Cyber resilience is in our sights – but there’s more to be done

by Ryan LaSalle, managing director of growth and strategy and cyber defence lead at Accenture Security for telegraph.co.uk

It’s a sad fact of life for those of us in cybersecurity that newsworthy security breaches are now almost a weekly occurrence. The surprisingly good news is that security teams are getting better at preventing, finding and fixing breaches. The disappointingly bad news is that robust cyber resilience is still some way off – and the pressure to perform grows daily in the face of more damaging threats.

Recent Accenture reports on cyber resilience found that, while targeted cyberattacks doubled in the past year, companies are spotting more attacks, and discovering them earlier, which is keeping many threats at bay. So, while the number of security breaches is still too high, there’s an improvement in stopping these attacks before they do harm.

The research, which surveyed 4,600 executives responsible for cybersecurity decision making, suggests that organisations that maintain the current level of improvement could achieve cyber resilience in as little as two to three years. But, given the scale of the threat, they are going to need to keep up with the transformation they’ve started and ensure they have the fundamentals in place to keep building upon success. New attacks are evolving daily, and their volume is increasing. Even as security performance increases, so, too, must our attention and our innovation.

New methods and technologies have helped cut the time it takes to spot an attack from months and years to weeks. Breaches are now regularly detected within one month for 89pc of respondents, up from just 32pc last year. Threats were spotted within a week for 55pc of respondents, up from 10pc in 2017.

But the successes reported here are not representative of business as a whole. Only 23pc of organisations were confident that they were spotting three-quarters or more of all attacks, whereas 24pc felt that more than half had probably passed them by.

Moreover, 71pc of respondents admitted that while they may know cyberattacks are coming, and feel confident in spotting many of them, they are still at a loss to know when, or how, they will impact their organisation when they do.

Clearly, more information, capability and insight is needed. For all of the success in tackling cybercrime, robust strategies, committed leaders and coherent investment is still very much the basic safeguard for every business, as digitisation increases our exposure to new, online threats.

Securing the future

Ninety per cent of the surveyed cybersecurity respondents expect investment in cybersecurity to increase in the next three years, and 31pc expect that increase to be significant (double or more). But organisations can achieve more within existing budgets by making smarter investments in the areas that make a difference.

And there’s no guarantee that what works today will work tomorrow. Among respondents, 83pc agree new technology will be needed by security experts going forward, yet only around 40pc are investing in artificial intelligence (AI), blockchain, machine learning or automation technologies, citing budget constraints.

The prioritisation of security has seen successful focused attacks fall from one in three to one in eight in the past year

We need to turn this on its head, recognising the positive progress made in cybersecurity through leveraging the investment and the increased attention paid to it. We need to embrace new technology, such as AI and blockchain, to make increasingly resilient organisations. We need to expand the conversations on data security that have emerged, thanks to regulations such as GDPR and well-publicised breaches, to ensure that, in the future, organisations know what data they hold and why they are holding it. We need to think security-first, always.

Investing in these areas will do more than simply beef up the cybersecurity in organisations; it can be the springboard to innovation and opportunity across every function and could unlock significant growth.

If you would like to discuss how can your company can become more cyber resilient, give our team a call on 0345 4509393 opt 1.