Accenture: Insights on the security investments that make a difference
With cyber attacks on the rise, successful breaches per company each year has risen more than 27 percent, from an average of 102 to 130. Ransomware attacks alone have doubled in frequency, from 13 percent to 27 percent, with incidents like WannaCry and Petya affecting thousands of targets and disrupting public services and large corporations across the world.
Over the last two years, the accelerating cost of cyber crime means that it is now 23 percent more than last year and is costing organisations, on average, US $11.7 million. Whether managing incidents themselves or spending to recover from the disruption to the business and customers, organisations are investing on an unprecedented scale—but current spending priorities show that much of this is misdirected toward security capabilities that fail to deliver the greatest efficiency and effectiveness.
Organisations need to better balance investments in security technologies
Security intelligence systems (67 percent) and advanced identity and access governance (63 percent) are the top two most widely deployed enabling security technologies across the enterprise. They also deliver the highest positive value gap with organisational cost savings of US$2.8 million and US$2.4 million respectively.
Innovations are generating the highest returns on investment, yet investment in them is low. For example, two enabling security technology areas identified as “Extensive use of cyber analytics and User Behavior Analytics (UBA)” and “Automation, orchestration and machine learning” were the lowest ranked technologies for enterprise-wide deployment (32 percent and 28 percent respectively) and yet they provide the third and fourth highest cost savings for security technologies. By balancing investments from less rewarding technologies into these breakthrough innovation areas, organisations could improve the effectiveness of their security programs.
Financial services has the highest cost of cyber crime
The average annualised cost of cyber crime varies by industry segment. In this year’s study we compare cost averages for 15 different industry sectors. The cost of cyber crime for companies in financial services and utilities and energy have the highest annualised cost. In contrast, companies in life science, education and hospitality incurred a much lower cost on average.
Certain attacks are more costly based on organisational size
Smaller organisations experience a higher proportion of cyber crime costs relating to malware, Web-based attacks, phishing and social engineering attacks and stolen devices. In contrast, larger organisations experience a higher proportion of costs relating to denial of services, malicious insiders and malicious code.
Malware and Web-based attacks are the two most costly attack types. Companies spent an average of US$2.4 million and US$2 million on malware and Web-based attacks, respectively. Least costly are stolen devices, ransomware and botnets (US$865,985; US$532,914 and US$350,012, respectively).
Security intelligence systems have the biggest return on investment
At 21.5 percent, companies deploying security intelligence systems, on average, experience a substantially higher ROI than all other technology categories in this study. Also significant are the estimated ROI results for companies that utilise advanced identity and access governance and automation, orchestration and machine learning technologies (19.7 percent and 17.1 percent, respectively). The estimated average ROI for all nine categories of enabling security technologies is 14.1 percent.
To read the full study: Original source (Accenture) – click here
Brookcourt Solutions provide the strategic implementation of next generation Cyber Security and networking technologies to assure and secure your business in an advanced threat landscape.
Our clients (Fortune 500) buy from us because we manage the entire process for them. We consolidate multiple partner feeds from around the world into a single platform, then provide skilled analysts in-house to extract that data to provide timely, actionable cyber intelligence for our clients. Get in touch today: Contact us