A third of cyberattacks result in breach
Accenture survey shows startling success level of attacks, yet confidence in defence remains highPrint
4 November 2016 | 0
Over the last twelve months, one in every three targeted cyberattacks on Irish companies resulted in an actual security breach, according to a survey from Accenture.
The survey report entitled “Building Confidence: Facing the Cybersecurity Conundrum” is based on a survey of 2,000 enterprise security practitioners in 15 countries concerning their perceptions of cyberrisk, the effectiveness of current security efforts, and the adequacy of existing investments. The survey sample included 124 Irish businesses across all sectors.
Despite the worrying level of success of the attacks, the survey found the majority of Irish security executives (74%) expressed confidence in their ability to protect their enterprises from cyberattacks, which are estimated to be of the order of 120 targeted cyberattacks per organisation each year.
“Cyberattacks are a constant operational reality across every industry today and our survey reveals that catching criminal behaviour requires more than the best practices and perspectives of the past,” said Chris Davey, head of Cyber Security, Accenture Ireland. “The reality is that most Irish companies do not have effective technology in place to monitor for cyberattacks and are unaware of ways to better protect their business. Interestingly, companies are more likely to focus on protecting themselves from external threats, despite a significant proportion of attacks originating within the business.”
“With research indicating that one in three attempted breaches are successful, there needs to be a fundamentally different approach to security protection. It is also clear that the need for Irish organisations to take a comprehensive end-to-end approach to digital security — one that integrates cyber defence deeply into the enterprise — has never been greater,” said Davey.
Consistent with findings from the Verizon Data Breach Investigations Report 2016, the survey found that more than half of Irish executives (52%) admitted it took months to detect sophisticated breaches, with as many as a third of all successful breaches not being discovered by the security team, but were instead discovered by other employees, law enforcement or externally by the media. Two fifths (40%) say the breaches that had the greatest impact on their company are internal, either the actions of malicious insiders or employee errors.
Among the other findings from the survey was that less than a third (31%) of respondents said they are confident in their ability to perform the essential activity of monitoring for breaches. Less than a quarter (23%) expressed confidence about minimising disruptions.
Resourcing appears to be an issue for some security professionals as nearly half (43%) said that, given extra budget, they would increase spending one existing areas of cybersecurity spending priority, irrespective of whether those investments have been shown to have significantly deterred regular and ongoing breaches.
These spending priorities include safeguarding company information (43%), protecting the company’s reputation (41%), and protecting customer data (41%).
Far fewer companies said they would invest the extra funds in efforts that would directly affect their bottom line, such as mitigating against financial losses (14%) or investing in cybersecurity training (25%).