A new security survey from Accenture finds that in the past twelve months, roughly one in three targeted cyberattacks on Irish companies resulted in an actual security breach, which equates to two to three effective attacks per month for the average company. Yet, the majority of Irish security executives (74 percent) surveyed say they are confident in their ability to protect their enterprises from cyberattacks.
In the report titled “Building Confidence: Facing the Cybersecurity Conundrum”, Accenture surveyed 2,000 enterprise security practitioners in 15 countries about their perceptions of cyber risks, the effectiveness of current security efforts and the adequacy of existing investments. The report included an Irish sample of 124 businesses across all sectors.
The survey reveals that the length of time taken by Irish companies to detect these security breaches often compounds the problem, as more than half of executives (52 percent) disclose that it takes months to detect sophisticated breaches, and as many as a third of all successful breaches are not discovered at all by the security team, but are instead discovered by other employees, law enforcement or externally by the media. Two fifths (40 percent) say the breaches that had the greatest impact on their company are internal i.e. attacks by malicious insiders or employee errors.
Commenting on the research, Chris Davey, Head of Cyber Security for Accenture in Ireland said: “Cyberattacks are a constant operational reality across every industry today and our survey reveals that catching criminal behaviour requires more than the best practices and perspectives of the past. The reality is that most Irish companies do not have effective technology in place to monitor for cyberattacks and are unaware of ways to better protect their business. Interestingly, companies are more likely to focus on protecting themselves from external threats, despite a significant proportion of attacks originating within the business.”
“With research indicating that one in three attempted breaches are successful, there needs to be a fundamentally different approach to security protection. It is also clear that the need for Irish organisations to take a comprehensive end-to-end approach to digital security – one that integrates cyber defence deeply into the enterprise – has never been greater,” Davey continued.
What has been done in the past is not working
Out with the old and in with the new is easier said than done, especially when it comes to embracing new technologies or cyber defence tools.
– While survey respondents say internal breaches have the greatest impact, the success of security teams to identify breach attempts is widely varied, with very little indication of ‘best in class’ – only 1% of Irish companies have identified the vast majority (81%+) of breach attempts.
– Less than one-third (31 percent) of respondents say they are confident in their ability to perform the essential activity of monitoring for breaches and fewer than a quarter (23 percent) say the same about minimising disruptions.
Getting Smarter about Security Spending
Recent high-profile cyberattacks have driven significant increases in cybersecurity awareness and spending. Yet, the sentiment among those surveyed suggests organisations will continue to pursue the same counter measures instead of investing in new and different security controls to mitigate threats.
– For example, given extra budget, 43 per cent of respondents would “double down” on their current cybersecurity spending priorities – even though those investments have not significantly deterred regular and ongoing breaches.
– These priorities include safeguarding company information (43 percent), protecting the company’s reputation (41 percent), and protecting customer data (41 percent).
– Far fewer companies would invest the extra funds in efforts that would directly affect their bottom line, such as mitigating against financial losses (14 percent) or investing in cybersecurity training (25 percent).
For more information on steps organisations can take to effectively deal with cyber threats, visit: www.accenture.com/cybersecurityreport.