respondents on all capabilities we asked them about For example 86 percent feel confident about their companyrsquos ability to monitor breaches 87 percent feel confident about identifying the cause of a breach and 84 percent feel confident about restoring normal activity after a breach (see Figure 17)
Although confidence is also generally high amongst respondents in their organizationrsquos cybersecurity effectiveness only 76 percent feel confident in their Third Party amp Compliance-related effectiveness (see Figure 17)
Software amp Platforms companies rate themselves the least effective in Third Party amp Compliance
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
How confident are you in the effectiveness of each of the following for your organization
15
Five steps to cyber resilienceBuild on a strong foundation harden and protect your core assets Important to identify the high-value assets of your company and then strengthen their security as Software amp Platforms companies today do not protect on average a quarter of their organization with their cybersecurity program Make sure to prepare for the worst and test those scenarios
Pressure test your resilience use coached incident simulation As the red team blue team modelmdashwhere a red team is tasked with infiltrating your security system and a blue team is tasked with detecting itmdashhas its limitations we advise using a coached incident simulation often referred to as purple teaming which also uses threat intelligence and advanced adversary simulation techniques as well as coaching
Employ breakthrough technologies automate defenses Use AI big data analytics and machine learning to enable security teams to react and respond in nano- or milliseconds not minutes hours or days Furthermore implement multi-factor authentication user behavior monitoring AI-driven access provisioning and deprovisioning
Use intelligence and data to be proactive hunt threats Use a data-driven approach and advanced threat intelligence to better anticipate potential attacks and develop a more proactive security posture for your business
Evolve the role of the CISO The next-generation CISO should be business adept and tech-savvy someone who is equally at home in the boardroom as in the security operations center
01
02
03
04
05
15
ABOUT ACCENTUREAccenture is a leading global professional services company providing a broad range of services and solutions in strategy consulting digital technology and operations Combining unmatched experience and specialized skills across more than 40 industries and all business functions ndash underpinned by the worldrsquos largest delivery network ndash Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders With 459000 people serving clients in more than 120 countries Accenture drives innovation to improve the way the world works and lives Visit us at wwwaccenturecom
Copyright copy 2018 Accenture All rights reserved
Accenture and its logo are trademarks of Accenture
For more information contact Kevin Collins kevinjcollinsaccenturecom
Paul Johnson pauldjohnsonaccenturecom
7
Cybersecurity budget approved by C-level and on the rise
FIGURE 6 67 say their Board CEO or Executive Committee authorizes their cybersecurity budget
FIGURE 7 Software amp Platforms companies spend 20 of their IT budget on cybersecurity
Percentage of IT budget spent on security
Rest of IT budget
2018 Global 2018 SampP
81 80
19 20
Percentage of IT budget spent on security
Rest of IT budget
2018 Global 2018 SampP
81 80
19 20
Of those surveyed 67 percent say their Board CEO or Executive Committee authorizes their cybersecurity spend compared to the global average of 59 percent (see Figure 6) Consequently budget authorization rests at the highest levels of companies
This elevated status of cyber resilience within the business is helping to fuel improvements Security spending reached 20 percent of the IT budget in Software amp Platforms companies (see Figure 7)Who authorizes your cybersecurity budget
Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee
2018 Global 2018 SampP
27
12
11
36
117
32 31
96 1 11
104
Who authorizes your cybersecurity budget
Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee
2018 Global 2018 SampP
27
12
11
36
117
32 31
96 1 11
104
Who authorizes your cybersecurity budget
Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee
2018 Global 2018 SampP
27
12
11
36
117
32 31
96 1 11
104
Who authorizes your cybersecurity budget
8
FIGURE 8 43 of Software amp Platforms companies expect to increase their cybersecurity budget significantly over the next three years while only 28 claim to have done so in the past three years
FIGURE 9 With more budget security investments would be directed toward technologies and innovations over training
Given the additional budget Software amp Platforms companies would invest in breakthrough technologies 65 percent of respondents would spend it on adding innovations in cybersecurity and 58 percent would spend it on filling known gaps in cybersecurity technology but only 14 percent would spend it on end-user training (see Figure 9)
The general outlook for investment is positive with 90 percent of Software amp Platforms respondents expecting their organizationrsquos overall investment in cybersecurity to stay the same or increase in the next three years (see Figure 8) At the same time only 43 percent of them expect that increased investment to be significant (double or more)mdashhardly a fast-track to embedding security into the fabric of the organization This however is still an increase compared to the 28 percent who claim they have significantly increased their cybersecurity budget over the past three years
Past 3 years
Increased significantly (doubled or more)
Increased modestly
2018 Global 2018 SampP
65
22 28
13
62
9 1
Next 3 years
Decreased modestly
Stayed the same Decreased significantly (by half or more)
2018 Global 2018 SampP
43
48
11
31
59
9 1 7
Past 3 years
Increased significantly (doubled or more)
Increased modestly
2018 Global 2018 SampP
65
22 28
13
62
9 1
Next 3 years
Decreased modestly
Stayed the same Decreased significantly (by half or more)
2018 Global 2018 SampP
43
48
11
31
59
9 1 7
Past 3 years
Increased significantly (doubled or more)
Increased modestly
2018 Global 2018 SampP
65
22 28
13
62
9 1
Next 3 years
Decreased modestly
Stayed the same Decreased significantly (by half or more)
2018 Global 2018 SampP
43
48
11
31
59
9 1 7
If you were given more budget for sybersecurityhow would you use it
58
65
56
45
37
14
62
59
54
52
36
13
Filling known gaps in cybersecurity technology
Adding new innovations in cybersecurity
Filling security staffing gaps
Better reporting tools
End-user training
Filling known gaps in capabilities (other than
staffing amp technology)
Global 2018 SampP
If you were given more budget for cybersecurity how would you use it
9
New technologies are important for the future
The evolution of digital technologies is a double-edged sword It has been essential to organizationsrsquo success globally while increasing the risk of cyber threat 89 percent of Software amp Platforms respondents agree that the adoption of new innovative business models ecosystems liquid workforces etc can increase the attack surface and make organizations more vulnerable to the threat of cyber attacks (see Figure 10)
At the same time the digital technologies that created market disruption and spawned the next wave of successful cyber attacks are also proving to be part of the solution to tackling cybersecurity Our research shows that 90 percent of Software amp Platforms respondents believe that breakthrough technologies such as artificial intelligence (AI) machine or deep learning user behavior analytics and blockchain are essential to securing the future of their organizations (see Figure 11)
FIGURE 10 As companies adopt new innovative business models ecosystems liquid workforce etc the risk and security attack surface area increases exponentially
FIGURE 11 New technologies as AI machine deep learning user behavior analytics blockchain etc are essential to securing the future of the organization
Disagree AgreeStrongly agree
2018 Global 2018 SampP
82
18
89
11
Disagree AgreeStrongly agree
2018 Global 2018 SampP
82
18
89
11
Disagree AgreeStrongly agree
2018 Global 2018 SampP
83
17
90
10
Disagree AgreeStrongly agree
2018 Global 2018 SampP
83
17
90
10
10
FIGURE 12 Only 32 of Software amp Platforms respondents invest in Machine learning and AI today
Indeed it is breakthrough technologies that will drive the next round of cyber resiliencemdashalthough only one in three (or around 32 percent) of Software amp Platforms business leaders are already investing in areas like machine learningAI and automation as most of them instead invest in IoT security security intelligence platforms and blockchain (see Figure 12)
In which of the following newemerging technologies are you investing to evolve your security programm (multiple responses)
61
54
49
48
37
37
32
55
54
48
45
45
44
43
IoT security
Security intelligence platforms
Threat hunting
Continuous control monitoringand reporting
Managed security services
Machine learningAI
38
37
41
40
Password-less authentication
Robotic process automation (RPA)
Blockchain
Global 2018 SampP
In which of the following newemerging technologies are you investing to evolve your security program (Multiple responses)
11
Both internal and external focus needed
In terms of delivering the next wave of improvements it is easy to focus exclusively on counteracting external attacks but organizations should not neglect the enemy within When looking at the incidents security teams fail to prevent the top two attacks with the greatest impact are external attacks such as hackers and internal attacks such as malicious insiders (see Figure 13) Furthermore these two types of attacks are also the most frequent ones according to respondents This serves as a timely reminder for organizations to protect themselves from the inside out against the equally damaging threats of internal and external attacks
FIGURE 13 External attacks such as hackers and internal attacks such as malicious insiders are both the most frequent attacks and those with the greatest impact
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Most damaging breaches ranked by frequency amp impact
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Among the successful breaches please indicate which of the following causes had the greatest impact
12
FIGURE 15 41 of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their partners as to their own business
FIGURE 14 On average one-quarter of a Software amp Platforms company is not protected by a cybersecurity program
On average Software amp Platforms respondents said a cybersecurity program does not protect one-quarter (27 percent) of their organization (see Figure 14) including corporate IT and the systems in the corporate office Protection of third parties ranked lowest of all at only 36 percent
Cybersecurity performance should also extend beyond the organizationsrsquo own four walls but for many organizations they are only as good as their weakest link Subsidiary and third-party risk is top of mind especially when 41 percent of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their extended ecosystem of partners as they apply to their own business (see Figure 15)
Consequently Software amp Platforms companies must do more to put the basics of cybersecurity in place to protect their most valuable assetsmdashfrom the inside outmdashacross their entire industry value chain
Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards
Not protected Protected
2018 Global 2018 SampP
67
33
73
27
Not protected Protected
2018 Global 2018 SampP
67
33
73
27
Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards
We do not review cybersecurity standards of partners
We review cybersecurity standards of partners but do not impose any standards or requirements
We hold partners to a min standards for cybersecurity that is below our business standards and audit regularly
We hold partners to the same cybersecurity standards as our business and audit regularly
We hold partners to higher cybersecurity standards than our business
2018 Global 2018 SampP
46
16
14
18
6
37
21
15
22
5
13
FIGURE 16 Share of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE
2 of FTEs work with security at Software amp Platforms companies
Organizations rely on their internal security workforce but also supplement it with contractors and outsourced staff Software amp Platforms companies have less of their total headcount around 2 percent work with security compared to the global average of almost 3 percent At the same time Software amp Platforms companies have more employees working with ldquoSecurity Strategy and Leadershiprdquo PMO and ldquoSecurity Architecture and Engineeringrdquo On the other hand Software amp Platforms companies have fewer contractors and consultants as well as fewer outsourced FTEs than the global average (see Figure 16)
Percentage of various Internal Security FTE ContractorsConsultants and Outsoursed FTE as a percentage of Total FTE
2
073
059
088
06
075
286
073
071
07
067
066
Security FTE
Security operations
Security strategy andleadership PMO
Security architectureand engineering
Risk and compliance
033
02
057
032
Contractorsconsultants
Outsourced
Digital identity
Global 2018 SampP
Percentage of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE
14
FIGURE 17 Software amp Platforms respondents feel least confident about their organizationrsquos effectiveness when it comes to Third Party amp Compliance while they are generally confident about their cybersecurity capabilities and effectiveness
Confidence is high amongst Software amp Platforms respondents on all capabilities we asked them about For example 86 percent feel confident about their companyrsquos ability to monitor breaches 87 percent feel confident about identifying the cause of a breach and 84 percent feel confident about restoring normal activity after a breach (see Figure 17)
Although confidence is also generally high amongst respondents in their organizationrsquos cybersecurity effectiveness only 76 percent feel confident in their Third Party amp Compliance-related effectiveness (see Figure 17)
Software amp Platforms companies rate themselves the least effective in Third Party amp Compliance
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
How confident are you in the effectiveness of each of the following for your organization
15
Five steps to cyber resilienceBuild on a strong foundation harden and protect your core assets Important to identify the high-value assets of your company and then strengthen their security as Software amp Platforms companies today do not protect on average a quarter of their organization with their cybersecurity program Make sure to prepare for the worst and test those scenarios
Pressure test your resilience use coached incident simulation As the red team blue team modelmdashwhere a red team is tasked with infiltrating your security system and a blue team is tasked with detecting itmdashhas its limitations we advise using a coached incident simulation often referred to as purple teaming which also uses threat intelligence and advanced adversary simulation techniques as well as coaching
Employ breakthrough technologies automate defenses Use AI big data analytics and machine learning to enable security teams to react and respond in nano- or milliseconds not minutes hours or days Furthermore implement multi-factor authentication user behavior monitoring AI-driven access provisioning and deprovisioning
Use intelligence and data to be proactive hunt threats Use a data-driven approach and advanced threat intelligence to better anticipate potential attacks and develop a more proactive security posture for your business
Evolve the role of the CISO The next-generation CISO should be business adept and tech-savvy someone who is equally at home in the boardroom as in the security operations center
01
02
03
04
05
15
ABOUT ACCENTUREAccenture is a leading global professional services company providing a broad range of services and solutions in strategy consulting digital technology and operations Combining unmatched experience and specialized skills across more than 40 industries and all business functions ndash underpinned by the worldrsquos largest delivery network ndash Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders With 459000 people serving clients in more than 120 countries Accenture drives innovation to improve the way the world works and lives Visit us at wwwaccenturecom
Copyright copy 2018 Accenture All rights reserved
Accenture and its logo are trademarks of Accenture
For more information contact Kevin Collins kevinjcollinsaccenturecom
Paul Johnson pauldjohnsonaccenturecom
8
FIGURE 8 43 of Software amp Platforms companies expect to increase their cybersecurity budget significantly over the next three years while only 28 claim to have done so in the past three years
FIGURE 9 With more budget security investments would be directed toward technologies and innovations over training
Given the additional budget Software amp Platforms companies would invest in breakthrough technologies 65 percent of respondents would spend it on adding innovations in cybersecurity and 58 percent would spend it on filling known gaps in cybersecurity technology but only 14 percent would spend it on end-user training (see Figure 9)
The general outlook for investment is positive with 90 percent of Software amp Platforms respondents expecting their organizationrsquos overall investment in cybersecurity to stay the same or increase in the next three years (see Figure 8) At the same time only 43 percent of them expect that increased investment to be significant (double or more)mdashhardly a fast-track to embedding security into the fabric of the organization This however is still an increase compared to the 28 percent who claim they have significantly increased their cybersecurity budget over the past three years
Past 3 years
Increased significantly (doubled or more)
Increased modestly
2018 Global 2018 SampP
65
22 28
13
62
9 1
Next 3 years
Decreased modestly
Stayed the same Decreased significantly (by half or more)
2018 Global 2018 SampP
43
48
11
31
59
9 1 7
Past 3 years
Increased significantly (doubled or more)
Increased modestly
2018 Global 2018 SampP
65
22 28
13
62
9 1
Next 3 years
Decreased modestly
Stayed the same Decreased significantly (by half or more)
2018 Global 2018 SampP
43
48
11
31
59
9 1 7
Past 3 years
Increased significantly (doubled or more)
Increased modestly
2018 Global 2018 SampP
65
22 28
13
62
9 1
Next 3 years
Decreased modestly
Stayed the same Decreased significantly (by half or more)
2018 Global 2018 SampP
43
48
11
31
59
9 1 7
If you were given more budget for sybersecurityhow would you use it
58
65
56
45
37
14
62
59
54
52
36
13
Filling known gaps in cybersecurity technology
Adding new innovations in cybersecurity
Filling security staffing gaps
Better reporting tools
End-user training
Filling known gaps in capabilities (other than
staffing amp technology)
Global 2018 SampP
If you were given more budget for cybersecurity how would you use it
9
New technologies are important for the future
The evolution of digital technologies is a double-edged sword It has been essential to organizationsrsquo success globally while increasing the risk of cyber threat 89 percent of Software amp Platforms respondents agree that the adoption of new innovative business models ecosystems liquid workforces etc can increase the attack surface and make organizations more vulnerable to the threat of cyber attacks (see Figure 10)
At the same time the digital technologies that created market disruption and spawned the next wave of successful cyber attacks are also proving to be part of the solution to tackling cybersecurity Our research shows that 90 percent of Software amp Platforms respondents believe that breakthrough technologies such as artificial intelligence (AI) machine or deep learning user behavior analytics and blockchain are essential to securing the future of their organizations (see Figure 11)
FIGURE 10 As companies adopt new innovative business models ecosystems liquid workforce etc the risk and security attack surface area increases exponentially
FIGURE 11 New technologies as AI machine deep learning user behavior analytics blockchain etc are essential to securing the future of the organization
Disagree AgreeStrongly agree
2018 Global 2018 SampP
82
18
89
11
Disagree AgreeStrongly agree
2018 Global 2018 SampP
82
18
89
11
Disagree AgreeStrongly agree
2018 Global 2018 SampP
83
17
90
10
Disagree AgreeStrongly agree
2018 Global 2018 SampP
83
17
90
10
10
FIGURE 12 Only 32 of Software amp Platforms respondents invest in Machine learning and AI today
Indeed it is breakthrough technologies that will drive the next round of cyber resiliencemdashalthough only one in three (or around 32 percent) of Software amp Platforms business leaders are already investing in areas like machine learningAI and automation as most of them instead invest in IoT security security intelligence platforms and blockchain (see Figure 12)
In which of the following newemerging technologies are you investing to evolve your security programm (multiple responses)
61
54
49
48
37
37
32
55
54
48
45
45
44
43
IoT security
Security intelligence platforms
Threat hunting
Continuous control monitoringand reporting
Managed security services
Machine learningAI
38
37
41
40
Password-less authentication
Robotic process automation (RPA)
Blockchain
Global 2018 SampP
In which of the following newemerging technologies are you investing to evolve your security program (Multiple responses)
11
Both internal and external focus needed
In terms of delivering the next wave of improvements it is easy to focus exclusively on counteracting external attacks but organizations should not neglect the enemy within When looking at the incidents security teams fail to prevent the top two attacks with the greatest impact are external attacks such as hackers and internal attacks such as malicious insiders (see Figure 13) Furthermore these two types of attacks are also the most frequent ones according to respondents This serves as a timely reminder for organizations to protect themselves from the inside out against the equally damaging threats of internal and external attacks
FIGURE 13 External attacks such as hackers and internal attacks such as malicious insiders are both the most frequent attacks and those with the greatest impact
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Most damaging breaches ranked by frequency amp impact
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Among the successful breaches please indicate which of the following causes had the greatest impact
12
FIGURE 15 41 of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their partners as to their own business
FIGURE 14 On average one-quarter of a Software amp Platforms company is not protected by a cybersecurity program
On average Software amp Platforms respondents said a cybersecurity program does not protect one-quarter (27 percent) of their organization (see Figure 14) including corporate IT and the systems in the corporate office Protection of third parties ranked lowest of all at only 36 percent
Cybersecurity performance should also extend beyond the organizationsrsquo own four walls but for many organizations they are only as good as their weakest link Subsidiary and third-party risk is top of mind especially when 41 percent of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their extended ecosystem of partners as they apply to their own business (see Figure 15)
Consequently Software amp Platforms companies must do more to put the basics of cybersecurity in place to protect their most valuable assetsmdashfrom the inside outmdashacross their entire industry value chain
Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards
Not protected Protected
2018 Global 2018 SampP
67
33
73
27
Not protected Protected
2018 Global 2018 SampP
67
33
73
27
Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards
We do not review cybersecurity standards of partners
We review cybersecurity standards of partners but do not impose any standards or requirements
We hold partners to a min standards for cybersecurity that is below our business standards and audit regularly
We hold partners to the same cybersecurity standards as our business and audit regularly
We hold partners to higher cybersecurity standards than our business
2018 Global 2018 SampP
46
16
14
18
6
37
21
15
22
5
13
FIGURE 16 Share of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE
2 of FTEs work with security at Software amp Platforms companies
Organizations rely on their internal security workforce but also supplement it with contractors and outsourced staff Software amp Platforms companies have less of their total headcount around 2 percent work with security compared to the global average of almost 3 percent At the same time Software amp Platforms companies have more employees working with ldquoSecurity Strategy and Leadershiprdquo PMO and ldquoSecurity Architecture and Engineeringrdquo On the other hand Software amp Platforms companies have fewer contractors and consultants as well as fewer outsourced FTEs than the global average (see Figure 16)
Percentage of various Internal Security FTE ContractorsConsultants and Outsoursed FTE as a percentage of Total FTE
2
073
059
088
06
075
286
073
071
07
067
066
Security FTE
Security operations
Security strategy andleadership PMO
Security architectureand engineering
Risk and compliance
033
02
057
032
Contractorsconsultants
Outsourced
Digital identity
Global 2018 SampP
Percentage of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE
14
FIGURE 17 Software amp Platforms respondents feel least confident about their organizationrsquos effectiveness when it comes to Third Party amp Compliance while they are generally confident about their cybersecurity capabilities and effectiveness
Confidence is high amongst Software amp Platforms respondents on all capabilities we asked them about For example 86 percent feel confident about their companyrsquos ability to monitor breaches 87 percent feel confident about identifying the cause of a breach and 84 percent feel confident about restoring normal activity after a breach (see Figure 17)
Although confidence is also generally high amongst respondents in their organizationrsquos cybersecurity effectiveness only 76 percent feel confident in their Third Party amp Compliance-related effectiveness (see Figure 17)
Software amp Platforms companies rate themselves the least effective in Third Party amp Compliance
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
How confident are you in the effectiveness of each of the following for your organization
15
Five steps to cyber resilienceBuild on a strong foundation harden and protect your core assets Important to identify the high-value assets of your company and then strengthen their security as Software amp Platforms companies today do not protect on average a quarter of their organization with their cybersecurity program Make sure to prepare for the worst and test those scenarios
Pressure test your resilience use coached incident simulation As the red team blue team modelmdashwhere a red team is tasked with infiltrating your security system and a blue team is tasked with detecting itmdashhas its limitations we advise using a coached incident simulation often referred to as purple teaming which also uses threat intelligence and advanced adversary simulation techniques as well as coaching
Employ breakthrough technologies automate defenses Use AI big data analytics and machine learning to enable security teams to react and respond in nano- or milliseconds not minutes hours or days Furthermore implement multi-factor authentication user behavior monitoring AI-driven access provisioning and deprovisioning
Use intelligence and data to be proactive hunt threats Use a data-driven approach and advanced threat intelligence to better anticipate potential attacks and develop a more proactive security posture for your business
Evolve the role of the CISO The next-generation CISO should be business adept and tech-savvy someone who is equally at home in the boardroom as in the security operations center
01
02
03
04
05
15
ABOUT ACCENTUREAccenture is a leading global professional services company providing a broad range of services and solutions in strategy consulting digital technology and operations Combining unmatched experience and specialized skills across more than 40 industries and all business functions ndash underpinned by the worldrsquos largest delivery network ndash Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders With 459000 people serving clients in more than 120 countries Accenture drives innovation to improve the way the world works and lives Visit us at wwwaccenturecom
Copyright copy 2018 Accenture All rights reserved
Accenture and its logo are trademarks of Accenture
For more information contact Kevin Collins kevinjcollinsaccenturecom
Paul Johnson pauldjohnsonaccenturecom
9
New technologies are important for the future
The evolution of digital technologies is a double-edged sword It has been essential to organizationsrsquo success globally while increasing the risk of cyber threat 89 percent of Software amp Platforms respondents agree that the adoption of new innovative business models ecosystems liquid workforces etc can increase the attack surface and make organizations more vulnerable to the threat of cyber attacks (see Figure 10)
At the same time the digital technologies that created market disruption and spawned the next wave of successful cyber attacks are also proving to be part of the solution to tackling cybersecurity Our research shows that 90 percent of Software amp Platforms respondents believe that breakthrough technologies such as artificial intelligence (AI) machine or deep learning user behavior analytics and blockchain are essential to securing the future of their organizations (see Figure 11)
FIGURE 10 As companies adopt new innovative business models ecosystems liquid workforce etc the risk and security attack surface area increases exponentially
FIGURE 11 New technologies as AI machine deep learning user behavior analytics blockchain etc are essential to securing the future of the organization
Disagree AgreeStrongly agree
2018 Global 2018 SampP
82
18
89
11
Disagree AgreeStrongly agree
2018 Global 2018 SampP
82
18
89
11
Disagree AgreeStrongly agree
2018 Global 2018 SampP
83
17
90
10
Disagree AgreeStrongly agree
2018 Global 2018 SampP
83
17
90
10
10
FIGURE 12 Only 32 of Software amp Platforms respondents invest in Machine learning and AI today
Indeed it is breakthrough technologies that will drive the next round of cyber resiliencemdashalthough only one in three (or around 32 percent) of Software amp Platforms business leaders are already investing in areas like machine learningAI and automation as most of them instead invest in IoT security security intelligence platforms and blockchain (see Figure 12)
In which of the following newemerging technologies are you investing to evolve your security programm (multiple responses)
61
54
49
48
37
37
32
55
54
48
45
45
44
43
IoT security
Security intelligence platforms
Threat hunting
Continuous control monitoringand reporting
Managed security services
Machine learningAI
38
37
41
40
Password-less authentication
Robotic process automation (RPA)
Blockchain
Global 2018 SampP
In which of the following newemerging technologies are you investing to evolve your security program (Multiple responses)
11
Both internal and external focus needed
In terms of delivering the next wave of improvements it is easy to focus exclusively on counteracting external attacks but organizations should not neglect the enemy within When looking at the incidents security teams fail to prevent the top two attacks with the greatest impact are external attacks such as hackers and internal attacks such as malicious insiders (see Figure 13) Furthermore these two types of attacks are also the most frequent ones according to respondents This serves as a timely reminder for organizations to protect themselves from the inside out against the equally damaging threats of internal and external attacks
FIGURE 13 External attacks such as hackers and internal attacks such as malicious insiders are both the most frequent attacks and those with the greatest impact
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Most damaging breaches ranked by frequency amp impact
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Among the successful breaches please indicate which of the following causes had the greatest impact
12
FIGURE 15 41 of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their partners as to their own business
FIGURE 14 On average one-quarter of a Software amp Platforms company is not protected by a cybersecurity program
On average Software amp Platforms respondents said a cybersecurity program does not protect one-quarter (27 percent) of their organization (see Figure 14) including corporate IT and the systems in the corporate office Protection of third parties ranked lowest of all at only 36 percent
Cybersecurity performance should also extend beyond the organizationsrsquo own four walls but for many organizations they are only as good as their weakest link Subsidiary and third-party risk is top of mind especially when 41 percent of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their extended ecosystem of partners as they apply to their own business (see Figure 15)
Consequently Software amp Platforms companies must do more to put the basics of cybersecurity in place to protect their most valuable assetsmdashfrom the inside outmdashacross their entire industry value chain
Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards
Not protected Protected
2018 Global 2018 SampP
67
33
73
27
Not protected Protected
2018 Global 2018 SampP
67
33
73
27
Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards
We do not review cybersecurity standards of partners
We review cybersecurity standards of partners but do not impose any standards or requirements
We hold partners to a min standards for cybersecurity that is below our business standards and audit regularly
We hold partners to the same cybersecurity standards as our business and audit regularly
We hold partners to higher cybersecurity standards than our business
2018 Global 2018 SampP
46
16
14
18
6
37
21
15
22
5
13
FIGURE 16 Share of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE
2 of FTEs work with security at Software amp Platforms companies
Organizations rely on their internal security workforce but also supplement it with contractors and outsourced staff Software amp Platforms companies have less of their total headcount around 2 percent work with security compared to the global average of almost 3 percent At the same time Software amp Platforms companies have more employees working with ldquoSecurity Strategy and Leadershiprdquo PMO and ldquoSecurity Architecture and Engineeringrdquo On the other hand Software amp Platforms companies have fewer contractors and consultants as well as fewer outsourced FTEs than the global average (see Figure 16)
Percentage of various Internal Security FTE ContractorsConsultants and Outsoursed FTE as a percentage of Total FTE
2
073
059
088
06
075
286
073
071
07
067
066
Security FTE
Security operations
Security strategy andleadership PMO
Security architectureand engineering
Risk and compliance
033
02
057
032
Contractorsconsultants
Outsourced
Digital identity
Global 2018 SampP
Percentage of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE
14
FIGURE 17 Software amp Platforms respondents feel least confident about their organizationrsquos effectiveness when it comes to Third Party amp Compliance while they are generally confident about their cybersecurity capabilities and effectiveness
Confidence is high amongst Software amp Platforms respondents on all capabilities we asked them about For example 86 percent feel confident about their companyrsquos ability to monitor breaches 87 percent feel confident about identifying the cause of a breach and 84 percent feel confident about restoring normal activity after a breach (see Figure 17)
Although confidence is also generally high amongst respondents in their organizationrsquos cybersecurity effectiveness only 76 percent feel confident in their Third Party amp Compliance-related effectiveness (see Figure 17)
Software amp Platforms companies rate themselves the least effective in Third Party amp Compliance
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
How confident are you in the effectiveness of each of the following for your organization
15
Five steps to cyber resilienceBuild on a strong foundation harden and protect your core assets Important to identify the high-value assets of your company and then strengthen their security as Software amp Platforms companies today do not protect on average a quarter of their organization with their cybersecurity program Make sure to prepare for the worst and test those scenarios
Pressure test your resilience use coached incident simulation As the red team blue team modelmdashwhere a red team is tasked with infiltrating your security system and a blue team is tasked with detecting itmdashhas its limitations we advise using a coached incident simulation often referred to as purple teaming which also uses threat intelligence and advanced adversary simulation techniques as well as coaching
Employ breakthrough technologies automate defenses Use AI big data analytics and machine learning to enable security teams to react and respond in nano- or milliseconds not minutes hours or days Furthermore implement multi-factor authentication user behavior monitoring AI-driven access provisioning and deprovisioning
Use intelligence and data to be proactive hunt threats Use a data-driven approach and advanced threat intelligence to better anticipate potential attacks and develop a more proactive security posture for your business
Evolve the role of the CISO The next-generation CISO should be business adept and tech-savvy someone who is equally at home in the boardroom as in the security operations center
01
02
03
04
05
15
ABOUT ACCENTUREAccenture is a leading global professional services company providing a broad range of services and solutions in strategy consulting digital technology and operations Combining unmatched experience and specialized skills across more than 40 industries and all business functions ndash underpinned by the worldrsquos largest delivery network ndash Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders With 459000 people serving clients in more than 120 countries Accenture drives innovation to improve the way the world works and lives Visit us at wwwaccenturecom
Copyright copy 2018 Accenture All rights reserved
Accenture and its logo are trademarks of Accenture
For more information contact Kevin Collins kevinjcollinsaccenturecom
Paul Johnson pauldjohnsonaccenturecom
10
FIGURE 12 Only 32 of Software amp Platforms respondents invest in Machine learning and AI today
Indeed it is breakthrough technologies that will drive the next round of cyber resiliencemdashalthough only one in three (or around 32 percent) of Software amp Platforms business leaders are already investing in areas like machine learningAI and automation as most of them instead invest in IoT security security intelligence platforms and blockchain (see Figure 12)
In which of the following newemerging technologies are you investing to evolve your security programm (multiple responses)
61
54
49
48
37
37
32
55
54
48
45
45
44
43
IoT security
Security intelligence platforms
Threat hunting
Continuous control monitoringand reporting
Managed security services
Machine learningAI
38
37
41
40
Password-less authentication
Robotic process automation (RPA)
Blockchain
Global 2018 SampP
In which of the following newemerging technologies are you investing to evolve your security program (Multiple responses)
11
Both internal and external focus needed
In terms of delivering the next wave of improvements it is easy to focus exclusively on counteracting external attacks but organizations should not neglect the enemy within When looking at the incidents security teams fail to prevent the top two attacks with the greatest impact are external attacks such as hackers and internal attacks such as malicious insiders (see Figure 13) Furthermore these two types of attacks are also the most frequent ones according to respondents This serves as a timely reminder for organizations to protect themselves from the inside out against the equally damaging threats of internal and external attacks
FIGURE 13 External attacks such as hackers and internal attacks such as malicious insiders are both the most frequent attacks and those with the greatest impact
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Most damaging breaches ranked by frequency amp impact
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Among the successful breaches please indicate which of the following causes had the greatest impact
12
FIGURE 15 41 of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their partners as to their own business
FIGURE 14 On average one-quarter of a Software amp Platforms company is not protected by a cybersecurity program
On average Software amp Platforms respondents said a cybersecurity program does not protect one-quarter (27 percent) of their organization (see Figure 14) including corporate IT and the systems in the corporate office Protection of third parties ranked lowest of all at only 36 percent
Cybersecurity performance should also extend beyond the organizationsrsquo own four walls but for many organizations they are only as good as their weakest link Subsidiary and third-party risk is top of mind especially when 41 percent of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their extended ecosystem of partners as they apply to their own business (see Figure 15)
Consequently Software amp Platforms companies must do more to put the basics of cybersecurity in place to protect their most valuable assetsmdashfrom the inside outmdashacross their entire industry value chain
Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards
Not protected Protected
2018 Global 2018 SampP
67
33
73
27
Not protected Protected
2018 Global 2018 SampP
67
33
73
27
Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards
We do not review cybersecurity standards of partners
We review cybersecurity standards of partners but do not impose any standards or requirements
We hold partners to a min standards for cybersecurity that is below our business standards and audit regularly
We hold partners to the same cybersecurity standards as our business and audit regularly
We hold partners to higher cybersecurity standards than our business
2018 Global 2018 SampP
46
16
14
18
6
37
21
15
22
5
13
FIGURE 16 Share of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE
2 of FTEs work with security at Software amp Platforms companies
Organizations rely on their internal security workforce but also supplement it with contractors and outsourced staff Software amp Platforms companies have less of their total headcount around 2 percent work with security compared to the global average of almost 3 percent At the same time Software amp Platforms companies have more employees working with ldquoSecurity Strategy and Leadershiprdquo PMO and ldquoSecurity Architecture and Engineeringrdquo On the other hand Software amp Platforms companies have fewer contractors and consultants as well as fewer outsourced FTEs than the global average (see Figure 16)
Percentage of various Internal Security FTE ContractorsConsultants and Outsoursed FTE as a percentage of Total FTE
2
073
059
088
06
075
286
073
071
07
067
066
Security FTE
Security operations
Security strategy andleadership PMO
Security architectureand engineering
Risk and compliance
033
02
057
032
Contractorsconsultants
Outsourced
Digital identity
Global 2018 SampP
Percentage of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE
14
FIGURE 17 Software amp Platforms respondents feel least confident about their organizationrsquos effectiveness when it comes to Third Party amp Compliance while they are generally confident about their cybersecurity capabilities and effectiveness
Confidence is high amongst Software amp Platforms respondents on all capabilities we asked them about For example 86 percent feel confident about their companyrsquos ability to monitor breaches 87 percent feel confident about identifying the cause of a breach and 84 percent feel confident about restoring normal activity after a breach (see Figure 17)
Although confidence is also generally high amongst respondents in their organizationrsquos cybersecurity effectiveness only 76 percent feel confident in their Third Party amp Compliance-related effectiveness (see Figure 17)
Software amp Platforms companies rate themselves the least effective in Third Party amp Compliance
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
How confident are you in the effectiveness of each of the following for your organization
15
Five steps to cyber resilienceBuild on a strong foundation harden and protect your core assets Important to identify the high-value assets of your company and then strengthen their security as Software amp Platforms companies today do not protect on average a quarter of their organization with their cybersecurity program Make sure to prepare for the worst and test those scenarios
Pressure test your resilience use coached incident simulation As the red team blue team modelmdashwhere a red team is tasked with infiltrating your security system and a blue team is tasked with detecting itmdashhas its limitations we advise using a coached incident simulation often referred to as purple teaming which also uses threat intelligence and advanced adversary simulation techniques as well as coaching
Employ breakthrough technologies automate defenses Use AI big data analytics and machine learning to enable security teams to react and respond in nano- or milliseconds not minutes hours or days Furthermore implement multi-factor authentication user behavior monitoring AI-driven access provisioning and deprovisioning
Use intelligence and data to be proactive hunt threats Use a data-driven approach and advanced threat intelligence to better anticipate potential attacks and develop a more proactive security posture for your business
Evolve the role of the CISO The next-generation CISO should be business adept and tech-savvy someone who is equally at home in the boardroom as in the security operations center
01
02
03
04
05
15
ABOUT ACCENTUREAccenture is a leading global professional services company providing a broad range of services and solutions in strategy consulting digital technology and operations Combining unmatched experience and specialized skills across more than 40 industries and all business functions ndash underpinned by the worldrsquos largest delivery network ndash Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders With 459000 people serving clients in more than 120 countries Accenture drives innovation to improve the way the world works and lives Visit us at wwwaccenturecom
Copyright copy 2018 Accenture All rights reserved
Accenture and its logo are trademarks of Accenture
For more information contact Kevin Collins kevinjcollinsaccenturecom
Paul Johnson pauldjohnsonaccenturecom
11
Both internal and external focus needed
In terms of delivering the next wave of improvements it is easy to focus exclusively on counteracting external attacks but organizations should not neglect the enemy within When looking at the incidents security teams fail to prevent the top two attacks with the greatest impact are external attacks such as hackers and internal attacks such as malicious insiders (see Figure 13) Furthermore these two types of attacks are also the most frequent ones according to respondents This serves as a timely reminder for organizations to protect themselves from the inside out against the equally damaging threats of internal and external attacks
FIGURE 13 External attacks such as hackers and internal attacks such as malicious insiders are both the most frequent attacks and those with the greatest impact
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Most damaging breaches rankedby frequency amp impact
70
56
44
43
39
26
24
69
59
37
45
43
27
21
Internal attack (eg
0
malicious insiders)
Hacker attack
Configuration errorthat affected securityLegacy infrastructurethat is challenging to
secure
Loststolen media
Loststolen computer
Among the successful breaches please indicate which of the following causes had the greatest impact
61
58
53
45
36
25
21
61
66
49
46
39
21
18
Internal attack (egmalicious insiders)
Hacker attack
Accidentally published information
Accidentally published information
Legacy infrastructurethat is challenging to
secureConfiguration error
that affected security
Loststolen media
Loststolen computer
Global
External Attacks
Configuration ErrorLegacy Infrastructure
Loststolen MediaLoststolen Computer
AccidentallyPublished Information
Internal Attacks
Software amp Platforms
5
5 10 15 20 25 30 35 40
10
15
20
25
30
35
40
Greatest Impact
Most Frequent
Most damaging breaches ranked by frequency amp impact
Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)
Among the successful breaches please indicate which of the following causes had the greatest impact
12
FIGURE 15 41 of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their partners as to their own business
FIGURE 14 On average one-quarter of a Software amp Platforms company is not protected by a cybersecurity program
On average Software amp Platforms respondents said a cybersecurity program does not protect one-quarter (27 percent) of their organization (see Figure 14) including corporate IT and the systems in the corporate office Protection of third parties ranked lowest of all at only 36 percent
Cybersecurity performance should also extend beyond the organizationsrsquo own four walls but for many organizations they are only as good as their weakest link Subsidiary and third-party risk is top of mind especially when 41 percent of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their extended ecosystem of partners as they apply to their own business (see Figure 15)
Consequently Software amp Platforms companies must do more to put the basics of cybersecurity in place to protect their most valuable assetsmdashfrom the inside outmdashacross their entire industry value chain
Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards
Not protected Protected
2018 Global 2018 SampP
67
33
73
27
Not protected Protected
2018 Global 2018 SampP
67
33
73
27
Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards
We do not review cybersecurity standards of partners
We review cybersecurity standards of partners but do not impose any standards or requirements
We hold partners to a min standards for cybersecurity that is below our business standards and audit regularly
We hold partners to the same cybersecurity standards as our business and audit regularly
We hold partners to higher cybersecurity standards than our business
2018 Global 2018 SampP
46
16
14
18
6
37
21
15
22
5
13
FIGURE 16 Share of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE
2 of FTEs work with security at Software amp Platforms companies
Organizations rely on their internal security workforce but also supplement it with contractors and outsourced staff Software amp Platforms companies have less of their total headcount around 2 percent work with security compared to the global average of almost 3 percent At the same time Software amp Platforms companies have more employees working with ldquoSecurity Strategy and Leadershiprdquo PMO and ldquoSecurity Architecture and Engineeringrdquo On the other hand Software amp Platforms companies have fewer contractors and consultants as well as fewer outsourced FTEs than the global average (see Figure 16)
Percentage of various Internal Security FTE ContractorsConsultants and Outsoursed FTE as a percentage of Total FTE
2
073
059
088
06
075
286
073
071
07
067
066
Security FTE
Security operations
Security strategy andleadership PMO
Security architectureand engineering
Risk and compliance
033
02
057
032
Contractorsconsultants
Outsourced
Digital identity
Global 2018 SampP
Percentage of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE
14
FIGURE 17 Software amp Platforms respondents feel least confident about their organizationrsquos effectiveness when it comes to Third Party amp Compliance while they are generally confident about their cybersecurity capabilities and effectiveness
Confidence is high amongst Software amp Platforms respondents on all capabilities we asked them about For example 86 percent feel confident about their companyrsquos ability to monitor breaches 87 percent feel confident about identifying the cause of a breach and 84 percent feel confident about restoring normal activity after a breach (see Figure 17)
Although confidence is also generally high amongst respondents in their organizationrsquos cybersecurity effectiveness only 76 percent feel confident in their Third Party amp Compliance-related effectiveness (see Figure 17)
Software amp Platforms companies rate themselves the least effective in Third Party amp Compliance
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
How confident are you in the effectiveness of each of the following for your organization
15
Five steps to cyber resilienceBuild on a strong foundation harden and protect your core assets Important to identify the high-value assets of your company and then strengthen their security as Software amp Platforms companies today do not protect on average a quarter of their organization with their cybersecurity program Make sure to prepare for the worst and test those scenarios
Pressure test your resilience use coached incident simulation As the red team blue team modelmdashwhere a red team is tasked with infiltrating your security system and a blue team is tasked with detecting itmdashhas its limitations we advise using a coached incident simulation often referred to as purple teaming which also uses threat intelligence and advanced adversary simulation techniques as well as coaching
Employ breakthrough technologies automate defenses Use AI big data analytics and machine learning to enable security teams to react and respond in nano- or milliseconds not minutes hours or days Furthermore implement multi-factor authentication user behavior monitoring AI-driven access provisioning and deprovisioning
Use intelligence and data to be proactive hunt threats Use a data-driven approach and advanced threat intelligence to better anticipate potential attacks and develop a more proactive security posture for your business
Evolve the role of the CISO The next-generation CISO should be business adept and tech-savvy someone who is equally at home in the boardroom as in the security operations center
01
02
03
04
05
15
ABOUT ACCENTUREAccenture is a leading global professional services company providing a broad range of services and solutions in strategy consulting digital technology and operations Combining unmatched experience and specialized skills across more than 40 industries and all business functions ndash underpinned by the worldrsquos largest delivery network ndash Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders With 459000 people serving clients in more than 120 countries Accenture drives innovation to improve the way the world works and lives Visit us at wwwaccenturecom
Copyright copy 2018 Accenture All rights reserved
Accenture and its logo are trademarks of Accenture
For more information contact Kevin Collins kevinjcollinsaccenturecom
Paul Johnson pauldjohnsonaccenturecom
12
FIGURE 15 41 of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their partners as to their own business
FIGURE 14 On average one-quarter of a Software amp Platforms company is not protected by a cybersecurity program
On average Software amp Platforms respondents said a cybersecurity program does not protect one-quarter (27 percent) of their organization (see Figure 14) including corporate IT and the systems in the corporate office Protection of third parties ranked lowest of all at only 36 percent
Cybersecurity performance should also extend beyond the organizationsrsquo own four walls but for many organizations they are only as good as their weakest link Subsidiary and third-party risk is top of mind especially when 41 percent of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their extended ecosystem of partners as they apply to their own business (see Figure 15)
Consequently Software amp Platforms companies must do more to put the basics of cybersecurity in place to protect their most valuable assetsmdashfrom the inside outmdashacross their entire industry value chain
Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards
Not protected Protected
2018 Global 2018 SampP
67
33
73
27
Not protected Protected
2018 Global 2018 SampP
67
33
73
27
Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards
We do not review cybersecurity standards of partners
We review cybersecurity standards of partners but do not impose any standards or requirements
We hold partners to a min standards for cybersecurity that is below our business standards and audit regularly
We hold partners to the same cybersecurity standards as our business and audit regularly
We hold partners to higher cybersecurity standards than our business
2018 Global 2018 SampP
46
16
14
18
6
37
21
15
22
5
13
FIGURE 16 Share of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE
2 of FTEs work with security at Software amp Platforms companies
Organizations rely on their internal security workforce but also supplement it with contractors and outsourced staff Software amp Platforms companies have less of their total headcount around 2 percent work with security compared to the global average of almost 3 percent At the same time Software amp Platforms companies have more employees working with ldquoSecurity Strategy and Leadershiprdquo PMO and ldquoSecurity Architecture and Engineeringrdquo On the other hand Software amp Platforms companies have fewer contractors and consultants as well as fewer outsourced FTEs than the global average (see Figure 16)
Percentage of various Internal Security FTE ContractorsConsultants and Outsoursed FTE as a percentage of Total FTE
2
073
059
088
06
075
286
073
071
07
067
066
Security FTE
Security operations
Security strategy andleadership PMO
Security architectureand engineering
Risk and compliance
033
02
057
032
Contractorsconsultants
Outsourced
Digital identity
Global 2018 SampP
Percentage of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE
14
FIGURE 17 Software amp Platforms respondents feel least confident about their organizationrsquos effectiveness when it comes to Third Party amp Compliance while they are generally confident about their cybersecurity capabilities and effectiveness
Confidence is high amongst Software amp Platforms respondents on all capabilities we asked them about For example 86 percent feel confident about their companyrsquos ability to monitor breaches 87 percent feel confident about identifying the cause of a breach and 84 percent feel confident about restoring normal activity after a breach (see Figure 17)
Although confidence is also generally high amongst respondents in their organizationrsquos cybersecurity effectiveness only 76 percent feel confident in their Third Party amp Compliance-related effectiveness (see Figure 17)
Software amp Platforms companies rate themselves the least effective in Third Party amp Compliance
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
How confident are you in the effectiveness of each of the following for your organization
15
Five steps to cyber resilienceBuild on a strong foundation harden and protect your core assets Important to identify the high-value assets of your company and then strengthen their security as Software amp Platforms companies today do not protect on average a quarter of their organization with their cybersecurity program Make sure to prepare for the worst and test those scenarios
Pressure test your resilience use coached incident simulation As the red team blue team modelmdashwhere a red team is tasked with infiltrating your security system and a blue team is tasked with detecting itmdashhas its limitations we advise using a coached incident simulation often referred to as purple teaming which also uses threat intelligence and advanced adversary simulation techniques as well as coaching
Employ breakthrough technologies automate defenses Use AI big data analytics and machine learning to enable security teams to react and respond in nano- or milliseconds not minutes hours or days Furthermore implement multi-factor authentication user behavior monitoring AI-driven access provisioning and deprovisioning
Use intelligence and data to be proactive hunt threats Use a data-driven approach and advanced threat intelligence to better anticipate potential attacks and develop a more proactive security posture for your business
Evolve the role of the CISO The next-generation CISO should be business adept and tech-savvy someone who is equally at home in the boardroom as in the security operations center
01
02
03
04
05
15
ABOUT ACCENTUREAccenture is a leading global professional services company providing a broad range of services and solutions in strategy consulting digital technology and operations Combining unmatched experience and specialized skills across more than 40 industries and all business functions ndash underpinned by the worldrsquos largest delivery network ndash Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders With 459000 people serving clients in more than 120 countries Accenture drives innovation to improve the way the world works and lives Visit us at wwwaccenturecom
Copyright copy 2018 Accenture All rights reserved
Accenture and its logo are trademarks of Accenture
For more information contact Kevin Collins kevinjcollinsaccenturecom
Paul Johnson pauldjohnsonaccenturecom
13
FIGURE 16 Share of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE
2 of FTEs work with security at Software amp Platforms companies
Organizations rely on their internal security workforce but also supplement it with contractors and outsourced staff Software amp Platforms companies have less of their total headcount around 2 percent work with security compared to the global average of almost 3 percent At the same time Software amp Platforms companies have more employees working with ldquoSecurity Strategy and Leadershiprdquo PMO and ldquoSecurity Architecture and Engineeringrdquo On the other hand Software amp Platforms companies have fewer contractors and consultants as well as fewer outsourced FTEs than the global average (see Figure 16)
Percentage of various Internal Security FTE ContractorsConsultants and Outsoursed FTE as a percentage of Total FTE
2
073
059
088
06
075
286
073
071
07
067
066
Security FTE
Security operations
Security strategy andleadership PMO
Security architectureand engineering
Risk and compliance
033
02
057
032
Contractorsconsultants
Outsourced
Digital identity
Global 2018 SampP
Percentage of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE
14
FIGURE 17 Software amp Platforms respondents feel least confident about their organizationrsquos effectiveness when it comes to Third Party amp Compliance while they are generally confident about their cybersecurity capabilities and effectiveness
Confidence is high amongst Software amp Platforms respondents on all capabilities we asked them about For example 86 percent feel confident about their companyrsquos ability to monitor breaches 87 percent feel confident about identifying the cause of a breach and 84 percent feel confident about restoring normal activity after a breach (see Figure 17)
Although confidence is also generally high amongst respondents in their organizationrsquos cybersecurity effectiveness only 76 percent feel confident in their Third Party amp Compliance-related effectiveness (see Figure 17)
Software amp Platforms companies rate themselves the least effective in Third Party amp Compliance
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
How confident are you in the effectiveness of each of the following for your organization
15
Five steps to cyber resilienceBuild on a strong foundation harden and protect your core assets Important to identify the high-value assets of your company and then strengthen their security as Software amp Platforms companies today do not protect on average a quarter of their organization with their cybersecurity program Make sure to prepare for the worst and test those scenarios
Pressure test your resilience use coached incident simulation As the red team blue team modelmdashwhere a red team is tasked with infiltrating your security system and a blue team is tasked with detecting itmdashhas its limitations we advise using a coached incident simulation often referred to as purple teaming which also uses threat intelligence and advanced adversary simulation techniques as well as coaching
Employ breakthrough technologies automate defenses Use AI big data analytics and machine learning to enable security teams to react and respond in nano- or milliseconds not minutes hours or days Furthermore implement multi-factor authentication user behavior monitoring AI-driven access provisioning and deprovisioning
Use intelligence and data to be proactive hunt threats Use a data-driven approach and advanced threat intelligence to better anticipate potential attacks and develop a more proactive security posture for your business
Evolve the role of the CISO The next-generation CISO should be business adept and tech-savvy someone who is equally at home in the boardroom as in the security operations center
01
02
03
04
05
15
ABOUT ACCENTUREAccenture is a leading global professional services company providing a broad range of services and solutions in strategy consulting digital technology and operations Combining unmatched experience and specialized skills across more than 40 industries and all business functions ndash underpinned by the worldrsquos largest delivery network ndash Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders With 459000 people serving clients in more than 120 countries Accenture drives innovation to improve the way the world works and lives Visit us at wwwaccenturecom
Copyright copy 2018 Accenture All rights reserved
Accenture and its logo are trademarks of Accenture
For more information contact Kevin Collins kevinjcollinsaccenturecom
Paul Johnson pauldjohnsonaccenturecom
14
FIGURE 17 Software amp Platforms respondents feel least confident about their organizationrsquos effectiveness when it comes to Third Party amp Compliance while they are generally confident about their cybersecurity capabilities and effectiveness
Confidence is high amongst Software amp Platforms respondents on all capabilities we asked them about For example 86 percent feel confident about their companyrsquos ability to monitor breaches 87 percent feel confident about identifying the cause of a breach and 84 percent feel confident about restoring normal activity after a breach (see Figure 17)
Although confidence is also generally high amongst respondents in their organizationrsquos cybersecurity effectiveness only 76 percent feel confident in their Third Party amp Compliance-related effectiveness (see Figure 17)
Software amp Platforms companies rate themselves the least effective in Third Party amp Compliance
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
42404343
42414839
4241
4840
4546
4241
42424241
4140
4042
4245
3945
Monitor for breaches
Identify the cause of a breach
Measure the impact of a breach
Restore normal activityafter a breach
Know the frequencyof breaches
Manage financial risk due to a cybersecurity event
Minimize disruption froma cybersecurity event
Manage reputational risk dueto a cybersecurity event
Global | Confident Global | Extremely Confident
SampP | Confident SampP | Extremely Confident
39413748
How confident are you in the effectiveness of each of the following for your organization
45404545
43424643
4242
4640
4148
4243
48383943
4242
4041
4840
4145
Password Mgmt
Infrastructure security
Application Mgmt
Patch Mgmt
User Account Mgmt
Physical security
Configurationamp Change Mgmt
Training amp awareness
Third Party amp Compliance
Asset Mgmt
Global 2018 SampP
40434344
39433847
35413244
How confident are you that your organization can do the following
How confident are you in the effectiveness of each of the following for your organization
15
Five steps to cyber resilienceBuild on a strong foundation harden and protect your core assets Important to identify the high-value assets of your company and then strengthen their security as Software amp Platforms companies today do not protect on average a quarter of their organization with their cybersecurity program Make sure to prepare for the worst and test those scenarios
Pressure test your resilience use coached incident simulation As the red team blue team modelmdashwhere a red team is tasked with infiltrating your security system and a blue team is tasked with detecting itmdashhas its limitations we advise using a coached incident simulation often referred to as purple teaming which also uses threat intelligence and advanced adversary simulation techniques as well as coaching
Employ breakthrough technologies automate defenses Use AI big data analytics and machine learning to enable security teams to react and respond in nano- or milliseconds not minutes hours or days Furthermore implement multi-factor authentication user behavior monitoring AI-driven access provisioning and deprovisioning
Use intelligence and data to be proactive hunt threats Use a data-driven approach and advanced threat intelligence to better anticipate potential attacks and develop a more proactive security posture for your business
Evolve the role of the CISO The next-generation CISO should be business adept and tech-savvy someone who is equally at home in the boardroom as in the security operations center
01
02
03
04
05
15
ABOUT ACCENTUREAccenture is a leading global professional services company providing a broad range of services and solutions in strategy consulting digital technology and operations Combining unmatched experience and specialized skills across more than 40 industries and all business functions ndash underpinned by the worldrsquos largest delivery network ndash Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders With 459000 people serving clients in more than 120 countries Accenture drives innovation to improve the way the world works and lives Visit us at wwwaccenturecom
Copyright copy 2018 Accenture All rights reserved
Accenture and its logo are trademarks of Accenture
For more information contact Kevin Collins kevinjcollinsaccenturecom
Paul Johnson pauldjohnsonaccenturecom
15
Five steps to cyber resilienceBuild on a strong foundation harden and protect your core assets Important to identify the high-value assets of your company and then strengthen their security as Software amp Platforms companies today do not protect on average a quarter of their organization with their cybersecurity program Make sure to prepare for the worst and test those scenarios
Pressure test your resilience use coached incident simulation As the red team blue team modelmdashwhere a red team is tasked with infiltrating your security system and a blue team is tasked with detecting itmdashhas its limitations we advise using a coached incident simulation often referred to as purple teaming which also uses threat intelligence and advanced adversary simulation techniques as well as coaching
Employ breakthrough technologies automate defenses Use AI big data analytics and machine learning to enable security teams to react and respond in nano- or milliseconds not minutes hours or days Furthermore implement multi-factor authentication user behavior monitoring AI-driven access provisioning and deprovisioning
Use intelligence and data to be proactive hunt threats Use a data-driven approach and advanced threat intelligence to better anticipate potential attacks and develop a more proactive security posture for your business
Evolve the role of the CISO The next-generation CISO should be business adept and tech-savvy someone who is equally at home in the boardroom as in the security operations center
01
02
03
04
05
15
ABOUT ACCENTUREAccenture is a leading global professional services company providing a broad range of services and solutions in strategy consulting digital technology and operations Combining unmatched experience and specialized skills across more than 40 industries and all business functions ndash underpinned by the worldrsquos largest delivery network ndash Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders With 459000 people serving clients in more than 120 countries Accenture drives innovation to improve the way the world works and lives Visit us at wwwaccenturecom
Copyright copy 2018 Accenture All rights reserved
Accenture and its logo are trademarks of Accenture
For more information contact Kevin Collins kevinjcollinsaccenturecom
Paul Johnson pauldjohnsonaccenturecom
ABOUT ACCENTUREAccenture is a leading global professional services company providing a broad range of services and solutions in strategy consulting digital technology and operations Combining unmatched experience and specialized skills across more than 40 industries and all business functions ndash underpinned by the worldrsquos largest delivery network ndash Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders With 459000 people serving clients in more than 120 countries Accenture drives innovation to improve the way the world works and lives Visit us at wwwaccenturecom
Copyright copy 2018 Accenture All rights reserved
Accenture and its logo are trademarks of Accenture
For more information contact Kevin Collins kevinjcollinsaccenturecom
Paul Johnson pauldjohnsonaccenturecom