PHOTO
RIYADH, Saudi Arabia – Companies in Saudi Arabia are less than half as likely as those elsewhere to be leaders in cybersecurity performance, according to a new study from Accenture (NYSE: ACN).
Based on a survey of more than 4,600 enterprise security practitioners around the globe, Accenture’s Third Annual State of Cyber Resilience study explores the extent to which companies prioritize security, the effectiveness of current security efforts, and the impact of new security-related investments.
The report identifies a group of “leaders” — companies that achieved better results from their cybersecurity technology investments than did other organizations. To be a “leader,” a company needed to be among the highest performers in at least three of the following four categories: stopping more attacks; finding breaches faster; fixing breaches faster; and reducing breach impact.
Only 8% of Saudi companies fell into the “leader” category, compared with 17% of surveyed companies globally. (The vast majority — 74% — of respondents were categorized as “non-leaders”; average performers in terms of cyber resilience but far from being laggards.)
In addition, Saudi companies took longer to detect and respond to attacks. In fact, they were only one-third as likely as other companies to resolve breaches in 15 days or less (32%, compared with the global average of 96%).
Moreover, the study noted that less than one-fifth of organizations globally are stopping cyberattacks and finding and fixing breaches fast enough to lower the impact.
“The survey findings should be a wake-up call for companies in one of the most critical markets in the region,” said Ahmed Etman, who leads Accenture Security in the Middle East. “There is an enormous opportunity for Saudi businesses to improve their cyber-resilience by reducing the time it takes to detect and respond to attacks.”
Global insights and recommendations:
Kelly Bissell, who leads Accenture Security globally, said, “Our analysis identifies a group of standout organizations that appear to have cracked the code of cybersecurity when it comes to best practices. Leaders in our survey are far quicker at detecting a breach, mobilizing their response, minimizing the damage and getting operations back to normal.”
For instance, leaders were four times more likely than non-leaders to detect a breach in less than one day (88% vs. 22%). And when defenses fail, nearly all (96%) of the leaders fixed breaches in 15 days or less, on average, whereas nearly two-thirds (64%) of non-leaders took 16 days or longer to remediate a breach — with nearly half of those taking more than a month.
Among the key differences in cybersecurity practices that the report identified between leaders and non-leaders:
- Leaders focus more of their budget allocations on sustaining what they already have, whereas non-leaders place significantly more emphasis on piloting and scaling new capabilities.
- Leaders were nearly three times less likely to have had more than 500,000 customer records exposed through cyberattacks in the last 12 months (15% vs. 44%).
- Leaders were more than three times as likely to provide users of security tools with required training for those tools (30% vs. 9%).
The study also found that more than four in five respondents globally (83%) believe that organizations need to think beyond securing just their own enterprises and take better steps to secure their vendor ecosystems. Additionally, while cybersecurity programs designed to protect data and other key assets are only actively protecting about 60% of an organization’s business ecosystem, which includes vendors and other business partners, 40% of breaches come through this route.
“The sizable number of vendor relationships that most organizations have poses a significant challenge to their ability to monitor that business ecosystem,” Bissell said. “Yet, given the large percentage of breaches that originate in an organization’s supply chain, companies need to ensure that their cyber defenses stretch beyond their own walls.”
Accenture Security recommends three practical and actionable steps that organizations can take to be more like leaders in terms of cybersecurity:
- Invest for operational speed — prioritize technology that focuses on faster detection, response and recovery.
- Drive value from new investments — scale, train and collaborate more.
- Sustain what you have — maintain existing investments and perform better at the basics.
To learn more about the research, download the Third Annual State of Cyber Resilience study here.
Methodology
Accenture Research surveyed 4,644 executives representing companies with annual revenues of at least US$1 billion in 24 industries and 16 countries across North and South America, Europe and Asia Pacific. Nearly all respondents (98%) were the sole or key decision-maker regarding their organization’s cybersecurity strategy and spending.
-Ends-
About Accenture
Accenture is a leading global professional services company, providing a broad range of services in strategy and consulting, interactive, technology and operations, with digital capabilities across all of these services. We combine unmatched experience and specialized capabilities across more than 40 industries – powered by the world’s largest network of Advanced Technology and Intelligent Operations centers. With 509,000 people serving clients in more than 120 countries, Accenture brings continuous innovation to help clients improve their performance and create lasting value across their enterprises. Visit us at www.accenture.com.
Accenture Security helps organizations build resilience from the inside out, so they can confidently focus on innovation and growth. Leveraging its global network of cybersecurity labs, deep industry understanding across client value chains and services that span the security lifecycle, Accenture protects organizations’ valuable assets, end-to-end. With services that include strategy and risk management, cyber defense, digital identity, application security and managed security, Accenture enables businesses around the world to defend against known sophisticated threats, and the unknown. Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.
Copyright © 2020 Accenture. All rights reserved. Accenture and its logo are trademarks of Accenture. The information in this press release and the “Third Annual State of Cyber Resilience” study is general in nature and does not consider the specific needs of your IT ecosystem and network, which may vary and require unique action. As such, all information is provided on an “as-is” basis without representation or warranty, and the reader is responsible for determining whether to follow any of the suggestions, recommendations or potential mitigations at their own discretion. Accenture accepts no liability for any action or failure to act in response to the information contained or referenced in this press release or the mentioned report.
© Press Release 2020
Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.
The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.
To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.