Accenture Survey Reveals Dangerous Cybersecurity Disconnect

According to a recent report from Accenture, three quarters of security executives are confident in their organization’s cybersecurity strategies, even though time and again those strategies have been shown to be ineffective.

Accenture recently polled 2,000 security executives as part of a recent global cybersecurity survey. Accenture’s research has shown that cybersecurity defenses are being frequently breached. One in three targeted breach attempts are successful. Accenture says its recent survey has revealed a dangerous cybersecurity disconnect exists in many organizations.

A 33% failure rate should certainly not inspire confidence, especially given the number of targeted attacks that are taking place. A typical large enterprise is required to repel more than one hundred targeted breach attempts every year. That equates to two to three successful breach attempts every month.

The survey also revealed it often takes months for data breaches to be identified. 51% of respondents indicated breaches are discovered months after they occur. For many companies, breach detection takes much longer. 17% of respondents said breaches are discovered within a year or longer.

Large enterprises struggle to identify breaches due to pressure on resources and a lack of breach detection tools. Only 65% of breaches were identified by internal IT staff, with the remaining 35% discovered by white hat hackers, law enforcement, or employees.

Attention is also focused on protecting the network perimeter from hackers and little effort is spent on protecting data from malicious insiders. 78% of respondents said their focus was on protecting the network perimeter, although a majority of respondents said internal breaches caused the most damage. Two out of three respondents lacked confidence in their organization’s ability to monitor for internal data breaches.

Interestingly, when asked what security executives would do if their budgets were increased, 44-54% would use the funds to double down on existing technologies, even though those technologies have been shown to be ineffective at preventing breaches.

This finding also tallies with a recent survey conducted by Endpoint security firm Barkly. Barkly polled companies and asked questions about defenses against ransomware. Following a ransomware attack that successfully bypassed company’s security defenses, organizations still chose to reinvest in the same technologies that proved so ineffective at preventing an attack.

While increased investment in cybersecurity defenses is needed, it is essential that the correct technologies are purchased and resources are directed intelligently. Accenture suggests organizations must be prepared to redirect some resources to new strategies and programs, instead of reinvesting in current cybersecurity programs. Only then will organizations be able to develop effective cybersecurity defenses and repel increasingly sophisticated cyberattacks.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.