埃森哲：2020年網絡彈性創新報告- 埃森哲（英文版）（48頁）.pdf

《埃森哲：2020年網絡彈性創新報告- 埃森哲（英文版）（48頁）.pdf》由會員分享，可在線閱讀，更多相關《埃森哲：2020年網絡彈性創新報告- 埃森哲（英文版）（48頁）.pdf（48頁珍藏版）》請在三個皮匠報告上搜索。

1、 THIRD ANNUAL STATE OF CYBER RESILIENCE INNOVATE FOR CYBER RESILIENCE LESSONS FROM LEADERS TO MASTER CYBERSECURITY EXECUTION Copyright 2020 Accenture. All rights reserved. CONTENTS ABOUT THE AUTHORS .3 SECURE INNOVATION.4 AT A GLANCE .5 THE STATE OF CYBER RESILIENCE. 7 WHERE ARE WE NOW? Investment i

2、n innovation grows . 8 The basics seem better.9 Progress masks hidden threats. 10 Unsustainable cost increases .12 Security investments are failing .14 WHY LEADERS ARE MORE CYBER RESILIENT . 16 Stop more attacks.18 Find breaches faster .20 Fix breaches faster. 22 Reduce breach impact. 24 WHAT MAKES

3、LEADERS SUCCESSFUL . 27 INVEST FOR OPERATIONAL SPEED Prioritize moving fast . 28 Choose turbo-charging technologies .30 DRIVE VALUE FROM NEW INVESTMENTS Scale more . 32 Train more.34 Collaborate more.36 SUSTAIN WHAT THEY HAVE Maintain existing investments.38 Perform better at the basics .39 MASTERIN

4、G CYBERSECURITY EXECUTION. 40 ABOUT THE RESEARCH . 41 Our methodology .43 Demographics.45 Reporting structure.46 Budget authorization . 47 2 Copyright 2020 Accenture. All rights reserved. ABOUT THE AUTHORS KELLY BISSELL GLOBAL LEAD ACCENTURE SECURITY Kelly leads the Accenture Security business globa

5、lly. With more than 25 years of security industry experience, Kelly specializes in breach incident response, identity management, privacy and data protection, secure software development, and cyber risk management. His role as the Accenture Security lead spans strategic consulting, proactive risk ma

6、nagement and digital identity to cyber defense, response and remediation services, and managed security servicesacross all industries. Kelly is also affiliated to OASIS, a non-profit consortium that drives the development, convergence, and adoption of open standards for the global information societ

7、y. Twitter: RYAN M. LASALLE MANAGING DIRECTOR ACCENTURE SECURITY Ryan leads the North America practice for Accenture Security. He is responsible for nurturing the talented teams that bring transformative solutions to better defend and protect our clients. Over the course of nearly two decades, He ha

8、s worked with Accenture clients in the commercial, non-profit and public sectors helping them identify and implement emerging technology solutions to meet their business needs. Ryan is a Ponemon Institute Fellow and is active with the Greater Washington Board of Trade. Twitter: PAOLO DAL CIN MANAGIN

9、G DIRECTOR ACCENTURE SECURITY Paolo leads the Europe and Latin America practice for Accenture Security. He has 20 years of experience leading complex projects for Accenture clients. He is an expert in security strategy, business resilience, cyber defense and offense, cloud protection, security analy

10、tics, threat intelligence, application security, data protection and managed security services. He has authored several articles on security and is a frequent speaker at security events. Paolo taught information and communication technology (ICT) security at the Universities of Udine, Modena and Mil

11、an. Twitter: 3 Copyright 2020 Accenture. All rights reserved. SECURE INNOVATION At first glance, the basics of cybersecurity are improving and cyber resilience is on the rise. Our latest research shows that most organizations are getting better at preventing direct cyberattacks. But in the shape-shi

12、fting world of cybersecurity, attackers have already moved on to indirect targets, such as vendors and other third parties in the supply chain. It is a situation that creates new battlegrounds even before they have mastered the fight in their own back yard. At the same time, cybersecurity cost incre

13、ases are reaching unsustainable levels and, despite the hefty price tags, security investments often fail to deliver. As a result, many organizations face a tipping point. There is good news for organizations wondering if they will ever move beyond simply gaining ground on the cyber attacker. Our an

14、alysis reveals there is a group of standout organizations that appear to have cracked the cybersecurity code for innovation. Detailed modeling of cybersecurity performance has identified two distinct groups: the first an elite group17 percentthat achieve significantly higher levels of performance co

15、mpared to the rest. These organizations set the bar for innovation and achieve high-performing cyber resilience. The second is the group forming the vast majority of our sample74 percentwho are average performers, but far from being laggards in cyber resilience. This second group has lessons to lear

16、n from our leaders while leaders, too, have further room for improvement. Being innovative in security is different to any other aspect of the business. Caution is necessary. After all, a fail fast approach is not an option for security where attack vulnerabilities could be catastrophic. Growing inv

17、estments in innovation illustrate organizations commitment to prevention and damage limitation. And it is here that leaders excel. By focusing on the technologies that provide the greatest benefit and sustaining what they have, they are finding themselves moving fast and first in the race to cyber r

18、esilience. What is one key to secure innovation? Leaders show us that they scale, train and collaborate more. So, while non-leaders measure their success by focusing on the destination improved cyber resiliencethe leaders focus on how to get there using warp speed to detect, mobilize and remediate.

19、In the Accenture Third Annual State of Cyber Resilience report we take a deep dive into what sets leaders apart. Based on our research among 4,644 executives and backed by our knowledge and deep industry expertise, our findings aim to help organizations innovate securely and build cyber resilience t

20、o help grow with confidence. In this cybersecurity report, we show how organizations are coping with cybersecurity demands since our last analysis and explore what our large sample of non-leaders can do to master cybersecurity execution and drive innovation success. 4 A group of leading organization

21、s are doing things differently HOW DO THEY DO IT? better at stopping attacks better at finding breaches faster better at fixing breaches faster better at reducing breach impact 4x 4x 3x 2x Copyright 2020 Accenture. All rights reserved. AT A GLANCE State of Cyber Resilience Innovation investment is g

22、rowing Cybersecurity basics are better BUT. There are hidden threats Invest for Drive value Sustain Costs are unsustainable operational from new what they Investments are failing speed investments have 5 Copyright 2020 Accenture. All rights reserved. What is cyber resilience? The cyber-resilient bus

23、iness brings together the capabilities of cybersecurity, business continuity and enterprise resilience. It applies fluid security strategies to respond quickly to threats, so it can minimize the damage and continue to operate under attack. As a result, the cyber-resilient business can introduce inno

24、vative offerings and business models securely, strengthen customer trust, and grow with confidence. 6 THE STATE OF CYBER RESILIENCE 7 Copyright 2020 Accenture. All rights reserved. Investment in innovation grows (p.8) The number of leaders spending more than 20 percent of IT budgets on advanced tech

25、nology investments has doubled in the last three years. The basics seem better (p.9) Direct attacks are down 11 percent over the last year and security breaches are down by 27 percent. Progress masks hidden threats (p.10) Indirect attacks against weak links in the supply chain now account for 40 per

26、cent of security breaches. Unsustainable cost increases (p.12) Sixty-nine percent say staying ahead of attackers is a constant battle and the cost is unsustainable. Security investments are failing (p.14) Failures lead to gaps in protection, lower detection rates, longer business impact and more cus

27、tomer data loss. Copyright 2020 Accenture. All rights reserved. WHERE ARE WE NOW? Investment in innovation grows Increasingly, the online world has grown complex and threatening. Many organizations are finding it hard to reconcile the level of their cybersecurity innovation investments with the cybe

28、r resilience outcomes for their business. Even worse, choosing the wrong strategy to invest in cybersecurity technologies can cost the organization far more than wasted cash; it can damage an organizations brand, reputation, and future prosperity. Both C-suite and security professionals should feel

29、encouraged. Investment in innovation is increasing and managing the basics appears to be better. But scratch below the surface and there are hidden threats. Organizations face unsustainable costs, and security investments are often failing for the majority. With low detection rates and slow recovery

30、 times, it is important to find out what the leading organizations are doing differently to achieve cyber resilience. The good news is that most organizations, on average, spend 10.9 percent of their IT budgets on cybersecurity programs. Leaders spend slightly more at 11.2 percent which is insuffici

31、ent to account for their dramatically higher levels of performance. And their investments in advanced technologies, such as artificial intelligence, machine learning or robotic process automation, are rising substantially. Today, 84 percent of organizations spend more than 20 percent of their cybers

32、ecurity budgets on tools that use these three technologies as fundamental components. The finding represents a good step up from the 67 percent being spent three years ago. The increase is even more impressive with respect to the leaders. Three years ago, only 41 percent of leaders were spending mor

33、e than 20 percent of their cybersecurity budgets on advanced technologies. Today, that has doubled, to 82 percent (Figure 1). Figure 1. Percentage of leaders spending more than 20 percent of their IT budgets on advanced technology investments 82% 41% Now Three years ago Source: Accenture Research; n

34、=4,644 8 DIRECT ATTACKS 11% SECURITY BREACHES 27% Copyright 2020 Accenture. All rights reserved. WHERE ARE WE NOW? The basics seem better The suggestion that organizations are making progress in cybersecurity is valid. In fact, more than four out of five respondents agreed that cybersecurity tools h

35、ave advanced significantly over the past few years and are noticeably improving their organizations cyber resilience. Improvements in basic security hygiene back up this finding. Being able to accurately assess the number of cyberattacks against an organization depends on the ability of each organiz

36、ation to detect them. On the other hand, security breaches are real events and likely to be more precisely recorded. With this in mind, cybersecurity teams across industries and geographies deserve recognition for the improved levels of cybersecurity protection over the past year. For example, the t

37、otal number of cyberattacks dropped 11 percent, from 232 to 206 targeted attacks. At the same time, we have seen a larger drop of 27 percent in the number of security breaches which indicates the basics seem to be improving. On average, organizations now face 22 security breaches per year compared w

38、ith 30 in the previous year. 9 74 280 106 32 138 202 30 232 184 22 206 2017 2018 2019 Hidden attacks via ecosystem 40% of security breaches from indirect attacks Indirect attacks Security breaches Prevented attacks Copyright 2020 Accenture. All rights reserved. WHERE ARE WE NOW? Progress masks hidde

39、n threats A closer look at the sources of cyberattacks reveals 40 percent of security breaches are now indirect, as threat actors target the weak links in the supply chain or business ecosystem (Figure 2). This shift is blurring the true scale of cyberthreats. If we apply the same average number of

40、security breaches to indirect cyberattacks, the total numberboth direct and indirectcould jump to about 280, a potential increase of 20 percent over the prior year. Organizations should look beyond their four walls to protect their business ecosystems and supply chains as well. On average, cybersecu

41、rity programs actively protect only about 60 percent of an organizations business ecosystem. That is an issue when 40 percent of breaches come via this route. In such an environment, few organizations have the luxury of standing still. Fully 83 percent of our respondents agreed that their organizati

42、ons need to think beyond securing their enterprises and take steps to secure their ecosystems to be effective. Figure 2. The danger of indirect attacks Source: Accenture Research; n=4,644 10 Copyright 2020 Accenture. All rights reserved. Lock the front and back doors As we have seen earlier, as soon

43、 as one breach avenue has been foiled, attackers are quick to find other means. With the growth in indirect attacks, the spotlight falls on protecting third parties and other partners. But there are enormous challenges in managing third-party cyber risks. Large volumes of data can overwhelm the team

44、s responsible for managing compliance. The complexities of global supply chains, including the regulatory demands of various regions or countries, add to the strain. In our experience, many CISOs feel that the sizable number of vendors outstrips their capacity to monitor them. Given finite security

45、resources, there is value in a data-driven, business-focused, tiered-risk approach to secure the enterprise ecosystem. This may mean introducing managed services to help the organization tackle the wider scope and scale. By collaborating more broadly with others with the common goal of securing the enterprise and its ecosystem, organizations can not only play a responsible role in helping their smaller partners to beat cybercrime, but also they can be sure they are not bolting the front door from attackers while leaving the back door wide