GAINING GROUND ON THE CYBER ATTACKER

2018 State of Cyber Resilience in Software amp Platforms

2

In February 2018 Accenture conducted a global survey on cyber resiliency with 4669 executives from companies with annual revenues of $1 billion or more including 221 respondents from Software amp Platforms companies

2

Executive summarybull Software amp Platforms companies are doing well with regards to

cybersecurity with some room left for improvement

bull Cybersecurity budget is approved by C-level and amounts to around 20 percent of Software amp Platforms companiesrsquo IT budget and continues to rise

bull Newtechnologiessuchasartificialintelligence(AI)machineordeeplearning user behavior analytics and blockchain are essential to securing the future of these organizations

bull Both internal and external focus is needed as attacks may come from outside or inside the organization and a company should protect its whole value chain including internal assets as well as their ecosystem of partners

bull Around two percent of FTEs work with security at Software amp Platforms companies versus the global average of around three percent

bull Though Software amp Platforms companies are generally highly confidentintheircybersecuritycapabilitiesandeffectiveness theyseemedsomewhatlessconfidentintheircybersecurityeffectiveness related to third-party partners and compliance

3

Introduction

The cyber-resilient business brings together the capabilities of cybersecurity business continuity and enterprise resilience It applies fluid security strategies to respond quickly to threats so it can minimize the damage and continue to operate under attack As a result the cyber-resilient business can introduce innovative offerings and business models securely strengthen customer trust and grow with confidence

Cyber attacks take many forms and have different degrees of impact The average organization is subjected to a daily deluge of hundredsmdashif not thousandsmdashof speculative attacks which are handled by mature security technologies such as firewalls For the purposes of this Accenture research we investigated targeted cyber attacks which have the potential to both penetrate network defenses and cause damage to or extract high-value assets and processes from within the organization

In 2017 Accenture Security surveyed 2000 executives to understand the extent to which organizations prioritize security how comprehensive their security plans are what security capabilities they have and their level of spend on security

Just over a year later Accenture Security undertook a similar survey this time interviewing 4669 executives representing companies with annual revenues of US$1 billion or more from 18 industries and 15 countries across North and South America Europe and Asia Pacific More than 98 percent of respondents were sole or key decision makers in cybersecurity strategy and spending for their organization In this second survey 221 executives represented Software amp Platforms companies from 14 countries with annual revenues of US$6 billion or more (see Figure 1)

FIGURE 1 221 executives represented Software amp Platforms companies from 14 countries with annual revenues of US$6 billion or more in our survey carried out in Feb 2018

US

UKAustraliaJapanFrance

Chief Information Security Officer

Chief SecurityOfficer

Chief ComplianceOfficer

Chief Risk Officer

$6ndash99B

$10ndash199B

$20ndash499B

$50B+Chief Security Architect

Corporate Security Officer

GermanyNetherlandsCanadaNorwayItalyBrazilIreland

Respondents by location Respondents by role Respondents by org revenue

21202015151110109 55 55

70

70

33

199 3

221221

87

71

58

14

221

77

SpainSingapore

4

Software amp Platforms companies doing well with some room left for improvement

We asked survey respondents to rank their performance based on a list of 33 cybersecurity capabilities across 7 domains (see Figure 2) On average Software amp Platforms companies performed high on 22 of these capabilities outperforming the global average of 19 (see Figure 3)

FIGURE 2 Respondents were asked to rate their performance on 33 cybersecurity capabilities across 7 domains

Cyber Response

Plans

Cyber Incident Escalation Plans

Stakeholder Involvement

Cyber Incident Communication

Recovery of Key Assets

WhatndashIf Analysis

Peer Situation Monitoring

Business Relevant Threat

Monitoring

Threat Vector Monitoring

Recovery Ability

Design for Resilience

Exposure Driven Design

Continuous Improvement

Threat Landscape Alignment

High-Value Assets

amp Business Processes

Physical amp Safety

Risks

Actual IT Support

Scenarios of Material

Impact

Key Protection Assumptions

High Value Assets amp Business

Processes

Business Exposure

ResilienceReadiness

InvestmentEfficiency

Governanceamp Leadership

ExtendedEcosystem

CyberResponseReadiness

StrategicThreatContext

Physical amp Safety

Risks

IT Risk Support

Cyber Attack Scenarios

Contractual Dependability

Contractual Assurance

Regulatory Compliance

Focus

Operational Cooperation

Securing Future

Architecture

Protection of Key Assets

Security in ProjectFunding

Security in Investment

Funding

Risk Analysis amp Budgeting

Cybersecurity Strategy

5

FIGURE 4 Room for improvement as companies face 2-3 security breaches per month

An attack needs to be successful only once whereas organizationsrsquo cyber resilience needs to be effective every time The ability to detect an attack has significantly improved over the last year Despite the increased pressure from targeted cybersecurity attacks more than doubling (232 on average in 2018 vs 106 in 2017 see Figure 4) organizations are demonstrating far more success in heading them off with only one in eight (or around 13 percent) of focused attacks are getting through in 2018 This is much better than the one in three (or around 30 percent_ that caused disruption to organizations just over a year ago

At the same time the number of successful attacks stagnating globally at ~30 means that on average organizations are facing 2-3 security breaches per month This raises concerns so there is more work to be done In comparison Software amp Platforms companies faced on average 251 attacks in 2018 of which 33 (or around 13 percent) were successful showing further room for improvement

Security breaches Prevented targeted attacks

2017 Global 2018 Global

32(30)

30(13)

74(70)

202(87)106

232

2018 SampP

33(13)

218(87)

251

Security breaches Prevented targeted attacks

2017 Global 2018 Global

32(30)

30(13)

74(70)

202(87)106

232

2018 SampP

33(13)

218(87)

251

FIGURE 3 Software amp Platforms companies performed high on 22 of 33 cybersecurity capabilities vs the global average of 19

Capabilities rated high performing

Capabilities NOT rated high performing

2018 Global 2018 SampP

14 11

19 22

33 33

Capabilities rated high performing

Capabilities NOT rated high performing

2018 Global 2018 SampP

14 11

19 22

33 33

6

FIGURE 5 Software amp Platforms security teams discovered on average 68 of breach attempts and get most help identifying the rest of the attempts from white hats internal employees and law enforcement

Of course security teams are not always the first to know about attacks The insidious nature of cybercrime means that there are continually evolving ways to infiltrate an organization But more collaboration is taking place for the attacks that security teams do not identify When the survey asked how Software amp Platforms companies learn about breaches undetected by their security teams 64 percent said from white hats 63 percent from their own employees and 56 percent said from law enforcement (see Figure 5) Such collaboration and threat information sharing is positive and needs to grow further as there is safety in numbers when defending against cyber attacks

Despite the rising pressure of targeted cyber attacks security teams at Software amp Platforms companies continue to identify around two-thirds or 68 percent of all breach attempts on average (see Figure 5) However this masks a divergence in performance among organizations 23 percent of respondents were in the top category ie able to identify between 76 percent and 100 percent of breach attempts while 15 percent of respondents fell into the lowest category able to identify less than half of all breach attempts So while many organizations are performing well some are clearly struggling with the increased pressure of attacks

Proportion of cyber attacks discovered by security teams

26

37

23

15Less than 50

51-65

76 or more

66-75

For breaches not detected by your security team how do you most frequently learn about them (Ranked top 3)

63

56

52

64White hatsInternally by our

employees

Externally by a peercompetitor in our industry

Law enforcement

51Externally by the media

Attacks identified by security team

Attacks NOT identified by security team

2018 SampP

32

68

251

7

Cybersecurity budget approved by C-level and on the rise

FIGURE 6 67 say their Board CEO or Executive Committee authorizes their cybersecurity budget

FIGURE 7 Software amp Platforms companies spend 20 of their IT budget on cybersecurity

Percentage of IT budget spent on security

Rest of IT budget

2018 Global 2018 SampP

81 80

19 20

Percentage of IT budget spent on security

Rest of IT budget

2018 Global 2018 SampP

81 80

19 20

Of those surveyed 67 percent say their Board CEO or Executive Committee authorizes their cybersecurity spend compared to the global average of 59 percent (see Figure 6) Consequently budget authorization rests at the highest levels of companies

This elevated status of cyber resilience within the business is helping to fuel improvements Security spending reached 20 percent of the IT budget in Software amp Platforms companies (see Figure 7)Who authorizes your cybersecurity budget

Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee

2018 Global 2018 SampP

27

12

11

36

117

32 31

96 1 11

104

Who authorizes your cybersecurity budget

Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee

2018 Global 2018 SampP

27

12

11

36

117

32 31

96 1 11

104

Who authorizes your cybersecurity budget

Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee

2018 Global 2018 SampP

27

12

11

36

117

32 31

96 1 11

104

Who authorizes your cybersecurity budget

8

FIGURE 8 43 of Software amp Platforms companies expect to increase their cybersecurity budget significantly over the next three years while only 28 claim to have done so in the past three years

FIGURE 9 With more budget security investments would be directed toward technologies and innovations over training

Given the additional budget Software amp Platforms companies would invest in breakthrough technologies 65 percent of respondents would spend it on adding innovations in cybersecurity and 58 percent would spend it on filling known gaps in cybersecurity technology but only 14 percent would spend it on end-user training (see Figure 9)

The general outlook for investment is positive with 90 percent of Software amp Platforms respondents expecting their organizationrsquos overall investment in cybersecurity to stay the same or increase in the next three years (see Figure 8) At the same time only 43 percent of them expect that increased investment to be significant (double or more)mdashhardly a fast-track to embedding security into the fabric of the organization This however is still an increase compared to the 28 percent who claim they have significantly increased their cybersecurity budget over the past three years

Past 3 years

Increased significantly (doubled or more)

Increased modestly

2018 Global 2018 SampP

65

22 28

13

62

9 1

Next 3 years

Decreased modestly

Stayed the same Decreased significantly (by half or more)

2018 Global 2018 SampP

43

48

11

31

59

9 1 7

Past 3 years

Increased significantly (doubled or more)

Increased modestly

2018 Global 2018 SampP

65

22 28

13

62

9 1

Next 3 years

Decreased modestly

Stayed the same Decreased significantly (by half or more)

2018 Global 2018 SampP

43

48

11

31

59

9 1 7

Past 3 years

Increased significantly (doubled or more)

Increased modestly

2018 Global 2018 SampP

65

22 28

13

62

9 1

Next 3 years

Decreased modestly

Stayed the same Decreased significantly (by half or more)

2018 Global 2018 SampP

43

48

11

31

59

9 1 7

If you were given more budget for sybersecurityhow would you use it

58

65

56

45

37

14

62

59

54

52

36

13

Filling known gaps in cybersecurity technology

Adding new innovations in cybersecurity

Filling security staffing gaps

Better reporting tools

End-user training

Filling known gaps in capabilities (other than

staffing amp technology)

Global 2018 SampP

If you were given more budget for cybersecurity how would you use it

9

New technologies are important for the future

The evolution of digital technologies is a double-edged sword It has been essential to organizationsrsquo success globally while increasing the risk of cyber threat 89 percent of Software amp Platforms respondents agree that the adoption of new innovative business models ecosystems liquid workforces etc can increase the attack surface and make organizations more vulnerable to the threat of cyber attacks (see Figure 10)

At the same time the digital technologies that created market disruption and spawned the next wave of successful cyber attacks are also proving to be part of the solution to tackling cybersecurity Our research shows that 90 percent of Software amp Platforms respondents believe that breakthrough technologies such as artificial intelligence (AI) machine or deep learning user behavior analytics and blockchain are essential to securing the future of their organizations (see Figure 11)

FIGURE 10 As companies adopt new innovative business models ecosystems liquid workforce etc the risk and security attack surface area increases exponentially

FIGURE 11 New technologies as AI machine deep learning user behavior analytics blockchain etc are essential to securing the future of the organization

Disagree AgreeStrongly agree

2018 Global 2018 SampP

82

18

89

11

Disagree AgreeStrongly agree

2018 Global 2018 SampP

82

18

89

11

Disagree AgreeStrongly agree

2018 Global 2018 SampP

83

17

90

10

Disagree AgreeStrongly agree

2018 Global 2018 SampP

83

17

90

10

10

FIGURE 12 Only 32 of Software amp Platforms respondents invest in Machine learning and AI today

Indeed it is breakthrough technologies that will drive the next round of cyber resiliencemdashalthough only one in three (or around 32 percent) of Software amp Platforms business leaders are already investing in areas like machine learningAI and automation as most of them instead invest in IoT security security intelligence platforms and blockchain (see Figure 12)

In which of the following newemerging technologies are you investing to evolve your security programm (multiple responses)

61

54

49

48

37

37

32

55

54

48

45

45

44

43

IoT security

Security intelligence platforms

Threat hunting

Continuous control monitoringand reporting

Managed security services

Machine learningAI

38

37

41

40

Password-less authentication

Robotic process automation (RPA)

Blockchain

Global 2018 SampP

In which of the following newemerging technologies are you investing to evolve your security program (Multiple responses)

11

Both internal and external focus needed

In terms of delivering the next wave of improvements it is easy to focus exclusively on counteracting external attacks but organizations should not neglect the enemy within When looking at the incidents security teams fail to prevent the top two attacks with the greatest impact are external attacks such as hackers and internal attacks such as malicious insiders (see Figure 13) Furthermore these two types of attacks are also the most frequent ones according to respondents This serves as a timely reminder for organizations to protect themselves from the inside out against the equally damaging threats of internal and external attacks

FIGURE 13 External attacks such as hackers and internal attacks such as malicious insiders are both the most frequent attacks and those with the greatest impact

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Most damaging breaches ranked by frequency amp impact

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Among the successful breaches please indicate which of the following causes had the greatest impact

12

FIGURE 15 41 of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their partners as to their own business

FIGURE 14 On average one-quarter of a Software amp Platforms company is not protected by a cybersecurity program

On average Software amp Platforms respondents said a cybersecurity program does not protect one-quarter (27 percent) of their organization (see Figure 14) including corporate IT and the systems in the corporate office Protection of third parties ranked lowest of all at only 36 percent

Cybersecurity performance should also extend beyond the organizationsrsquo own four walls but for many organizations they are only as good as their weakest link Subsidiary and third-party risk is top of mind especially when 41 percent of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their extended ecosystem of partners as they apply to their own business (see Figure 15)

Consequently Software amp Platforms companies must do more to put the basics of cybersecurity in place to protect their most valuable assetsmdashfrom the inside outmdashacross their entire industry value chain

Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards

Not protected Protected

2018 Global 2018 SampP

67

33

73

27

Not protected Protected

2018 Global 2018 SampP

67

33

73

27

Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards

We do not review cybersecurity standards of partners

We review cybersecurity standards of partners but do not impose any standards or requirements

We hold partners to a min standards for cybersecurity that is below our business standards and audit regularly

We hold partners to the same cybersecurity standards as our business and audit regularly

We hold partners to higher cybersecurity standards than our business

2018 Global 2018 SampP

46

16

14

18

6

37

21

15

22

5

13

FIGURE 16 Share of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE

2 of FTEs work with security at Software amp Platforms companies

Organizations rely on their internal security workforce but also supplement it with contractors and outsourced staff Software amp Platforms companies have less of their total headcount around 2 percent work with security compared to the global average of almost 3 percent At the same time Software amp Platforms companies have more employees working with ldquoSecurity Strategy and Leadershiprdquo PMO and ldquoSecurity Architecture and Engineeringrdquo On the other hand Software amp Platforms companies have fewer contractors and consultants as well as fewer outsourced FTEs than the global average (see Figure 16)

Percentage of various Internal Security FTE ContractorsConsultants and Outsoursed FTE as a percentage of Total FTE

2

073

059

088

06

075

286

073

071

07

067

066

Security FTE

Security operations

Security strategy andleadership PMO

Security architectureand engineering

Risk and compliance

033

02

057

032

Contractorsconsultants

Outsourced

Digital identity

Global 2018 SampP

Percentage of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE

14

FIGURE 17 Software amp Platforms respondents feel least confident about their organizationrsquos effectiveness when it comes to Third Party amp Compliance while they are generally confident about their cybersecurity capabilities and effectiveness

Confidence is high amongst Software amp Platforms respondents on all capabilities we asked them about For example 86 percent feel confident about their companyrsquos ability to monitor breaches 87 percent feel confident about identifying the cause of a breach and 84 percent feel confident about restoring normal activity after a breach (see Figure 17)

Although confidence is also generally high amongst respondents in their organizationrsquos cybersecurity effectiveness only 76 percent feel confident in their Third Party amp Compliance-related effectiveness (see Figure 17)

Software amp Platforms companies rate themselves the least effective in Third Party amp Compliance

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

How confident are you in the effectiveness of each of the following for your organization

15

Five steps to cyber resilienceBuild on a strong foundation harden and protect your core assets Important to identify the high-value assets of your company and then strengthen their security as Software amp Platforms companies today do not protect on average a quarter of their organization with their cybersecurity program Make sure to prepare for the worst and test those scenarios

Pressure test your resilience use coached incident simulation As the red team blue team modelmdashwhere a red team is tasked with infiltrating your security system and a blue team is tasked with detecting itmdashhas its limitations we advise using a coached incident simulation often referred to as purple teaming which also uses threat intelligence and advanced adversary simulation techniques as well as coaching

Employ breakthrough technologies automate defenses Use AI big data analytics and machine learning to enable security teams to react and respond in nano- or milliseconds not minutes hours or days Furthermore implement multi-factor authentication user behavior monitoring AI-driven access provisioning and deprovisioning

Use intelligence and data to be proactive hunt threats Use a data-driven approach and advanced threat intelligence to better anticipate potential attacks and develop a more proactive security posture for your business

Evolve the role of the CISO The next-generation CISO should be business adept and tech-savvy someone who is equally at home in the boardroom as in the security operations center

01

02

03

04

05

15

ABOUT ACCENTUREAccenture is a leading global professional services company providing a broad range of services and solutions in strategy consulting digital technology and operations Combining unmatched experience and specialized skills across more than 40 industries and all business functions ndash underpinned by the worldrsquos largest delivery network ndash Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders With 459000 people serving clients in more than 120 countries Accenture drives innovation to improve the way the world works and lives Visit us at wwwaccenturecom

Copyright copy 2018 Accenture All rights reserved

Accenture and its logo are trademarks of Accenture

For more information contact Kevin Collins kevinjcollinsaccenturecom

Paul Johnson pauldjohnsonaccenturecom

2

In February 2018 Accenture conducted a global survey on cyber resiliency with 4669 executives from companies with annual revenues of $1 billion or more including 221 respondents from Software amp Platforms companies

2

Executive summarybull Software amp Platforms companies are doing well with regards to

cybersecurity with some room left for improvement

bull Cybersecurity budget is approved by C-level and amounts to around 20 percent of Software amp Platforms companiesrsquo IT budget and continues to rise

bull Newtechnologiessuchasartificialintelligence(AI)machineordeeplearning user behavior analytics and blockchain are essential to securing the future of these organizations

bull Both internal and external focus is needed as attacks may come from outside or inside the organization and a company should protect its whole value chain including internal assets as well as their ecosystem of partners

bull Around two percent of FTEs work with security at Software amp Platforms companies versus the global average of around three percent

bull Though Software amp Platforms companies are generally highly confidentintheircybersecuritycapabilitiesandeffectiveness theyseemedsomewhatlessconfidentintheircybersecurityeffectiveness related to third-party partners and compliance

3

Introduction

The cyber-resilient business brings together the capabilities of cybersecurity business continuity and enterprise resilience It applies fluid security strategies to respond quickly to threats so it can minimize the damage and continue to operate under attack As a result the cyber-resilient business can introduce innovative offerings and business models securely strengthen customer trust and grow with confidence

Cyber attacks take many forms and have different degrees of impact The average organization is subjected to a daily deluge of hundredsmdashif not thousandsmdashof speculative attacks which are handled by mature security technologies such as firewalls For the purposes of this Accenture research we investigated targeted cyber attacks which have the potential to both penetrate network defenses and cause damage to or extract high-value assets and processes from within the organization

In 2017 Accenture Security surveyed 2000 executives to understand the extent to which organizations prioritize security how comprehensive their security plans are what security capabilities they have and their level of spend on security

Just over a year later Accenture Security undertook a similar survey this time interviewing 4669 executives representing companies with annual revenues of US$1 billion or more from 18 industries and 15 countries across North and South America Europe and Asia Pacific More than 98 percent of respondents were sole or key decision makers in cybersecurity strategy and spending for their organization In this second survey 221 executives represented Software amp Platforms companies from 14 countries with annual revenues of US$6 billion or more (see Figure 1)

FIGURE 1 221 executives represented Software amp Platforms companies from 14 countries with annual revenues of US$6 billion or more in our survey carried out in Feb 2018

US

UKAustraliaJapanFrance

Chief Information Security Officer

Chief SecurityOfficer

Chief ComplianceOfficer

Chief Risk Officer

$6ndash99B

$10ndash199B

$20ndash499B

$50B+Chief Security Architect

Corporate Security Officer

GermanyNetherlandsCanadaNorwayItalyBrazilIreland

Respondents by location Respondents by role Respondents by org revenue

21202015151110109 55 55

70

70

33

199 3

221221

87

71

58

14

221

77

SpainSingapore

4

Software amp Platforms companies doing well with some room left for improvement

We asked survey respondents to rank their performance based on a list of 33 cybersecurity capabilities across 7 domains (see Figure 2) On average Software amp Platforms companies performed high on 22 of these capabilities outperforming the global average of 19 (see Figure 3)

FIGURE 2 Respondents were asked to rate their performance on 33 cybersecurity capabilities across 7 domains

Cyber Response

Plans

Cyber Incident Escalation Plans

Stakeholder Involvement

Cyber Incident Communication

Recovery of Key Assets

WhatndashIf Analysis

Peer Situation Monitoring

Business Relevant Threat

Monitoring

Threat Vector Monitoring

Recovery Ability

Design for Resilience

Exposure Driven Design

Continuous Improvement

Threat Landscape Alignment

High-Value Assets

amp Business Processes

Physical amp Safety

Risks

Actual IT Support

Scenarios of Material

Impact

Key Protection Assumptions

High Value Assets amp Business

Processes

Business Exposure

ResilienceReadiness

InvestmentEfficiency

Governanceamp Leadership

ExtendedEcosystem

CyberResponseReadiness

StrategicThreatContext

Physical amp Safety

Risks

IT Risk Support

Cyber Attack Scenarios

Contractual Dependability

Contractual Assurance

Regulatory Compliance

Focus

Operational Cooperation

Securing Future

Architecture

Protection of Key Assets

Security in ProjectFunding

Security in Investment

Funding

Risk Analysis amp Budgeting

Cybersecurity Strategy

5

FIGURE 4 Room for improvement as companies face 2-3 security breaches per month

An attack needs to be successful only once whereas organizationsrsquo cyber resilience needs to be effective every time The ability to detect an attack has significantly improved over the last year Despite the increased pressure from targeted cybersecurity attacks more than doubling (232 on average in 2018 vs 106 in 2017 see Figure 4) organizations are demonstrating far more success in heading them off with only one in eight (or around 13 percent) of focused attacks are getting through in 2018 This is much better than the one in three (or around 30 percent_ that caused disruption to organizations just over a year ago

At the same time the number of successful attacks stagnating globally at ~30 means that on average organizations are facing 2-3 security breaches per month This raises concerns so there is more work to be done In comparison Software amp Platforms companies faced on average 251 attacks in 2018 of which 33 (or around 13 percent) were successful showing further room for improvement

Security breaches Prevented targeted attacks

2017 Global 2018 Global

32(30)

30(13)

74(70)

202(87)106

232

2018 SampP

33(13)

218(87)

251

Security breaches Prevented targeted attacks

2017 Global 2018 Global

32(30)

30(13)

74(70)

202(87)106

232

2018 SampP

33(13)

218(87)

251

FIGURE 3 Software amp Platforms companies performed high on 22 of 33 cybersecurity capabilities vs the global average of 19

Capabilities rated high performing

Capabilities NOT rated high performing

2018 Global 2018 SampP

14 11

19 22

33 33

Capabilities rated high performing

Capabilities NOT rated high performing

2018 Global 2018 SampP

14 11

19 22

33 33

6

FIGURE 5 Software amp Platforms security teams discovered on average 68 of breach attempts and get most help identifying the rest of the attempts from white hats internal employees and law enforcement

Of course security teams are not always the first to know about attacks The insidious nature of cybercrime means that there are continually evolving ways to infiltrate an organization But more collaboration is taking place for the attacks that security teams do not identify When the survey asked how Software amp Platforms companies learn about breaches undetected by their security teams 64 percent said from white hats 63 percent from their own employees and 56 percent said from law enforcement (see Figure 5) Such collaboration and threat information sharing is positive and needs to grow further as there is safety in numbers when defending against cyber attacks

Despite the rising pressure of targeted cyber attacks security teams at Software amp Platforms companies continue to identify around two-thirds or 68 percent of all breach attempts on average (see Figure 5) However this masks a divergence in performance among organizations 23 percent of respondents were in the top category ie able to identify between 76 percent and 100 percent of breach attempts while 15 percent of respondents fell into the lowest category able to identify less than half of all breach attempts So while many organizations are performing well some are clearly struggling with the increased pressure of attacks

Proportion of cyber attacks discovered by security teams

26

37

23

15Less than 50

51-65

76 or more

66-75

For breaches not detected by your security team how do you most frequently learn about them (Ranked top 3)

63

56

52

64White hatsInternally by our

employees

Externally by a peercompetitor in our industry

Law enforcement

51Externally by the media

Attacks identified by security team

Attacks NOT identified by security team

2018 SampP

32

68

251

7

Cybersecurity budget approved by C-level and on the rise

FIGURE 6 67 say their Board CEO or Executive Committee authorizes their cybersecurity budget

FIGURE 7 Software amp Platforms companies spend 20 of their IT budget on cybersecurity

Percentage of IT budget spent on security

Rest of IT budget

2018 Global 2018 SampP

81 80

19 20

Percentage of IT budget spent on security

Rest of IT budget

2018 Global 2018 SampP

81 80

19 20

Of those surveyed 67 percent say their Board CEO or Executive Committee authorizes their cybersecurity spend compared to the global average of 59 percent (see Figure 6) Consequently budget authorization rests at the highest levels of companies

This elevated status of cyber resilience within the business is helping to fuel improvements Security spending reached 20 percent of the IT budget in Software amp Platforms companies (see Figure 7)Who authorizes your cybersecurity budget

Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee

2018 Global 2018 SampP

27

12

11

36

117

32 31

96 1 11

104

Who authorizes your cybersecurity budget

Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee

2018 Global 2018 SampP

27

12

11

36

117

32 31

96 1 11

104

Who authorizes your cybersecurity budget

Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee

2018 Global 2018 SampP

27

12

11

36

117

32 31

96 1 11

104

Who authorizes your cybersecurity budget

8

FIGURE 8 43 of Software amp Platforms companies expect to increase their cybersecurity budget significantly over the next three years while only 28 claim to have done so in the past three years

FIGURE 9 With more budget security investments would be directed toward technologies and innovations over training

Given the additional budget Software amp Platforms companies would invest in breakthrough technologies 65 percent of respondents would spend it on adding innovations in cybersecurity and 58 percent would spend it on filling known gaps in cybersecurity technology but only 14 percent would spend it on end-user training (see Figure 9)

The general outlook for investment is positive with 90 percent of Software amp Platforms respondents expecting their organizationrsquos overall investment in cybersecurity to stay the same or increase in the next three years (see Figure 8) At the same time only 43 percent of them expect that increased investment to be significant (double or more)mdashhardly a fast-track to embedding security into the fabric of the organization This however is still an increase compared to the 28 percent who claim they have significantly increased their cybersecurity budget over the past three years

Past 3 years

Increased significantly (doubled or more)

Increased modestly

2018 Global 2018 SampP

65

22 28

13

62

9 1

Next 3 years

Decreased modestly

Stayed the same Decreased significantly (by half or more)

2018 Global 2018 SampP

43

48

11

31

59

9 1 7

Past 3 years

Increased significantly (doubled or more)

Increased modestly

2018 Global 2018 SampP

65

22 28

13

62

9 1

Next 3 years

Decreased modestly

Stayed the same Decreased significantly (by half or more)

2018 Global 2018 SampP

43

48

11

31

59

9 1 7

Past 3 years

Increased significantly (doubled or more)

Increased modestly

2018 Global 2018 SampP

65

22 28

13

62

9 1

Next 3 years

Decreased modestly

Stayed the same Decreased significantly (by half or more)

2018 Global 2018 SampP

43

48

11

31

59

9 1 7

If you were given more budget for sybersecurityhow would you use it

58

65

56

45

37

14

62

59

54

52

36

13

Filling known gaps in cybersecurity technology

Adding new innovations in cybersecurity

Filling security staffing gaps

Better reporting tools

End-user training

Filling known gaps in capabilities (other than

staffing amp technology)

Global 2018 SampP

If you were given more budget for cybersecurity how would you use it

9

New technologies are important for the future

The evolution of digital technologies is a double-edged sword It has been essential to organizationsrsquo success globally while increasing the risk of cyber threat 89 percent of Software amp Platforms respondents agree that the adoption of new innovative business models ecosystems liquid workforces etc can increase the attack surface and make organizations more vulnerable to the threat of cyber attacks (see Figure 10)

At the same time the digital technologies that created market disruption and spawned the next wave of successful cyber attacks are also proving to be part of the solution to tackling cybersecurity Our research shows that 90 percent of Software amp Platforms respondents believe that breakthrough technologies such as artificial intelligence (AI) machine or deep learning user behavior analytics and blockchain are essential to securing the future of their organizations (see Figure 11)

FIGURE 10 As companies adopt new innovative business models ecosystems liquid workforce etc the risk and security attack surface area increases exponentially

FIGURE 11 New technologies as AI machine deep learning user behavior analytics blockchain etc are essential to securing the future of the organization

Disagree AgreeStrongly agree

2018 Global 2018 SampP

82

18

89

11

Disagree AgreeStrongly agree

2018 Global 2018 SampP

82

18

89

11

Disagree AgreeStrongly agree

2018 Global 2018 SampP

83

17

90

10

Disagree AgreeStrongly agree

2018 Global 2018 SampP

83

17

90

10

10

FIGURE 12 Only 32 of Software amp Platforms respondents invest in Machine learning and AI today

Indeed it is breakthrough technologies that will drive the next round of cyber resiliencemdashalthough only one in three (or around 32 percent) of Software amp Platforms business leaders are already investing in areas like machine learningAI and automation as most of them instead invest in IoT security security intelligence platforms and blockchain (see Figure 12)

In which of the following newemerging technologies are you investing to evolve your security programm (multiple responses)

61

54

49

48

37

37

32

55

54

48

45

45

44

43

IoT security

Security intelligence platforms

Threat hunting

Continuous control monitoringand reporting

Managed security services

Machine learningAI

38

37

41

40

Password-less authentication

Robotic process automation (RPA)

Blockchain

Global 2018 SampP

In which of the following newemerging technologies are you investing to evolve your security program (Multiple responses)

11

Both internal and external focus needed

In terms of delivering the next wave of improvements it is easy to focus exclusively on counteracting external attacks but organizations should not neglect the enemy within When looking at the incidents security teams fail to prevent the top two attacks with the greatest impact are external attacks such as hackers and internal attacks such as malicious insiders (see Figure 13) Furthermore these two types of attacks are also the most frequent ones according to respondents This serves as a timely reminder for organizations to protect themselves from the inside out against the equally damaging threats of internal and external attacks

FIGURE 13 External attacks such as hackers and internal attacks such as malicious insiders are both the most frequent attacks and those with the greatest impact

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Most damaging breaches ranked by frequency amp impact

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Among the successful breaches please indicate which of the following causes had the greatest impact

12

FIGURE 15 41 of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their partners as to their own business

FIGURE 14 On average one-quarter of a Software amp Platforms company is not protected by a cybersecurity program

On average Software amp Platforms respondents said a cybersecurity program does not protect one-quarter (27 percent) of their organization (see Figure 14) including corporate IT and the systems in the corporate office Protection of third parties ranked lowest of all at only 36 percent

Cybersecurity performance should also extend beyond the organizationsrsquo own four walls but for many organizations they are only as good as their weakest link Subsidiary and third-party risk is top of mind especially when 41 percent of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their extended ecosystem of partners as they apply to their own business (see Figure 15)

Consequently Software amp Platforms companies must do more to put the basics of cybersecurity in place to protect their most valuable assetsmdashfrom the inside outmdashacross their entire industry value chain

Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards

Not protected Protected

2018 Global 2018 SampP

67

33

73

27

Not protected Protected

2018 Global 2018 SampP

67

33

73

27

Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards

We do not review cybersecurity standards of partners

We review cybersecurity standards of partners but do not impose any standards or requirements

We hold partners to a min standards for cybersecurity that is below our business standards and audit regularly

We hold partners to the same cybersecurity standards as our business and audit regularly

We hold partners to higher cybersecurity standards than our business

2018 Global 2018 SampP

46

16

14

18

6

37

21

15

22

5

13

FIGURE 16 Share of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE

2 of FTEs work with security at Software amp Platforms companies

Organizations rely on their internal security workforce but also supplement it with contractors and outsourced staff Software amp Platforms companies have less of their total headcount around 2 percent work with security compared to the global average of almost 3 percent At the same time Software amp Platforms companies have more employees working with ldquoSecurity Strategy and Leadershiprdquo PMO and ldquoSecurity Architecture and Engineeringrdquo On the other hand Software amp Platforms companies have fewer contractors and consultants as well as fewer outsourced FTEs than the global average (see Figure 16)

Percentage of various Internal Security FTE ContractorsConsultants and Outsoursed FTE as a percentage of Total FTE

2

073

059

088

06

075

286

073

071

07

067

066

Security FTE

Security operations

Security strategy andleadership PMO

Security architectureand engineering

Risk and compliance

033

02

057

032

Contractorsconsultants

Outsourced

Digital identity

Global 2018 SampP

Percentage of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE

14

FIGURE 17 Software amp Platforms respondents feel least confident about their organizationrsquos effectiveness when it comes to Third Party amp Compliance while they are generally confident about their cybersecurity capabilities and effectiveness

Confidence is high amongst Software amp Platforms respondents on all capabilities we asked them about For example 86 percent feel confident about their companyrsquos ability to monitor breaches 87 percent feel confident about identifying the cause of a breach and 84 percent feel confident about restoring normal activity after a breach (see Figure 17)

Although confidence is also generally high amongst respondents in their organizationrsquos cybersecurity effectiveness only 76 percent feel confident in their Third Party amp Compliance-related effectiveness (see Figure 17)

Software amp Platforms companies rate themselves the least effective in Third Party amp Compliance

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

How confident are you in the effectiveness of each of the following for your organization

15

Five steps to cyber resilienceBuild on a strong foundation harden and protect your core assets Important to identify the high-value assets of your company and then strengthen their security as Software amp Platforms companies today do not protect on average a quarter of their organization with their cybersecurity program Make sure to prepare for the worst and test those scenarios

Pressure test your resilience use coached incident simulation As the red team blue team modelmdashwhere a red team is tasked with infiltrating your security system and a blue team is tasked with detecting itmdashhas its limitations we advise using a coached incident simulation often referred to as purple teaming which also uses threat intelligence and advanced adversary simulation techniques as well as coaching

Employ breakthrough technologies automate defenses Use AI big data analytics and machine learning to enable security teams to react and respond in nano- or milliseconds not minutes hours or days Furthermore implement multi-factor authentication user behavior monitoring AI-driven access provisioning and deprovisioning

Use intelligence and data to be proactive hunt threats Use a data-driven approach and advanced threat intelligence to better anticipate potential attacks and develop a more proactive security posture for your business

Evolve the role of the CISO The next-generation CISO should be business adept and tech-savvy someone who is equally at home in the boardroom as in the security operations center

01

02

03

04

05

15

ABOUT ACCENTUREAccenture is a leading global professional services company providing a broad range of services and solutions in strategy consulting digital technology and operations Combining unmatched experience and specialized skills across more than 40 industries and all business functions ndash underpinned by the worldrsquos largest delivery network ndash Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders With 459000 people serving clients in more than 120 countries Accenture drives innovation to improve the way the world works and lives Visit us at wwwaccenturecom

Copyright copy 2018 Accenture All rights reserved

Accenture and its logo are trademarks of Accenture

For more information contact Kevin Collins kevinjcollinsaccenturecom

Paul Johnson pauldjohnsonaccenturecom

3

Introduction

The cyber-resilient business brings together the capabilities of cybersecurity business continuity and enterprise resilience It applies fluid security strategies to respond quickly to threats so it can minimize the damage and continue to operate under attack As a result the cyber-resilient business can introduce innovative offerings and business models securely strengthen customer trust and grow with confidence

Cyber attacks take many forms and have different degrees of impact The average organization is subjected to a daily deluge of hundredsmdashif not thousandsmdashof speculative attacks which are handled by mature security technologies such as firewalls For the purposes of this Accenture research we investigated targeted cyber attacks which have the potential to both penetrate network defenses and cause damage to or extract high-value assets and processes from within the organization

In 2017 Accenture Security surveyed 2000 executives to understand the extent to which organizations prioritize security how comprehensive their security plans are what security capabilities they have and their level of spend on security

Just over a year later Accenture Security undertook a similar survey this time interviewing 4669 executives representing companies with annual revenues of US$1 billion or more from 18 industries and 15 countries across North and South America Europe and Asia Pacific More than 98 percent of respondents were sole or key decision makers in cybersecurity strategy and spending for their organization In this second survey 221 executives represented Software amp Platforms companies from 14 countries with annual revenues of US$6 billion or more (see Figure 1)

FIGURE 1 221 executives represented Software amp Platforms companies from 14 countries with annual revenues of US$6 billion or more in our survey carried out in Feb 2018

US

UKAustraliaJapanFrance

Chief Information Security Officer

Chief SecurityOfficer

Chief ComplianceOfficer

Chief Risk Officer

$6ndash99B

$10ndash199B

$20ndash499B

$50B+Chief Security Architect

Corporate Security Officer

GermanyNetherlandsCanadaNorwayItalyBrazilIreland

Respondents by location Respondents by role Respondents by org revenue

21202015151110109 55 55

70

70

33

199 3

221221

87

71

58

14

221

77

SpainSingapore

4

Software amp Platforms companies doing well with some room left for improvement

We asked survey respondents to rank their performance based on a list of 33 cybersecurity capabilities across 7 domains (see Figure 2) On average Software amp Platforms companies performed high on 22 of these capabilities outperforming the global average of 19 (see Figure 3)

FIGURE 2 Respondents were asked to rate their performance on 33 cybersecurity capabilities across 7 domains

Cyber Response

Plans

Cyber Incident Escalation Plans

Stakeholder Involvement

Cyber Incident Communication

Recovery of Key Assets

WhatndashIf Analysis

Peer Situation Monitoring

Business Relevant Threat

Monitoring

Threat Vector Monitoring

Recovery Ability

Design for Resilience

Exposure Driven Design

Continuous Improvement

Threat Landscape Alignment

High-Value Assets

amp Business Processes

Physical amp Safety

Risks

Actual IT Support

Scenarios of Material

Impact

Key Protection Assumptions

High Value Assets amp Business

Processes

Business Exposure

ResilienceReadiness

InvestmentEfficiency

Governanceamp Leadership

ExtendedEcosystem

CyberResponseReadiness

StrategicThreatContext

Physical amp Safety

Risks

IT Risk Support

Cyber Attack Scenarios

Contractual Dependability

Contractual Assurance

Regulatory Compliance

Focus

Operational Cooperation

Securing Future

Architecture

Protection of Key Assets

Security in ProjectFunding

Security in Investment

Funding

Risk Analysis amp Budgeting

Cybersecurity Strategy

5

FIGURE 4 Room for improvement as companies face 2-3 security breaches per month

An attack needs to be successful only once whereas organizationsrsquo cyber resilience needs to be effective every time The ability to detect an attack has significantly improved over the last year Despite the increased pressure from targeted cybersecurity attacks more than doubling (232 on average in 2018 vs 106 in 2017 see Figure 4) organizations are demonstrating far more success in heading them off with only one in eight (or around 13 percent) of focused attacks are getting through in 2018 This is much better than the one in three (or around 30 percent_ that caused disruption to organizations just over a year ago

At the same time the number of successful attacks stagnating globally at ~30 means that on average organizations are facing 2-3 security breaches per month This raises concerns so there is more work to be done In comparison Software amp Platforms companies faced on average 251 attacks in 2018 of which 33 (or around 13 percent) were successful showing further room for improvement

Security breaches Prevented targeted attacks

2017 Global 2018 Global

32(30)

30(13)

74(70)

202(87)106

232

2018 SampP

33(13)

218(87)

251

Security breaches Prevented targeted attacks

2017 Global 2018 Global

32(30)

30(13)

74(70)

202(87)106

232

2018 SampP

33(13)

218(87)

251

FIGURE 3 Software amp Platforms companies performed high on 22 of 33 cybersecurity capabilities vs the global average of 19

Capabilities rated high performing

Capabilities NOT rated high performing

2018 Global 2018 SampP

14 11

19 22

33 33

Capabilities rated high performing

Capabilities NOT rated high performing

2018 Global 2018 SampP

14 11

19 22

33 33

6

FIGURE 5 Software amp Platforms security teams discovered on average 68 of breach attempts and get most help identifying the rest of the attempts from white hats internal employees and law enforcement

Of course security teams are not always the first to know about attacks The insidious nature of cybercrime means that there are continually evolving ways to infiltrate an organization But more collaboration is taking place for the attacks that security teams do not identify When the survey asked how Software amp Platforms companies learn about breaches undetected by their security teams 64 percent said from white hats 63 percent from their own employees and 56 percent said from law enforcement (see Figure 5) Such collaboration and threat information sharing is positive and needs to grow further as there is safety in numbers when defending against cyber attacks

Despite the rising pressure of targeted cyber attacks security teams at Software amp Platforms companies continue to identify around two-thirds or 68 percent of all breach attempts on average (see Figure 5) However this masks a divergence in performance among organizations 23 percent of respondents were in the top category ie able to identify between 76 percent and 100 percent of breach attempts while 15 percent of respondents fell into the lowest category able to identify less than half of all breach attempts So while many organizations are performing well some are clearly struggling with the increased pressure of attacks

Proportion of cyber attacks discovered by security teams

26

37

23

15Less than 50

51-65

76 or more

66-75

For breaches not detected by your security team how do you most frequently learn about them (Ranked top 3)

63

56

52

64White hatsInternally by our

employees

Externally by a peercompetitor in our industry

Law enforcement

51Externally by the media

Attacks identified by security team

Attacks NOT identified by security team

2018 SampP

32

68

251

7

Cybersecurity budget approved by C-level and on the rise

FIGURE 6 67 say their Board CEO or Executive Committee authorizes their cybersecurity budget

FIGURE 7 Software amp Platforms companies spend 20 of their IT budget on cybersecurity

Percentage of IT budget spent on security

Rest of IT budget

2018 Global 2018 SampP

81 80

19 20

Percentage of IT budget spent on security

Rest of IT budget

2018 Global 2018 SampP

81 80

19 20

Of those surveyed 67 percent say their Board CEO or Executive Committee authorizes their cybersecurity spend compared to the global average of 59 percent (see Figure 6) Consequently budget authorization rests at the highest levels of companies

This elevated status of cyber resilience within the business is helping to fuel improvements Security spending reached 20 percent of the IT budget in Software amp Platforms companies (see Figure 7)Who authorizes your cybersecurity budget

Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee

2018 Global 2018 SampP

27

12

11

36

117

32 31

96 1 11

104

Who authorizes your cybersecurity budget

Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee

2018 Global 2018 SampP

27

12

11

36

117

32 31

96 1 11

104

Who authorizes your cybersecurity budget

Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee

2018 Global 2018 SampP

27

12

11

36

117

32 31

96 1 11

104

Who authorizes your cybersecurity budget

8

FIGURE 8 43 of Software amp Platforms companies expect to increase their cybersecurity budget significantly over the next three years while only 28 claim to have done so in the past three years

FIGURE 9 With more budget security investments would be directed toward technologies and innovations over training

Given the additional budget Software amp Platforms companies would invest in breakthrough technologies 65 percent of respondents would spend it on adding innovations in cybersecurity and 58 percent would spend it on filling known gaps in cybersecurity technology but only 14 percent would spend it on end-user training (see Figure 9)

The general outlook for investment is positive with 90 percent of Software amp Platforms respondents expecting their organizationrsquos overall investment in cybersecurity to stay the same or increase in the next three years (see Figure 8) At the same time only 43 percent of them expect that increased investment to be significant (double or more)mdashhardly a fast-track to embedding security into the fabric of the organization This however is still an increase compared to the 28 percent who claim they have significantly increased their cybersecurity budget over the past three years

Past 3 years

Increased significantly (doubled or more)

Increased modestly

2018 Global 2018 SampP

65

22 28

13

62

9 1

Next 3 years

Decreased modestly

Stayed the same Decreased significantly (by half or more)

2018 Global 2018 SampP

43

48

11

31

59

9 1 7

Past 3 years

Increased significantly (doubled or more)

Increased modestly

2018 Global 2018 SampP

65

22 28

13

62

9 1

Next 3 years

Decreased modestly

Stayed the same Decreased significantly (by half or more)

2018 Global 2018 SampP

43

48

11

31

59

9 1 7

Past 3 years

Increased significantly (doubled or more)

Increased modestly

2018 Global 2018 SampP

65

22 28

13

62

9 1

Next 3 years

Decreased modestly

Stayed the same Decreased significantly (by half or more)

2018 Global 2018 SampP

43

48

11

31

59

9 1 7

If you were given more budget for sybersecurityhow would you use it

58

65

56

45

37

14

62

59

54

52

36

13

Filling known gaps in cybersecurity technology

Adding new innovations in cybersecurity

Filling security staffing gaps

Better reporting tools

End-user training

Filling known gaps in capabilities (other than

staffing amp technology)

Global 2018 SampP

If you were given more budget for cybersecurity how would you use it

9

New technologies are important for the future

The evolution of digital technologies is a double-edged sword It has been essential to organizationsrsquo success globally while increasing the risk of cyber threat 89 percent of Software amp Platforms respondents agree that the adoption of new innovative business models ecosystems liquid workforces etc can increase the attack surface and make organizations more vulnerable to the threat of cyber attacks (see Figure 10)

At the same time the digital technologies that created market disruption and spawned the next wave of successful cyber attacks are also proving to be part of the solution to tackling cybersecurity Our research shows that 90 percent of Software amp Platforms respondents believe that breakthrough technologies such as artificial intelligence (AI) machine or deep learning user behavior analytics and blockchain are essential to securing the future of their organizations (see Figure 11)

FIGURE 10 As companies adopt new innovative business models ecosystems liquid workforce etc the risk and security attack surface area increases exponentially

FIGURE 11 New technologies as AI machine deep learning user behavior analytics blockchain etc are essential to securing the future of the organization

Disagree AgreeStrongly agree

2018 Global 2018 SampP

82

18

89

11

Disagree AgreeStrongly agree

2018 Global 2018 SampP

82

18

89

11

Disagree AgreeStrongly agree

2018 Global 2018 SampP

83

17

90

10

Disagree AgreeStrongly agree

2018 Global 2018 SampP

83

17

90

10

10

FIGURE 12 Only 32 of Software amp Platforms respondents invest in Machine learning and AI today

Indeed it is breakthrough technologies that will drive the next round of cyber resiliencemdashalthough only one in three (or around 32 percent) of Software amp Platforms business leaders are already investing in areas like machine learningAI and automation as most of them instead invest in IoT security security intelligence platforms and blockchain (see Figure 12)

In which of the following newemerging technologies are you investing to evolve your security programm (multiple responses)

61

54

49

48

37

37

32

55

54

48

45

45

44

43

IoT security

Security intelligence platforms

Threat hunting

Continuous control monitoringand reporting

Managed security services

Machine learningAI

38

37

41

40

Password-less authentication

Robotic process automation (RPA)

Blockchain

Global 2018 SampP

In which of the following newemerging technologies are you investing to evolve your security program (Multiple responses)

11

Both internal and external focus needed

In terms of delivering the next wave of improvements it is easy to focus exclusively on counteracting external attacks but organizations should not neglect the enemy within When looking at the incidents security teams fail to prevent the top two attacks with the greatest impact are external attacks such as hackers and internal attacks such as malicious insiders (see Figure 13) Furthermore these two types of attacks are also the most frequent ones according to respondents This serves as a timely reminder for organizations to protect themselves from the inside out against the equally damaging threats of internal and external attacks

FIGURE 13 External attacks such as hackers and internal attacks such as malicious insiders are both the most frequent attacks and those with the greatest impact

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Most damaging breaches ranked by frequency amp impact

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Among the successful breaches please indicate which of the following causes had the greatest impact

12

FIGURE 15 41 of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their partners as to their own business

FIGURE 14 On average one-quarter of a Software amp Platforms company is not protected by a cybersecurity program

On average Software amp Platforms respondents said a cybersecurity program does not protect one-quarter (27 percent) of their organization (see Figure 14) including corporate IT and the systems in the corporate office Protection of third parties ranked lowest of all at only 36 percent

Cybersecurity performance should also extend beyond the organizationsrsquo own four walls but for many organizations they are only as good as their weakest link Subsidiary and third-party risk is top of mind especially when 41 percent of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their extended ecosystem of partners as they apply to their own business (see Figure 15)

Consequently Software amp Platforms companies must do more to put the basics of cybersecurity in place to protect their most valuable assetsmdashfrom the inside outmdashacross their entire industry value chain

Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards

Not protected Protected

2018 Global 2018 SampP

67

33

73

27

Not protected Protected

2018 Global 2018 SampP

67

33

73

27

Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards

We do not review cybersecurity standards of partners

We review cybersecurity standards of partners but do not impose any standards or requirements

We hold partners to a min standards for cybersecurity that is below our business standards and audit regularly

We hold partners to the same cybersecurity standards as our business and audit regularly

We hold partners to higher cybersecurity standards than our business

2018 Global 2018 SampP

46

16

14

18

6

37

21

15

22

5

13

FIGURE 16 Share of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE

2 of FTEs work with security at Software amp Platforms companies

Organizations rely on their internal security workforce but also supplement it with contractors and outsourced staff Software amp Platforms companies have less of their total headcount around 2 percent work with security compared to the global average of almost 3 percent At the same time Software amp Platforms companies have more employees working with ldquoSecurity Strategy and Leadershiprdquo PMO and ldquoSecurity Architecture and Engineeringrdquo On the other hand Software amp Platforms companies have fewer contractors and consultants as well as fewer outsourced FTEs than the global average (see Figure 16)

Percentage of various Internal Security FTE ContractorsConsultants and Outsoursed FTE as a percentage of Total FTE

2

073

059

088

06

075

286

073

071

07

067

066

Security FTE

Security operations

Security strategy andleadership PMO

Security architectureand engineering

Risk and compliance

033

02

057

032

Contractorsconsultants

Outsourced

Digital identity

Global 2018 SampP

Percentage of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE

14

FIGURE 17 Software amp Platforms respondents feel least confident about their organizationrsquos effectiveness when it comes to Third Party amp Compliance while they are generally confident about their cybersecurity capabilities and effectiveness

Confidence is high amongst Software amp Platforms respondents on all capabilities we asked them about For example 86 percent feel confident about their companyrsquos ability to monitor breaches 87 percent feel confident about identifying the cause of a breach and 84 percent feel confident about restoring normal activity after a breach (see Figure 17)

Although confidence is also generally high amongst respondents in their organizationrsquos cybersecurity effectiveness only 76 percent feel confident in their Third Party amp Compliance-related effectiveness (see Figure 17)

Software amp Platforms companies rate themselves the least effective in Third Party amp Compliance

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

How confident are you in the effectiveness of each of the following for your organization

15

Five steps to cyber resilienceBuild on a strong foundation harden and protect your core assets Important to identify the high-value assets of your company and then strengthen their security as Software amp Platforms companies today do not protect on average a quarter of their organization with their cybersecurity program Make sure to prepare for the worst and test those scenarios

Pressure test your resilience use coached incident simulation As the red team blue team modelmdashwhere a red team is tasked with infiltrating your security system and a blue team is tasked with detecting itmdashhas its limitations we advise using a coached incident simulation often referred to as purple teaming which also uses threat intelligence and advanced adversary simulation techniques as well as coaching

Employ breakthrough technologies automate defenses Use AI big data analytics and machine learning to enable security teams to react and respond in nano- or milliseconds not minutes hours or days Furthermore implement multi-factor authentication user behavior monitoring AI-driven access provisioning and deprovisioning

Use intelligence and data to be proactive hunt threats Use a data-driven approach and advanced threat intelligence to better anticipate potential attacks and develop a more proactive security posture for your business

Evolve the role of the CISO The next-generation CISO should be business adept and tech-savvy someone who is equally at home in the boardroom as in the security operations center

01

02

03

04

05

15

ABOUT ACCENTUREAccenture is a leading global professional services company providing a broad range of services and solutions in strategy consulting digital technology and operations Combining unmatched experience and specialized skills across more than 40 industries and all business functions ndash underpinned by the worldrsquos largest delivery network ndash Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders With 459000 people serving clients in more than 120 countries Accenture drives innovation to improve the way the world works and lives Visit us at wwwaccenturecom

Copyright copy 2018 Accenture All rights reserved

Accenture and its logo are trademarks of Accenture

For more information contact Kevin Collins kevinjcollinsaccenturecom

Paul Johnson pauldjohnsonaccenturecom

4

Software amp Platforms companies doing well with some room left for improvement

We asked survey respondents to rank their performance based on a list of 33 cybersecurity capabilities across 7 domains (see Figure 2) On average Software amp Platforms companies performed high on 22 of these capabilities outperforming the global average of 19 (see Figure 3)

FIGURE 2 Respondents were asked to rate their performance on 33 cybersecurity capabilities across 7 domains

Cyber Response

Plans

Cyber Incident Escalation Plans

Stakeholder Involvement

Cyber Incident Communication

Recovery of Key Assets

WhatndashIf Analysis

Peer Situation Monitoring

Business Relevant Threat

Monitoring

Threat Vector Monitoring

Recovery Ability

Design for Resilience

Exposure Driven Design

Continuous Improvement

Threat Landscape Alignment

High-Value Assets

amp Business Processes

Physical amp Safety

Risks

Actual IT Support

Scenarios of Material

Impact

Key Protection Assumptions

High Value Assets amp Business

Processes

Business Exposure

ResilienceReadiness

InvestmentEfficiency

Governanceamp Leadership

ExtendedEcosystem

CyberResponseReadiness

StrategicThreatContext

Physical amp Safety

Risks

IT Risk Support

Cyber Attack Scenarios

Contractual Dependability

Contractual Assurance

Regulatory Compliance

Focus

Operational Cooperation

Securing Future

Architecture

Protection of Key Assets

Security in ProjectFunding

Security in Investment

Funding

Risk Analysis amp Budgeting

Cybersecurity Strategy

5

FIGURE 4 Room for improvement as companies face 2-3 security breaches per month

An attack needs to be successful only once whereas organizationsrsquo cyber resilience needs to be effective every time The ability to detect an attack has significantly improved over the last year Despite the increased pressure from targeted cybersecurity attacks more than doubling (232 on average in 2018 vs 106 in 2017 see Figure 4) organizations are demonstrating far more success in heading them off with only one in eight (or around 13 percent) of focused attacks are getting through in 2018 This is much better than the one in three (or around 30 percent_ that caused disruption to organizations just over a year ago

At the same time the number of successful attacks stagnating globally at ~30 means that on average organizations are facing 2-3 security breaches per month This raises concerns so there is more work to be done In comparison Software amp Platforms companies faced on average 251 attacks in 2018 of which 33 (or around 13 percent) were successful showing further room for improvement

Security breaches Prevented targeted attacks

2017 Global 2018 Global

32(30)

30(13)

74(70)

202(87)106

232

2018 SampP

33(13)

218(87)

251

Security breaches Prevented targeted attacks

2017 Global 2018 Global

32(30)

30(13)

74(70)

202(87)106

232

2018 SampP

33(13)

218(87)

251

FIGURE 3 Software amp Platforms companies performed high on 22 of 33 cybersecurity capabilities vs the global average of 19

Capabilities rated high performing

Capabilities NOT rated high performing

2018 Global 2018 SampP

14 11

19 22

33 33

Capabilities rated high performing

Capabilities NOT rated high performing

2018 Global 2018 SampP

14 11

19 22

33 33

6

FIGURE 5 Software amp Platforms security teams discovered on average 68 of breach attempts and get most help identifying the rest of the attempts from white hats internal employees and law enforcement

Of course security teams are not always the first to know about attacks The insidious nature of cybercrime means that there are continually evolving ways to infiltrate an organization But more collaboration is taking place for the attacks that security teams do not identify When the survey asked how Software amp Platforms companies learn about breaches undetected by their security teams 64 percent said from white hats 63 percent from their own employees and 56 percent said from law enforcement (see Figure 5) Such collaboration and threat information sharing is positive and needs to grow further as there is safety in numbers when defending against cyber attacks

Despite the rising pressure of targeted cyber attacks security teams at Software amp Platforms companies continue to identify around two-thirds or 68 percent of all breach attempts on average (see Figure 5) However this masks a divergence in performance among organizations 23 percent of respondents were in the top category ie able to identify between 76 percent and 100 percent of breach attempts while 15 percent of respondents fell into the lowest category able to identify less than half of all breach attempts So while many organizations are performing well some are clearly struggling with the increased pressure of attacks

Proportion of cyber attacks discovered by security teams

26

37

23

15Less than 50

51-65

76 or more

66-75

For breaches not detected by your security team how do you most frequently learn about them (Ranked top 3)

63

56

52

64White hatsInternally by our

employees

Externally by a peercompetitor in our industry

Law enforcement

51Externally by the media

Attacks identified by security team

Attacks NOT identified by security team

2018 SampP

32

68

251

7

Cybersecurity budget approved by C-level and on the rise

FIGURE 6 67 say their Board CEO or Executive Committee authorizes their cybersecurity budget

FIGURE 7 Software amp Platforms companies spend 20 of their IT budget on cybersecurity

Percentage of IT budget spent on security

Rest of IT budget

2018 Global 2018 SampP

81 80

19 20

Percentage of IT budget spent on security

Rest of IT budget

2018 Global 2018 SampP

81 80

19 20

Of those surveyed 67 percent say their Board CEO or Executive Committee authorizes their cybersecurity spend compared to the global average of 59 percent (see Figure 6) Consequently budget authorization rests at the highest levels of companies

This elevated status of cyber resilience within the business is helping to fuel improvements Security spending reached 20 percent of the IT budget in Software amp Platforms companies (see Figure 7)Who authorizes your cybersecurity budget

Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee

2018 Global 2018 SampP

27

12

11

36

117

32 31

96 1 11

104

Who authorizes your cybersecurity budget

Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee

2018 Global 2018 SampP

27

12

11

36

117

32 31

96 1 11

104

Who authorizes your cybersecurity budget

Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee

2018 Global 2018 SampP

27

12

11

36

117

32 31

96 1 11

104

Who authorizes your cybersecurity budget

8

FIGURE 8 43 of Software amp Platforms companies expect to increase their cybersecurity budget significantly over the next three years while only 28 claim to have done so in the past three years

FIGURE 9 With more budget security investments would be directed toward technologies and innovations over training

Given the additional budget Software amp Platforms companies would invest in breakthrough technologies 65 percent of respondents would spend it on adding innovations in cybersecurity and 58 percent would spend it on filling known gaps in cybersecurity technology but only 14 percent would spend it on end-user training (see Figure 9)

The general outlook for investment is positive with 90 percent of Software amp Platforms respondents expecting their organizationrsquos overall investment in cybersecurity to stay the same or increase in the next three years (see Figure 8) At the same time only 43 percent of them expect that increased investment to be significant (double or more)mdashhardly a fast-track to embedding security into the fabric of the organization This however is still an increase compared to the 28 percent who claim they have significantly increased their cybersecurity budget over the past three years

Past 3 years

Increased significantly (doubled or more)

Increased modestly

2018 Global 2018 SampP

65

22 28

13

62

9 1

Next 3 years

Decreased modestly

Stayed the same Decreased significantly (by half or more)

2018 Global 2018 SampP

43

48

11

31

59

9 1 7

Past 3 years

Increased significantly (doubled or more)

Increased modestly

2018 Global 2018 SampP

65

22 28

13

62

9 1

Next 3 years

Decreased modestly

Stayed the same Decreased significantly (by half or more)

2018 Global 2018 SampP

43

48

11

31

59

9 1 7

Past 3 years

Increased significantly (doubled or more)

Increased modestly

2018 Global 2018 SampP

65

22 28

13

62

9 1

Next 3 years

Decreased modestly

Stayed the same Decreased significantly (by half or more)

2018 Global 2018 SampP

43

48

11

31

59

9 1 7

If you were given more budget for sybersecurityhow would you use it

58

65

56

45

37

14

62

59

54

52

36

13

Filling known gaps in cybersecurity technology

Adding new innovations in cybersecurity

Filling security staffing gaps

Better reporting tools

End-user training

Filling known gaps in capabilities (other than

staffing amp technology)

Global 2018 SampP

If you were given more budget for cybersecurity how would you use it

9

New technologies are important for the future

The evolution of digital technologies is a double-edged sword It has been essential to organizationsrsquo success globally while increasing the risk of cyber threat 89 percent of Software amp Platforms respondents agree that the adoption of new innovative business models ecosystems liquid workforces etc can increase the attack surface and make organizations more vulnerable to the threat of cyber attacks (see Figure 10)

At the same time the digital technologies that created market disruption and spawned the next wave of successful cyber attacks are also proving to be part of the solution to tackling cybersecurity Our research shows that 90 percent of Software amp Platforms respondents believe that breakthrough technologies such as artificial intelligence (AI) machine or deep learning user behavior analytics and blockchain are essential to securing the future of their organizations (see Figure 11)

FIGURE 10 As companies adopt new innovative business models ecosystems liquid workforce etc the risk and security attack surface area increases exponentially

FIGURE 11 New technologies as AI machine deep learning user behavior analytics blockchain etc are essential to securing the future of the organization

Disagree AgreeStrongly agree

2018 Global 2018 SampP

82

18

89

11

Disagree AgreeStrongly agree

2018 Global 2018 SampP

82

18

89

11

Disagree AgreeStrongly agree

2018 Global 2018 SampP

83

17

90

10

Disagree AgreeStrongly agree

2018 Global 2018 SampP

83

17

90

10

10

FIGURE 12 Only 32 of Software amp Platforms respondents invest in Machine learning and AI today

Indeed it is breakthrough technologies that will drive the next round of cyber resiliencemdashalthough only one in three (or around 32 percent) of Software amp Platforms business leaders are already investing in areas like machine learningAI and automation as most of them instead invest in IoT security security intelligence platforms and blockchain (see Figure 12)

In which of the following newemerging technologies are you investing to evolve your security programm (multiple responses)

61

54

49

48

37

37

32

55

54

48

45

45

44

43

IoT security

Security intelligence platforms

Threat hunting

Continuous control monitoringand reporting

Managed security services

Machine learningAI

38

37

41

40

Password-less authentication

Robotic process automation (RPA)

Blockchain

Global 2018 SampP

In which of the following newemerging technologies are you investing to evolve your security program (Multiple responses)

11

Both internal and external focus needed

In terms of delivering the next wave of improvements it is easy to focus exclusively on counteracting external attacks but organizations should not neglect the enemy within When looking at the incidents security teams fail to prevent the top two attacks with the greatest impact are external attacks such as hackers and internal attacks such as malicious insiders (see Figure 13) Furthermore these two types of attacks are also the most frequent ones according to respondents This serves as a timely reminder for organizations to protect themselves from the inside out against the equally damaging threats of internal and external attacks

FIGURE 13 External attacks such as hackers and internal attacks such as malicious insiders are both the most frequent attacks and those with the greatest impact

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Most damaging breaches ranked by frequency amp impact

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Among the successful breaches please indicate which of the following causes had the greatest impact

12

FIGURE 15 41 of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their partners as to their own business

FIGURE 14 On average one-quarter of a Software amp Platforms company is not protected by a cybersecurity program

On average Software amp Platforms respondents said a cybersecurity program does not protect one-quarter (27 percent) of their organization (see Figure 14) including corporate IT and the systems in the corporate office Protection of third parties ranked lowest of all at only 36 percent

Cybersecurity performance should also extend beyond the organizationsrsquo own four walls but for many organizations they are only as good as their weakest link Subsidiary and third-party risk is top of mind especially when 41 percent of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their extended ecosystem of partners as they apply to their own business (see Figure 15)

Consequently Software amp Platforms companies must do more to put the basics of cybersecurity in place to protect their most valuable assetsmdashfrom the inside outmdashacross their entire industry value chain

Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards

Not protected Protected

2018 Global 2018 SampP

67

33

73

27

Not protected Protected

2018 Global 2018 SampP

67

33

73

27

Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards

We do not review cybersecurity standards of partners

We review cybersecurity standards of partners but do not impose any standards or requirements

We hold partners to a min standards for cybersecurity that is below our business standards and audit regularly

We hold partners to the same cybersecurity standards as our business and audit regularly

We hold partners to higher cybersecurity standards than our business

2018 Global 2018 SampP

46

16

14

18

6

37

21

15

22

5

13

FIGURE 16 Share of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE

2 of FTEs work with security at Software amp Platforms companies

Organizations rely on their internal security workforce but also supplement it with contractors and outsourced staff Software amp Platforms companies have less of their total headcount around 2 percent work with security compared to the global average of almost 3 percent At the same time Software amp Platforms companies have more employees working with ldquoSecurity Strategy and Leadershiprdquo PMO and ldquoSecurity Architecture and Engineeringrdquo On the other hand Software amp Platforms companies have fewer contractors and consultants as well as fewer outsourced FTEs than the global average (see Figure 16)

Percentage of various Internal Security FTE ContractorsConsultants and Outsoursed FTE as a percentage of Total FTE

2

073

059

088

06

075

286

073

071

07

067

066

Security FTE

Security operations

Security strategy andleadership PMO

Security architectureand engineering

Risk and compliance

033

02

057

032

Contractorsconsultants

Outsourced

Digital identity

Global 2018 SampP

Percentage of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE

14

FIGURE 17 Software amp Platforms respondents feel least confident about their organizationrsquos effectiveness when it comes to Third Party amp Compliance while they are generally confident about their cybersecurity capabilities and effectiveness

Confidence is high amongst Software amp Platforms respondents on all capabilities we asked them about For example 86 percent feel confident about their companyrsquos ability to monitor breaches 87 percent feel confident about identifying the cause of a breach and 84 percent feel confident about restoring normal activity after a breach (see Figure 17)

Although confidence is also generally high amongst respondents in their organizationrsquos cybersecurity effectiveness only 76 percent feel confident in their Third Party amp Compliance-related effectiveness (see Figure 17)

Software amp Platforms companies rate themselves the least effective in Third Party amp Compliance

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

How confident are you in the effectiveness of each of the following for your organization

15

Five steps to cyber resilienceBuild on a strong foundation harden and protect your core assets Important to identify the high-value assets of your company and then strengthen their security as Software amp Platforms companies today do not protect on average a quarter of their organization with their cybersecurity program Make sure to prepare for the worst and test those scenarios

Pressure test your resilience use coached incident simulation As the red team blue team modelmdashwhere a red team is tasked with infiltrating your security system and a blue team is tasked with detecting itmdashhas its limitations we advise using a coached incident simulation often referred to as purple teaming which also uses threat intelligence and advanced adversary simulation techniques as well as coaching

Employ breakthrough technologies automate defenses Use AI big data analytics and machine learning to enable security teams to react and respond in nano- or milliseconds not minutes hours or days Furthermore implement multi-factor authentication user behavior monitoring AI-driven access provisioning and deprovisioning

Use intelligence and data to be proactive hunt threats Use a data-driven approach and advanced threat intelligence to better anticipate potential attacks and develop a more proactive security posture for your business

Evolve the role of the CISO The next-generation CISO should be business adept and tech-savvy someone who is equally at home in the boardroom as in the security operations center

01

02

03

04

05

15

ABOUT ACCENTUREAccenture is a leading global professional services company providing a broad range of services and solutions in strategy consulting digital technology and operations Combining unmatched experience and specialized skills across more than 40 industries and all business functions ndash underpinned by the worldrsquos largest delivery network ndash Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders With 459000 people serving clients in more than 120 countries Accenture drives innovation to improve the way the world works and lives Visit us at wwwaccenturecom

Copyright copy 2018 Accenture All rights reserved

Accenture and its logo are trademarks of Accenture

For more information contact Kevin Collins kevinjcollinsaccenturecom

Paul Johnson pauldjohnsonaccenturecom

5

FIGURE 4 Room for improvement as companies face 2-3 security breaches per month

An attack needs to be successful only once whereas organizationsrsquo cyber resilience needs to be effective every time The ability to detect an attack has significantly improved over the last year Despite the increased pressure from targeted cybersecurity attacks more than doubling (232 on average in 2018 vs 106 in 2017 see Figure 4) organizations are demonstrating far more success in heading them off with only one in eight (or around 13 percent) of focused attacks are getting through in 2018 This is much better than the one in three (or around 30 percent_ that caused disruption to organizations just over a year ago

At the same time the number of successful attacks stagnating globally at ~30 means that on average organizations are facing 2-3 security breaches per month This raises concerns so there is more work to be done In comparison Software amp Platforms companies faced on average 251 attacks in 2018 of which 33 (or around 13 percent) were successful showing further room for improvement

Security breaches Prevented targeted attacks

2017 Global 2018 Global

32(30)

30(13)

74(70)

202(87)106

232

2018 SampP

33(13)

218(87)

251

Security breaches Prevented targeted attacks

2017 Global 2018 Global

32(30)

30(13)

74(70)

202(87)106

232

2018 SampP

33(13)

218(87)

251

FIGURE 3 Software amp Platforms companies performed high on 22 of 33 cybersecurity capabilities vs the global average of 19

Capabilities rated high performing

Capabilities NOT rated high performing

2018 Global 2018 SampP

14 11

19 22

33 33

Capabilities rated high performing

Capabilities NOT rated high performing

2018 Global 2018 SampP

14 11

19 22

33 33

6

FIGURE 5 Software amp Platforms security teams discovered on average 68 of breach attempts and get most help identifying the rest of the attempts from white hats internal employees and law enforcement

Of course security teams are not always the first to know about attacks The insidious nature of cybercrime means that there are continually evolving ways to infiltrate an organization But more collaboration is taking place for the attacks that security teams do not identify When the survey asked how Software amp Platforms companies learn about breaches undetected by their security teams 64 percent said from white hats 63 percent from their own employees and 56 percent said from law enforcement (see Figure 5) Such collaboration and threat information sharing is positive and needs to grow further as there is safety in numbers when defending against cyber attacks

Despite the rising pressure of targeted cyber attacks security teams at Software amp Platforms companies continue to identify around two-thirds or 68 percent of all breach attempts on average (see Figure 5) However this masks a divergence in performance among organizations 23 percent of respondents were in the top category ie able to identify between 76 percent and 100 percent of breach attempts while 15 percent of respondents fell into the lowest category able to identify less than half of all breach attempts So while many organizations are performing well some are clearly struggling with the increased pressure of attacks

Proportion of cyber attacks discovered by security teams

26

37

23

15Less than 50

51-65

76 or more

66-75

For breaches not detected by your security team how do you most frequently learn about them (Ranked top 3)

63

56

52

64White hatsInternally by our

employees

Externally by a peercompetitor in our industry

Law enforcement

51Externally by the media

Attacks identified by security team

Attacks NOT identified by security team

2018 SampP

32

68

251

7

Cybersecurity budget approved by C-level and on the rise

FIGURE 6 67 say their Board CEO or Executive Committee authorizes their cybersecurity budget

FIGURE 7 Software amp Platforms companies spend 20 of their IT budget on cybersecurity

Percentage of IT budget spent on security

Rest of IT budget

2018 Global 2018 SampP

81 80

19 20

Percentage of IT budget spent on security

Rest of IT budget

2018 Global 2018 SampP

81 80

19 20

Of those surveyed 67 percent say their Board CEO or Executive Committee authorizes their cybersecurity spend compared to the global average of 59 percent (see Figure 6) Consequently budget authorization rests at the highest levels of companies

This elevated status of cyber resilience within the business is helping to fuel improvements Security spending reached 20 percent of the IT budget in Software amp Platforms companies (see Figure 7)Who authorizes your cybersecurity budget

Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee

2018 Global 2018 SampP

27

12

11

36

117

32 31

96 1 11

104

Who authorizes your cybersecurity budget

Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee

2018 Global 2018 SampP

27

12

11

36

117

32 31

96 1 11

104

Who authorizes your cybersecurity budget

Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee

2018 Global 2018 SampP

27

12

11

36

117

32 31

96 1 11

104

Who authorizes your cybersecurity budget

8

FIGURE 8 43 of Software amp Platforms companies expect to increase their cybersecurity budget significantly over the next three years while only 28 claim to have done so in the past three years

FIGURE 9 With more budget security investments would be directed toward technologies and innovations over training

Given the additional budget Software amp Platforms companies would invest in breakthrough technologies 65 percent of respondents would spend it on adding innovations in cybersecurity and 58 percent would spend it on filling known gaps in cybersecurity technology but only 14 percent would spend it on end-user training (see Figure 9)

The general outlook for investment is positive with 90 percent of Software amp Platforms respondents expecting their organizationrsquos overall investment in cybersecurity to stay the same or increase in the next three years (see Figure 8) At the same time only 43 percent of them expect that increased investment to be significant (double or more)mdashhardly a fast-track to embedding security into the fabric of the organization This however is still an increase compared to the 28 percent who claim they have significantly increased their cybersecurity budget over the past three years

Past 3 years

Increased significantly (doubled or more)

Increased modestly

2018 Global 2018 SampP

65

22 28

13

62

9 1

Next 3 years

Decreased modestly

Stayed the same Decreased significantly (by half or more)

2018 Global 2018 SampP

43

48

11

31

59

9 1 7

Past 3 years

Increased significantly (doubled or more)

Increased modestly

2018 Global 2018 SampP

65

22 28

13

62

9 1

Next 3 years

Decreased modestly

Stayed the same Decreased significantly (by half or more)

2018 Global 2018 SampP

43

48

11

31

59

9 1 7

Past 3 years

Increased significantly (doubled or more)

Increased modestly

2018 Global 2018 SampP

65

22 28

13

62

9 1

Next 3 years

Decreased modestly

Stayed the same Decreased significantly (by half or more)

2018 Global 2018 SampP

43

48

11

31

59

9 1 7

If you were given more budget for sybersecurityhow would you use it

58

65

56

45

37

14

62

59

54

52

36

13

Filling known gaps in cybersecurity technology

Adding new innovations in cybersecurity

Filling security staffing gaps

Better reporting tools

End-user training

Filling known gaps in capabilities (other than

staffing amp technology)

Global 2018 SampP

If you were given more budget for cybersecurity how would you use it

9

New technologies are important for the future

The evolution of digital technologies is a double-edged sword It has been essential to organizationsrsquo success globally while increasing the risk of cyber threat 89 percent of Software amp Platforms respondents agree that the adoption of new innovative business models ecosystems liquid workforces etc can increase the attack surface and make organizations more vulnerable to the threat of cyber attacks (see Figure 10)

At the same time the digital technologies that created market disruption and spawned the next wave of successful cyber attacks are also proving to be part of the solution to tackling cybersecurity Our research shows that 90 percent of Software amp Platforms respondents believe that breakthrough technologies such as artificial intelligence (AI) machine or deep learning user behavior analytics and blockchain are essential to securing the future of their organizations (see Figure 11)

FIGURE 10 As companies adopt new innovative business models ecosystems liquid workforce etc the risk and security attack surface area increases exponentially

FIGURE 11 New technologies as AI machine deep learning user behavior analytics blockchain etc are essential to securing the future of the organization

Disagree AgreeStrongly agree

2018 Global 2018 SampP

82

18

89

11

Disagree AgreeStrongly agree

2018 Global 2018 SampP

82

18

89

11

Disagree AgreeStrongly agree

2018 Global 2018 SampP

83

17

90

10

Disagree AgreeStrongly agree

2018 Global 2018 SampP

83

17

90

10

10

FIGURE 12 Only 32 of Software amp Platforms respondents invest in Machine learning and AI today

Indeed it is breakthrough technologies that will drive the next round of cyber resiliencemdashalthough only one in three (or around 32 percent) of Software amp Platforms business leaders are already investing in areas like machine learningAI and automation as most of them instead invest in IoT security security intelligence platforms and blockchain (see Figure 12)

In which of the following newemerging technologies are you investing to evolve your security programm (multiple responses)

61

54

49

48

37

37

32

55

54

48

45

45

44

43

IoT security

Security intelligence platforms

Threat hunting

Continuous control monitoringand reporting

Managed security services

Machine learningAI

38

37

41

40

Password-less authentication

Robotic process automation (RPA)

Blockchain

Global 2018 SampP

In which of the following newemerging technologies are you investing to evolve your security program (Multiple responses)

11

Both internal and external focus needed

In terms of delivering the next wave of improvements it is easy to focus exclusively on counteracting external attacks but organizations should not neglect the enemy within When looking at the incidents security teams fail to prevent the top two attacks with the greatest impact are external attacks such as hackers and internal attacks such as malicious insiders (see Figure 13) Furthermore these two types of attacks are also the most frequent ones according to respondents This serves as a timely reminder for organizations to protect themselves from the inside out against the equally damaging threats of internal and external attacks

FIGURE 13 External attacks such as hackers and internal attacks such as malicious insiders are both the most frequent attacks and those with the greatest impact

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Most damaging breaches ranked by frequency amp impact

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Among the successful breaches please indicate which of the following causes had the greatest impact

12

FIGURE 15 41 of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their partners as to their own business

FIGURE 14 On average one-quarter of a Software amp Platforms company is not protected by a cybersecurity program

On average Software amp Platforms respondents said a cybersecurity program does not protect one-quarter (27 percent) of their organization (see Figure 14) including corporate IT and the systems in the corporate office Protection of third parties ranked lowest of all at only 36 percent

Cybersecurity performance should also extend beyond the organizationsrsquo own four walls but for many organizations they are only as good as their weakest link Subsidiary and third-party risk is top of mind especially when 41 percent of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their extended ecosystem of partners as they apply to their own business (see Figure 15)

Consequently Software amp Platforms companies must do more to put the basics of cybersecurity in place to protect their most valuable assetsmdashfrom the inside outmdashacross their entire industry value chain

Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards

Not protected Protected

2018 Global 2018 SampP

67

33

73

27

Not protected Protected

2018 Global 2018 SampP

67

33

73

27

Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards

We do not review cybersecurity standards of partners

We review cybersecurity standards of partners but do not impose any standards or requirements

We hold partners to a min standards for cybersecurity that is below our business standards and audit regularly

We hold partners to the same cybersecurity standards as our business and audit regularly

We hold partners to higher cybersecurity standards than our business

2018 Global 2018 SampP

46

16

14

18

6

37

21

15

22

5

13

FIGURE 16 Share of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE

2 of FTEs work with security at Software amp Platforms companies

Organizations rely on their internal security workforce but also supplement it with contractors and outsourced staff Software amp Platforms companies have less of their total headcount around 2 percent work with security compared to the global average of almost 3 percent At the same time Software amp Platforms companies have more employees working with ldquoSecurity Strategy and Leadershiprdquo PMO and ldquoSecurity Architecture and Engineeringrdquo On the other hand Software amp Platforms companies have fewer contractors and consultants as well as fewer outsourced FTEs than the global average (see Figure 16)

Percentage of various Internal Security FTE ContractorsConsultants and Outsoursed FTE as a percentage of Total FTE

2

073

059

088

06

075

286

073

071

07

067

066

Security FTE

Security operations

Security strategy andleadership PMO

Security architectureand engineering

Risk and compliance

033

02

057

032

Contractorsconsultants

Outsourced

Digital identity

Global 2018 SampP

Percentage of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE

14

FIGURE 17 Software amp Platforms respondents feel least confident about their organizationrsquos effectiveness when it comes to Third Party amp Compliance while they are generally confident about their cybersecurity capabilities and effectiveness

Confidence is high amongst Software amp Platforms respondents on all capabilities we asked them about For example 86 percent feel confident about their companyrsquos ability to monitor breaches 87 percent feel confident about identifying the cause of a breach and 84 percent feel confident about restoring normal activity after a breach (see Figure 17)

Although confidence is also generally high amongst respondents in their organizationrsquos cybersecurity effectiveness only 76 percent feel confident in their Third Party amp Compliance-related effectiveness (see Figure 17)

Software amp Platforms companies rate themselves the least effective in Third Party amp Compliance

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

How confident are you in the effectiveness of each of the following for your organization

15

Five steps to cyber resilienceBuild on a strong foundation harden and protect your core assets Important to identify the high-value assets of your company and then strengthen their security as Software amp Platforms companies today do not protect on average a quarter of their organization with their cybersecurity program Make sure to prepare for the worst and test those scenarios

Pressure test your resilience use coached incident simulation As the red team blue team modelmdashwhere a red team is tasked with infiltrating your security system and a blue team is tasked with detecting itmdashhas its limitations we advise using a coached incident simulation often referred to as purple teaming which also uses threat intelligence and advanced adversary simulation techniques as well as coaching

Employ breakthrough technologies automate defenses Use AI big data analytics and machine learning to enable security teams to react and respond in nano- or milliseconds not minutes hours or days Furthermore implement multi-factor authentication user behavior monitoring AI-driven access provisioning and deprovisioning

Use intelligence and data to be proactive hunt threats Use a data-driven approach and advanced threat intelligence to better anticipate potential attacks and develop a more proactive security posture for your business

Evolve the role of the CISO The next-generation CISO should be business adept and tech-savvy someone who is equally at home in the boardroom as in the security operations center

01

02

03

04

05

15

ABOUT ACCENTUREAccenture is a leading global professional services company providing a broad range of services and solutions in strategy consulting digital technology and operations Combining unmatched experience and specialized skills across more than 40 industries and all business functions ndash underpinned by the worldrsquos largest delivery network ndash Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders With 459000 people serving clients in more than 120 countries Accenture drives innovation to improve the way the world works and lives Visit us at wwwaccenturecom

Copyright copy 2018 Accenture All rights reserved

Accenture and its logo are trademarks of Accenture

For more information contact Kevin Collins kevinjcollinsaccenturecom

Paul Johnson pauldjohnsonaccenturecom

6

FIGURE 5 Software amp Platforms security teams discovered on average 68 of breach attempts and get most help identifying the rest of the attempts from white hats internal employees and law enforcement

Of course security teams are not always the first to know about attacks The insidious nature of cybercrime means that there are continually evolving ways to infiltrate an organization But more collaboration is taking place for the attacks that security teams do not identify When the survey asked how Software amp Platforms companies learn about breaches undetected by their security teams 64 percent said from white hats 63 percent from their own employees and 56 percent said from law enforcement (see Figure 5) Such collaboration and threat information sharing is positive and needs to grow further as there is safety in numbers when defending against cyber attacks

Despite the rising pressure of targeted cyber attacks security teams at Software amp Platforms companies continue to identify around two-thirds or 68 percent of all breach attempts on average (see Figure 5) However this masks a divergence in performance among organizations 23 percent of respondents were in the top category ie able to identify between 76 percent and 100 percent of breach attempts while 15 percent of respondents fell into the lowest category able to identify less than half of all breach attempts So while many organizations are performing well some are clearly struggling with the increased pressure of attacks

Proportion of cyber attacks discovered by security teams

26

37

23

15Less than 50

51-65

76 or more

66-75

For breaches not detected by your security team how do you most frequently learn about them (Ranked top 3)

63

56

52

64White hatsInternally by our

employees

Externally by a peercompetitor in our industry

Law enforcement

51Externally by the media

Attacks identified by security team

Attacks NOT identified by security team

2018 SampP

32

68

251

7

Cybersecurity budget approved by C-level and on the rise

FIGURE 6 67 say their Board CEO or Executive Committee authorizes their cybersecurity budget

FIGURE 7 Software amp Platforms companies spend 20 of their IT budget on cybersecurity

Percentage of IT budget spent on security

Rest of IT budget

2018 Global 2018 SampP

81 80

19 20

Percentage of IT budget spent on security

Rest of IT budget

2018 Global 2018 SampP

81 80

19 20

Of those surveyed 67 percent say their Board CEO or Executive Committee authorizes their cybersecurity spend compared to the global average of 59 percent (see Figure 6) Consequently budget authorization rests at the highest levels of companies

This elevated status of cyber resilience within the business is helping to fuel improvements Security spending reached 20 percent of the IT budget in Software amp Platforms companies (see Figure 7)Who authorizes your cybersecurity budget

Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee

2018 Global 2018 SampP

27

12

11

36

117

32 31

96 1 11

104

Who authorizes your cybersecurity budget

Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee

2018 Global 2018 SampP

27

12

11

36

117

32 31

96 1 11

104

Who authorizes your cybersecurity budget

Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee

2018 Global 2018 SampP

27

12

11

36

117

32 31

96 1 11

104

Who authorizes your cybersecurity budget

8

FIGURE 8 43 of Software amp Platforms companies expect to increase their cybersecurity budget significantly over the next three years while only 28 claim to have done so in the past three years

FIGURE 9 With more budget security investments would be directed toward technologies and innovations over training

Given the additional budget Software amp Platforms companies would invest in breakthrough technologies 65 percent of respondents would spend it on adding innovations in cybersecurity and 58 percent would spend it on filling known gaps in cybersecurity technology but only 14 percent would spend it on end-user training (see Figure 9)

The general outlook for investment is positive with 90 percent of Software amp Platforms respondents expecting their organizationrsquos overall investment in cybersecurity to stay the same or increase in the next three years (see Figure 8) At the same time only 43 percent of them expect that increased investment to be significant (double or more)mdashhardly a fast-track to embedding security into the fabric of the organization This however is still an increase compared to the 28 percent who claim they have significantly increased their cybersecurity budget over the past three years

Past 3 years

Increased significantly (doubled or more)

Increased modestly

2018 Global 2018 SampP

65

22 28

13

62

9 1

Next 3 years

Decreased modestly

Stayed the same Decreased significantly (by half or more)

2018 Global 2018 SampP

43

48

11

31

59

9 1 7

Past 3 years

Increased significantly (doubled or more)

Increased modestly

2018 Global 2018 SampP

65

22 28

13

62

9 1

Next 3 years

Decreased modestly

Stayed the same Decreased significantly (by half or more)

2018 Global 2018 SampP

43

48

11

31

59

9 1 7

Past 3 years

Increased significantly (doubled or more)

Increased modestly

2018 Global 2018 SampP

65

22 28

13

62

9 1

Next 3 years

Decreased modestly

Stayed the same Decreased significantly (by half or more)

2018 Global 2018 SampP

43

48

11

31

59

9 1 7

If you were given more budget for sybersecurityhow would you use it

58

65

56

45

37

14

62

59

54

52

36

13

Filling known gaps in cybersecurity technology

Adding new innovations in cybersecurity

Filling security staffing gaps

Better reporting tools

End-user training

Filling known gaps in capabilities (other than

staffing amp technology)

Global 2018 SampP

If you were given more budget for cybersecurity how would you use it

9

New technologies are important for the future

The evolution of digital technologies is a double-edged sword It has been essential to organizationsrsquo success globally while increasing the risk of cyber threat 89 percent of Software amp Platforms respondents agree that the adoption of new innovative business models ecosystems liquid workforces etc can increase the attack surface and make organizations more vulnerable to the threat of cyber attacks (see Figure 10)

At the same time the digital technologies that created market disruption and spawned the next wave of successful cyber attacks are also proving to be part of the solution to tackling cybersecurity Our research shows that 90 percent of Software amp Platforms respondents believe that breakthrough technologies such as artificial intelligence (AI) machine or deep learning user behavior analytics and blockchain are essential to securing the future of their organizations (see Figure 11)

FIGURE 10 As companies adopt new innovative business models ecosystems liquid workforce etc the risk and security attack surface area increases exponentially

FIGURE 11 New technologies as AI machine deep learning user behavior analytics blockchain etc are essential to securing the future of the organization

Disagree AgreeStrongly agree

2018 Global 2018 SampP

82

18

89

11

Disagree AgreeStrongly agree

2018 Global 2018 SampP

82

18

89

11

Disagree AgreeStrongly agree

2018 Global 2018 SampP

83

17

90

10

Disagree AgreeStrongly agree

2018 Global 2018 SampP

83

17

90

10

10

FIGURE 12 Only 32 of Software amp Platforms respondents invest in Machine learning and AI today

Indeed it is breakthrough technologies that will drive the next round of cyber resiliencemdashalthough only one in three (or around 32 percent) of Software amp Platforms business leaders are already investing in areas like machine learningAI and automation as most of them instead invest in IoT security security intelligence platforms and blockchain (see Figure 12)

In which of the following newemerging technologies are you investing to evolve your security programm (multiple responses)

61

54

49

48

37

37

32

55

54

48

45

45

44

43

IoT security

Security intelligence platforms

Threat hunting

Continuous control monitoringand reporting

Managed security services

Machine learningAI

38

37

41

40

Password-less authentication

Robotic process automation (RPA)

Blockchain

Global 2018 SampP

In which of the following newemerging technologies are you investing to evolve your security program (Multiple responses)

11

Both internal and external focus needed

In terms of delivering the next wave of improvements it is easy to focus exclusively on counteracting external attacks but organizations should not neglect the enemy within When looking at the incidents security teams fail to prevent the top two attacks with the greatest impact are external attacks such as hackers and internal attacks such as malicious insiders (see Figure 13) Furthermore these two types of attacks are also the most frequent ones according to respondents This serves as a timely reminder for organizations to protect themselves from the inside out against the equally damaging threats of internal and external attacks

FIGURE 13 External attacks such as hackers and internal attacks such as malicious insiders are both the most frequent attacks and those with the greatest impact

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Most damaging breaches ranked by frequency amp impact

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Among the successful breaches please indicate which of the following causes had the greatest impact

12

FIGURE 15 41 of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their partners as to their own business

FIGURE 14 On average one-quarter of a Software amp Platforms company is not protected by a cybersecurity program

On average Software amp Platforms respondents said a cybersecurity program does not protect one-quarter (27 percent) of their organization (see Figure 14) including corporate IT and the systems in the corporate office Protection of third parties ranked lowest of all at only 36 percent

Cybersecurity performance should also extend beyond the organizationsrsquo own four walls but for many organizations they are only as good as their weakest link Subsidiary and third-party risk is top of mind especially when 41 percent of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their extended ecosystem of partners as they apply to their own business (see Figure 15)

Consequently Software amp Platforms companies must do more to put the basics of cybersecurity in place to protect their most valuable assetsmdashfrom the inside outmdashacross their entire industry value chain

Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards

Not protected Protected

2018 Global 2018 SampP

67

33

73

27

Not protected Protected

2018 Global 2018 SampP

67

33

73

27

Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards

We do not review cybersecurity standards of partners

We review cybersecurity standards of partners but do not impose any standards or requirements

We hold partners to a min standards for cybersecurity that is below our business standards and audit regularly

We hold partners to the same cybersecurity standards as our business and audit regularly

We hold partners to higher cybersecurity standards than our business

2018 Global 2018 SampP

46

16

14

18

6

37

21

15

22

5

13

FIGURE 16 Share of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE

2 of FTEs work with security at Software amp Platforms companies

Organizations rely on their internal security workforce but also supplement it with contractors and outsourced staff Software amp Platforms companies have less of their total headcount around 2 percent work with security compared to the global average of almost 3 percent At the same time Software amp Platforms companies have more employees working with ldquoSecurity Strategy and Leadershiprdquo PMO and ldquoSecurity Architecture and Engineeringrdquo On the other hand Software amp Platforms companies have fewer contractors and consultants as well as fewer outsourced FTEs than the global average (see Figure 16)

Percentage of various Internal Security FTE ContractorsConsultants and Outsoursed FTE as a percentage of Total FTE

2

073

059

088

06

075

286

073

071

07

067

066

Security FTE

Security operations

Security strategy andleadership PMO

Security architectureand engineering

Risk and compliance

033

02

057

032

Contractorsconsultants

Outsourced

Digital identity

Global 2018 SampP

Percentage of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE

14

FIGURE 17 Software amp Platforms respondents feel least confident about their organizationrsquos effectiveness when it comes to Third Party amp Compliance while they are generally confident about their cybersecurity capabilities and effectiveness

Confidence is high amongst Software amp Platforms respondents on all capabilities we asked them about For example 86 percent feel confident about their companyrsquos ability to monitor breaches 87 percent feel confident about identifying the cause of a breach and 84 percent feel confident about restoring normal activity after a breach (see Figure 17)

Although confidence is also generally high amongst respondents in their organizationrsquos cybersecurity effectiveness only 76 percent feel confident in their Third Party amp Compliance-related effectiveness (see Figure 17)

Software amp Platforms companies rate themselves the least effective in Third Party amp Compliance

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

How confident are you in the effectiveness of each of the following for your organization

15

Five steps to cyber resilienceBuild on a strong foundation harden and protect your core assets Important to identify the high-value assets of your company and then strengthen their security as Software amp Platforms companies today do not protect on average a quarter of their organization with their cybersecurity program Make sure to prepare for the worst and test those scenarios

Pressure test your resilience use coached incident simulation As the red team blue team modelmdashwhere a red team is tasked with infiltrating your security system and a blue team is tasked with detecting itmdashhas its limitations we advise using a coached incident simulation often referred to as purple teaming which also uses threat intelligence and advanced adversary simulation techniques as well as coaching

Employ breakthrough technologies automate defenses Use AI big data analytics and machine learning to enable security teams to react and respond in nano- or milliseconds not minutes hours or days Furthermore implement multi-factor authentication user behavior monitoring AI-driven access provisioning and deprovisioning

Use intelligence and data to be proactive hunt threats Use a data-driven approach and advanced threat intelligence to better anticipate potential attacks and develop a more proactive security posture for your business

Evolve the role of the CISO The next-generation CISO should be business adept and tech-savvy someone who is equally at home in the boardroom as in the security operations center

01

02

03

04

05

15

ABOUT ACCENTUREAccenture is a leading global professional services company providing a broad range of services and solutions in strategy consulting digital technology and operations Combining unmatched experience and specialized skills across more than 40 industries and all business functions ndash underpinned by the worldrsquos largest delivery network ndash Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders With 459000 people serving clients in more than 120 countries Accenture drives innovation to improve the way the world works and lives Visit us at wwwaccenturecom

Copyright copy 2018 Accenture All rights reserved

Accenture and its logo are trademarks of Accenture

For more information contact Kevin Collins kevinjcollinsaccenturecom

Paul Johnson pauldjohnsonaccenturecom

7

Cybersecurity budget approved by C-level and on the rise

FIGURE 6 67 say their Board CEO or Executive Committee authorizes their cybersecurity budget

FIGURE 7 Software amp Platforms companies spend 20 of their IT budget on cybersecurity

Percentage of IT budget spent on security

Rest of IT budget

2018 Global 2018 SampP

81 80

19 20

Percentage of IT budget spent on security

Rest of IT budget

2018 Global 2018 SampP

81 80

19 20

Of those surveyed 67 percent say their Board CEO or Executive Committee authorizes their cybersecurity spend compared to the global average of 59 percent (see Figure 6) Consequently budget authorization rests at the highest levels of companies

This elevated status of cyber resilience within the business is helping to fuel improvements Security spending reached 20 percent of the IT budget in Software amp Platforms companies (see Figure 7)Who authorizes your cybersecurity budget

Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee

2018 Global 2018 SampP

27

12

11

36

117

32 31

96 1 11

104

Who authorizes your cybersecurity budget

Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee

2018 Global 2018 SampP

27

12

11

36

117

32 31

96 1 11

104

Who authorizes your cybersecurity budget

Chief Data OfficerChief Risk OfficerFunctional Leadership (egBusinessLine-of-BusinessChief Information OfficerCISOChief Security OfficerCOOCFOBoard of DirectorsCEOExecutive Committee

2018 Global 2018 SampP

27

12

11

36

117

32 31

96 1 11

104

Who authorizes your cybersecurity budget

8

FIGURE 8 43 of Software amp Platforms companies expect to increase their cybersecurity budget significantly over the next three years while only 28 claim to have done so in the past three years

FIGURE 9 With more budget security investments would be directed toward technologies and innovations over training

Given the additional budget Software amp Platforms companies would invest in breakthrough technologies 65 percent of respondents would spend it on adding innovations in cybersecurity and 58 percent would spend it on filling known gaps in cybersecurity technology but only 14 percent would spend it on end-user training (see Figure 9)

The general outlook for investment is positive with 90 percent of Software amp Platforms respondents expecting their organizationrsquos overall investment in cybersecurity to stay the same or increase in the next three years (see Figure 8) At the same time only 43 percent of them expect that increased investment to be significant (double or more)mdashhardly a fast-track to embedding security into the fabric of the organization This however is still an increase compared to the 28 percent who claim they have significantly increased their cybersecurity budget over the past three years

Past 3 years

Increased significantly (doubled or more)

Increased modestly

2018 Global 2018 SampP

65

22 28

13

62

9 1

Next 3 years

Decreased modestly

Stayed the same Decreased significantly (by half or more)

2018 Global 2018 SampP

43

48

11

31

59

9 1 7

Past 3 years

Increased significantly (doubled or more)

Increased modestly

2018 Global 2018 SampP

65

22 28

13

62

9 1

Next 3 years

Decreased modestly

Stayed the same Decreased significantly (by half or more)

2018 Global 2018 SampP

43

48

11

31

59

9 1 7

Past 3 years

Increased significantly (doubled or more)

Increased modestly

2018 Global 2018 SampP

65

22 28

13

62

9 1

Next 3 years

Decreased modestly

Stayed the same Decreased significantly (by half or more)

2018 Global 2018 SampP

43

48

11

31

59

9 1 7

If you were given more budget for sybersecurityhow would you use it

58

65

56

45

37

14

62

59

54

52

36

13

Filling known gaps in cybersecurity technology

Adding new innovations in cybersecurity

Filling security staffing gaps

Better reporting tools

End-user training

Filling known gaps in capabilities (other than

staffing amp technology)

Global 2018 SampP

If you were given more budget for cybersecurity how would you use it

9

New technologies are important for the future

The evolution of digital technologies is a double-edged sword It has been essential to organizationsrsquo success globally while increasing the risk of cyber threat 89 percent of Software amp Platforms respondents agree that the adoption of new innovative business models ecosystems liquid workforces etc can increase the attack surface and make organizations more vulnerable to the threat of cyber attacks (see Figure 10)

At the same time the digital technologies that created market disruption and spawned the next wave of successful cyber attacks are also proving to be part of the solution to tackling cybersecurity Our research shows that 90 percent of Software amp Platforms respondents believe that breakthrough technologies such as artificial intelligence (AI) machine or deep learning user behavior analytics and blockchain are essential to securing the future of their organizations (see Figure 11)

FIGURE 10 As companies adopt new innovative business models ecosystems liquid workforce etc the risk and security attack surface area increases exponentially

FIGURE 11 New technologies as AI machine deep learning user behavior analytics blockchain etc are essential to securing the future of the organization

Disagree AgreeStrongly agree

2018 Global 2018 SampP

82

18

89

11

Disagree AgreeStrongly agree

2018 Global 2018 SampP

82

18

89

11

Disagree AgreeStrongly agree

2018 Global 2018 SampP

83

17

90

10

Disagree AgreeStrongly agree

2018 Global 2018 SampP

83

17

90

10

10

FIGURE 12 Only 32 of Software amp Platforms respondents invest in Machine learning and AI today

Indeed it is breakthrough technologies that will drive the next round of cyber resiliencemdashalthough only one in three (or around 32 percent) of Software amp Platforms business leaders are already investing in areas like machine learningAI and automation as most of them instead invest in IoT security security intelligence platforms and blockchain (see Figure 12)

In which of the following newemerging technologies are you investing to evolve your security programm (multiple responses)

61

54

49

48

37

37

32

55

54

48

45

45

44

43

IoT security

Security intelligence platforms

Threat hunting

Continuous control monitoringand reporting

Managed security services

Machine learningAI

38

37

41

40

Password-less authentication

Robotic process automation (RPA)

Blockchain

Global 2018 SampP

In which of the following newemerging technologies are you investing to evolve your security program (Multiple responses)

11

Both internal and external focus needed

In terms of delivering the next wave of improvements it is easy to focus exclusively on counteracting external attacks but organizations should not neglect the enemy within When looking at the incidents security teams fail to prevent the top two attacks with the greatest impact are external attacks such as hackers and internal attacks such as malicious insiders (see Figure 13) Furthermore these two types of attacks are also the most frequent ones according to respondents This serves as a timely reminder for organizations to protect themselves from the inside out against the equally damaging threats of internal and external attacks

FIGURE 13 External attacks such as hackers and internal attacks such as malicious insiders are both the most frequent attacks and those with the greatest impact

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Most damaging breaches ranked by frequency amp impact

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Among the successful breaches please indicate which of the following causes had the greatest impact

12

FIGURE 15 41 of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their partners as to their own business

FIGURE 14 On average one-quarter of a Software amp Platforms company is not protected by a cybersecurity program

On average Software amp Platforms respondents said a cybersecurity program does not protect one-quarter (27 percent) of their organization (see Figure 14) including corporate IT and the systems in the corporate office Protection of third parties ranked lowest of all at only 36 percent

Cybersecurity performance should also extend beyond the organizationsrsquo own four walls but for many organizations they are only as good as their weakest link Subsidiary and third-party risk is top of mind especially when 41 percent of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their extended ecosystem of partners as they apply to their own business (see Figure 15)

Consequently Software amp Platforms companies must do more to put the basics of cybersecurity in place to protect their most valuable assetsmdashfrom the inside outmdashacross their entire industry value chain

Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards

Not protected Protected

2018 Global 2018 SampP

67

33

73

27

Not protected Protected

2018 Global 2018 SampP

67

33

73

27

Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards

We do not review cybersecurity standards of partners

We review cybersecurity standards of partners but do not impose any standards or requirements

We hold partners to a min standards for cybersecurity that is below our business standards and audit regularly

We hold partners to the same cybersecurity standards as our business and audit regularly

We hold partners to higher cybersecurity standards than our business

2018 Global 2018 SampP

46

16

14

18

6

37

21

15

22

5

13

FIGURE 16 Share of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE

2 of FTEs work with security at Software amp Platforms companies

Organizations rely on their internal security workforce but also supplement it with contractors and outsourced staff Software amp Platforms companies have less of their total headcount around 2 percent work with security compared to the global average of almost 3 percent At the same time Software amp Platforms companies have more employees working with ldquoSecurity Strategy and Leadershiprdquo PMO and ldquoSecurity Architecture and Engineeringrdquo On the other hand Software amp Platforms companies have fewer contractors and consultants as well as fewer outsourced FTEs than the global average (see Figure 16)

Percentage of various Internal Security FTE ContractorsConsultants and Outsoursed FTE as a percentage of Total FTE

2

073

059

088

06

075

286

073

071

07

067

066

Security FTE

Security operations

Security strategy andleadership PMO

Security architectureand engineering

Risk and compliance

033

02

057

032

Contractorsconsultants

Outsourced

Digital identity

Global 2018 SampP

Percentage of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE

14

FIGURE 17 Software amp Platforms respondents feel least confident about their organizationrsquos effectiveness when it comes to Third Party amp Compliance while they are generally confident about their cybersecurity capabilities and effectiveness

Confidence is high amongst Software amp Platforms respondents on all capabilities we asked them about For example 86 percent feel confident about their companyrsquos ability to monitor breaches 87 percent feel confident about identifying the cause of a breach and 84 percent feel confident about restoring normal activity after a breach (see Figure 17)

Although confidence is also generally high amongst respondents in their organizationrsquos cybersecurity effectiveness only 76 percent feel confident in their Third Party amp Compliance-related effectiveness (see Figure 17)

Software amp Platforms companies rate themselves the least effective in Third Party amp Compliance

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

How confident are you in the effectiveness of each of the following for your organization

15

Five steps to cyber resilienceBuild on a strong foundation harden and protect your core assets Important to identify the high-value assets of your company and then strengthen their security as Software amp Platforms companies today do not protect on average a quarter of their organization with their cybersecurity program Make sure to prepare for the worst and test those scenarios

Pressure test your resilience use coached incident simulation As the red team blue team modelmdashwhere a red team is tasked with infiltrating your security system and a blue team is tasked with detecting itmdashhas its limitations we advise using a coached incident simulation often referred to as purple teaming which also uses threat intelligence and advanced adversary simulation techniques as well as coaching

Employ breakthrough technologies automate defenses Use AI big data analytics and machine learning to enable security teams to react and respond in nano- or milliseconds not minutes hours or days Furthermore implement multi-factor authentication user behavior monitoring AI-driven access provisioning and deprovisioning

Use intelligence and data to be proactive hunt threats Use a data-driven approach and advanced threat intelligence to better anticipate potential attacks and develop a more proactive security posture for your business

Evolve the role of the CISO The next-generation CISO should be business adept and tech-savvy someone who is equally at home in the boardroom as in the security operations center

01

02

03

04

05

15

ABOUT ACCENTUREAccenture is a leading global professional services company providing a broad range of services and solutions in strategy consulting digital technology and operations Combining unmatched experience and specialized skills across more than 40 industries and all business functions ndash underpinned by the worldrsquos largest delivery network ndash Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders With 459000 people serving clients in more than 120 countries Accenture drives innovation to improve the way the world works and lives Visit us at wwwaccenturecom

Copyright copy 2018 Accenture All rights reserved

Accenture and its logo are trademarks of Accenture

For more information contact Kevin Collins kevinjcollinsaccenturecom

Paul Johnson pauldjohnsonaccenturecom

8

FIGURE 8 43 of Software amp Platforms companies expect to increase their cybersecurity budget significantly over the next three years while only 28 claim to have done so in the past three years

FIGURE 9 With more budget security investments would be directed toward technologies and innovations over training

Given the additional budget Software amp Platforms companies would invest in breakthrough technologies 65 percent of respondents would spend it on adding innovations in cybersecurity and 58 percent would spend it on filling known gaps in cybersecurity technology but only 14 percent would spend it on end-user training (see Figure 9)

The general outlook for investment is positive with 90 percent of Software amp Platforms respondents expecting their organizationrsquos overall investment in cybersecurity to stay the same or increase in the next three years (see Figure 8) At the same time only 43 percent of them expect that increased investment to be significant (double or more)mdashhardly a fast-track to embedding security into the fabric of the organization This however is still an increase compared to the 28 percent who claim they have significantly increased their cybersecurity budget over the past three years

Past 3 years

Increased significantly (doubled or more)

Increased modestly

2018 Global 2018 SampP

65

22 28

13

62

9 1

Next 3 years

Decreased modestly

Stayed the same Decreased significantly (by half or more)

2018 Global 2018 SampP

43

48

11

31

59

9 1 7

Past 3 years

Increased significantly (doubled or more)

Increased modestly

2018 Global 2018 SampP

65

22 28

13

62

9 1

Next 3 years

Decreased modestly

Stayed the same Decreased significantly (by half or more)

2018 Global 2018 SampP

43

48

11

31

59

9 1 7

Past 3 years

Increased significantly (doubled or more)

Increased modestly

2018 Global 2018 SampP

65

22 28

13

62

9 1

Next 3 years

Decreased modestly

Stayed the same Decreased significantly (by half or more)

2018 Global 2018 SampP

43

48

11

31

59

9 1 7

If you were given more budget for sybersecurityhow would you use it

58

65

56

45

37

14

62

59

54

52

36

13

Filling known gaps in cybersecurity technology

Adding new innovations in cybersecurity

Filling security staffing gaps

Better reporting tools

End-user training

Filling known gaps in capabilities (other than

staffing amp technology)

Global 2018 SampP

If you were given more budget for cybersecurity how would you use it

9

New technologies are important for the future

The evolution of digital technologies is a double-edged sword It has been essential to organizationsrsquo success globally while increasing the risk of cyber threat 89 percent of Software amp Platforms respondents agree that the adoption of new innovative business models ecosystems liquid workforces etc can increase the attack surface and make organizations more vulnerable to the threat of cyber attacks (see Figure 10)

At the same time the digital technologies that created market disruption and spawned the next wave of successful cyber attacks are also proving to be part of the solution to tackling cybersecurity Our research shows that 90 percent of Software amp Platforms respondents believe that breakthrough technologies such as artificial intelligence (AI) machine or deep learning user behavior analytics and blockchain are essential to securing the future of their organizations (see Figure 11)

FIGURE 10 As companies adopt new innovative business models ecosystems liquid workforce etc the risk and security attack surface area increases exponentially

FIGURE 11 New technologies as AI machine deep learning user behavior analytics blockchain etc are essential to securing the future of the organization

Disagree AgreeStrongly agree

2018 Global 2018 SampP

82

18

89

11

Disagree AgreeStrongly agree

2018 Global 2018 SampP

82

18

89

11

Disagree AgreeStrongly agree

2018 Global 2018 SampP

83

17

90

10

Disagree AgreeStrongly agree

2018 Global 2018 SampP

83

17

90

10

10

FIGURE 12 Only 32 of Software amp Platforms respondents invest in Machine learning and AI today

Indeed it is breakthrough technologies that will drive the next round of cyber resiliencemdashalthough only one in three (or around 32 percent) of Software amp Platforms business leaders are already investing in areas like machine learningAI and automation as most of them instead invest in IoT security security intelligence platforms and blockchain (see Figure 12)

In which of the following newemerging technologies are you investing to evolve your security programm (multiple responses)

61

54

49

48

37

37

32

55

54

48

45

45

44

43

IoT security

Security intelligence platforms

Threat hunting

Continuous control monitoringand reporting

Managed security services

Machine learningAI

38

37

41

40

Password-less authentication

Robotic process automation (RPA)

Blockchain

Global 2018 SampP

In which of the following newemerging technologies are you investing to evolve your security program (Multiple responses)

11

Both internal and external focus needed

In terms of delivering the next wave of improvements it is easy to focus exclusively on counteracting external attacks but organizations should not neglect the enemy within When looking at the incidents security teams fail to prevent the top two attacks with the greatest impact are external attacks such as hackers and internal attacks such as malicious insiders (see Figure 13) Furthermore these two types of attacks are also the most frequent ones according to respondents This serves as a timely reminder for organizations to protect themselves from the inside out against the equally damaging threats of internal and external attacks

FIGURE 13 External attacks such as hackers and internal attacks such as malicious insiders are both the most frequent attacks and those with the greatest impact

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Most damaging breaches ranked by frequency amp impact

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Among the successful breaches please indicate which of the following causes had the greatest impact

12

FIGURE 15 41 of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their partners as to their own business

FIGURE 14 On average one-quarter of a Software amp Platforms company is not protected by a cybersecurity program

On average Software amp Platforms respondents said a cybersecurity program does not protect one-quarter (27 percent) of their organization (see Figure 14) including corporate IT and the systems in the corporate office Protection of third parties ranked lowest of all at only 36 percent

Cybersecurity performance should also extend beyond the organizationsrsquo own four walls but for many organizations they are only as good as their weakest link Subsidiary and third-party risk is top of mind especially when 41 percent of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their extended ecosystem of partners as they apply to their own business (see Figure 15)

Consequently Software amp Platforms companies must do more to put the basics of cybersecurity in place to protect their most valuable assetsmdashfrom the inside outmdashacross their entire industry value chain

Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards

Not protected Protected

2018 Global 2018 SampP

67

33

73

27

Not protected Protected

2018 Global 2018 SampP

67

33

73

27

Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards

We do not review cybersecurity standards of partners

We review cybersecurity standards of partners but do not impose any standards or requirements

We hold partners to a min standards for cybersecurity that is below our business standards and audit regularly

We hold partners to the same cybersecurity standards as our business and audit regularly

We hold partners to higher cybersecurity standards than our business

2018 Global 2018 SampP

46

16

14

18

6

37

21

15

22

5

13

FIGURE 16 Share of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE

2 of FTEs work with security at Software amp Platforms companies

Organizations rely on their internal security workforce but also supplement it with contractors and outsourced staff Software amp Platforms companies have less of their total headcount around 2 percent work with security compared to the global average of almost 3 percent At the same time Software amp Platforms companies have more employees working with ldquoSecurity Strategy and Leadershiprdquo PMO and ldquoSecurity Architecture and Engineeringrdquo On the other hand Software amp Platforms companies have fewer contractors and consultants as well as fewer outsourced FTEs than the global average (see Figure 16)

Percentage of various Internal Security FTE ContractorsConsultants and Outsoursed FTE as a percentage of Total FTE

2

073

059

088

06

075

286

073

071

07

067

066

Security FTE

Security operations

Security strategy andleadership PMO

Security architectureand engineering

Risk and compliance

033

02

057

032

Contractorsconsultants

Outsourced

Digital identity

Global 2018 SampP

Percentage of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE

14

FIGURE 17 Software amp Platforms respondents feel least confident about their organizationrsquos effectiveness when it comes to Third Party amp Compliance while they are generally confident about their cybersecurity capabilities and effectiveness

Confidence is high amongst Software amp Platforms respondents on all capabilities we asked them about For example 86 percent feel confident about their companyrsquos ability to monitor breaches 87 percent feel confident about identifying the cause of a breach and 84 percent feel confident about restoring normal activity after a breach (see Figure 17)

Although confidence is also generally high amongst respondents in their organizationrsquos cybersecurity effectiveness only 76 percent feel confident in their Third Party amp Compliance-related effectiveness (see Figure 17)

Software amp Platforms companies rate themselves the least effective in Third Party amp Compliance

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

How confident are you in the effectiveness of each of the following for your organization

15

Five steps to cyber resilienceBuild on a strong foundation harden and protect your core assets Important to identify the high-value assets of your company and then strengthen their security as Software amp Platforms companies today do not protect on average a quarter of their organization with their cybersecurity program Make sure to prepare for the worst and test those scenarios

Pressure test your resilience use coached incident simulation As the red team blue team modelmdashwhere a red team is tasked with infiltrating your security system and a blue team is tasked with detecting itmdashhas its limitations we advise using a coached incident simulation often referred to as purple teaming which also uses threat intelligence and advanced adversary simulation techniques as well as coaching

Employ breakthrough technologies automate defenses Use AI big data analytics and machine learning to enable security teams to react and respond in nano- or milliseconds not minutes hours or days Furthermore implement multi-factor authentication user behavior monitoring AI-driven access provisioning and deprovisioning

Use intelligence and data to be proactive hunt threats Use a data-driven approach and advanced threat intelligence to better anticipate potential attacks and develop a more proactive security posture for your business

Evolve the role of the CISO The next-generation CISO should be business adept and tech-savvy someone who is equally at home in the boardroom as in the security operations center

01

02

03

04

05

15

ABOUT ACCENTUREAccenture is a leading global professional services company providing a broad range of services and solutions in strategy consulting digital technology and operations Combining unmatched experience and specialized skills across more than 40 industries and all business functions ndash underpinned by the worldrsquos largest delivery network ndash Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders With 459000 people serving clients in more than 120 countries Accenture drives innovation to improve the way the world works and lives Visit us at wwwaccenturecom

Copyright copy 2018 Accenture All rights reserved

Accenture and its logo are trademarks of Accenture

For more information contact Kevin Collins kevinjcollinsaccenturecom

Paul Johnson pauldjohnsonaccenturecom

9

New technologies are important for the future

The evolution of digital technologies is a double-edged sword It has been essential to organizationsrsquo success globally while increasing the risk of cyber threat 89 percent of Software amp Platforms respondents agree that the adoption of new innovative business models ecosystems liquid workforces etc can increase the attack surface and make organizations more vulnerable to the threat of cyber attacks (see Figure 10)

At the same time the digital technologies that created market disruption and spawned the next wave of successful cyber attacks are also proving to be part of the solution to tackling cybersecurity Our research shows that 90 percent of Software amp Platforms respondents believe that breakthrough technologies such as artificial intelligence (AI) machine or deep learning user behavior analytics and blockchain are essential to securing the future of their organizations (see Figure 11)

FIGURE 10 As companies adopt new innovative business models ecosystems liquid workforce etc the risk and security attack surface area increases exponentially

FIGURE 11 New technologies as AI machine deep learning user behavior analytics blockchain etc are essential to securing the future of the organization

Disagree AgreeStrongly agree

2018 Global 2018 SampP

82

18

89

11

Disagree AgreeStrongly agree

2018 Global 2018 SampP

82

18

89

11

Disagree AgreeStrongly agree

2018 Global 2018 SampP

83

17

90

10

Disagree AgreeStrongly agree

2018 Global 2018 SampP

83

17

90

10

10

FIGURE 12 Only 32 of Software amp Platforms respondents invest in Machine learning and AI today

Indeed it is breakthrough technologies that will drive the next round of cyber resiliencemdashalthough only one in three (or around 32 percent) of Software amp Platforms business leaders are already investing in areas like machine learningAI and automation as most of them instead invest in IoT security security intelligence platforms and blockchain (see Figure 12)

In which of the following newemerging technologies are you investing to evolve your security programm (multiple responses)

61

54

49

48

37

37

32

55

54

48

45

45

44

43

IoT security

Security intelligence platforms

Threat hunting

Continuous control monitoringand reporting

Managed security services

Machine learningAI

38

37

41

40

Password-less authentication

Robotic process automation (RPA)

Blockchain

Global 2018 SampP

In which of the following newemerging technologies are you investing to evolve your security program (Multiple responses)

11

Both internal and external focus needed

In terms of delivering the next wave of improvements it is easy to focus exclusively on counteracting external attacks but organizations should not neglect the enemy within When looking at the incidents security teams fail to prevent the top two attacks with the greatest impact are external attacks such as hackers and internal attacks such as malicious insiders (see Figure 13) Furthermore these two types of attacks are also the most frequent ones according to respondents This serves as a timely reminder for organizations to protect themselves from the inside out against the equally damaging threats of internal and external attacks

FIGURE 13 External attacks such as hackers and internal attacks such as malicious insiders are both the most frequent attacks and those with the greatest impact

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Most damaging breaches ranked by frequency amp impact

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Among the successful breaches please indicate which of the following causes had the greatest impact

12

FIGURE 15 41 of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their partners as to their own business

FIGURE 14 On average one-quarter of a Software amp Platforms company is not protected by a cybersecurity program

On average Software amp Platforms respondents said a cybersecurity program does not protect one-quarter (27 percent) of their organization (see Figure 14) including corporate IT and the systems in the corporate office Protection of third parties ranked lowest of all at only 36 percent

Cybersecurity performance should also extend beyond the organizationsrsquo own four walls but for many organizations they are only as good as their weakest link Subsidiary and third-party risk is top of mind especially when 41 percent of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their extended ecosystem of partners as they apply to their own business (see Figure 15)

Consequently Software amp Platforms companies must do more to put the basics of cybersecurity in place to protect their most valuable assetsmdashfrom the inside outmdashacross their entire industry value chain

Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards

Not protected Protected

2018 Global 2018 SampP

67

33

73

27

Not protected Protected

2018 Global 2018 SampP

67

33

73

27

Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards

We do not review cybersecurity standards of partners

We review cybersecurity standards of partners but do not impose any standards or requirements

We hold partners to a min standards for cybersecurity that is below our business standards and audit regularly

We hold partners to the same cybersecurity standards as our business and audit regularly

We hold partners to higher cybersecurity standards than our business

2018 Global 2018 SampP

46

16

14

18

6

37

21

15

22

5

13

FIGURE 16 Share of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE

2 of FTEs work with security at Software amp Platforms companies

Organizations rely on their internal security workforce but also supplement it with contractors and outsourced staff Software amp Platforms companies have less of their total headcount around 2 percent work with security compared to the global average of almost 3 percent At the same time Software amp Platforms companies have more employees working with ldquoSecurity Strategy and Leadershiprdquo PMO and ldquoSecurity Architecture and Engineeringrdquo On the other hand Software amp Platforms companies have fewer contractors and consultants as well as fewer outsourced FTEs than the global average (see Figure 16)

Percentage of various Internal Security FTE ContractorsConsultants and Outsoursed FTE as a percentage of Total FTE

2

073

059

088

06

075

286

073

071

07

067

066

Security FTE

Security operations

Security strategy andleadership PMO

Security architectureand engineering

Risk and compliance

033

02

057

032

Contractorsconsultants

Outsourced

Digital identity

Global 2018 SampP

Percentage of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE

14

FIGURE 17 Software amp Platforms respondents feel least confident about their organizationrsquos effectiveness when it comes to Third Party amp Compliance while they are generally confident about their cybersecurity capabilities and effectiveness

Confidence is high amongst Software amp Platforms respondents on all capabilities we asked them about For example 86 percent feel confident about their companyrsquos ability to monitor breaches 87 percent feel confident about identifying the cause of a breach and 84 percent feel confident about restoring normal activity after a breach (see Figure 17)

Although confidence is also generally high amongst respondents in their organizationrsquos cybersecurity effectiveness only 76 percent feel confident in their Third Party amp Compliance-related effectiveness (see Figure 17)

Software amp Platforms companies rate themselves the least effective in Third Party amp Compliance

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

How confident are you in the effectiveness of each of the following for your organization

15

Five steps to cyber resilienceBuild on a strong foundation harden and protect your core assets Important to identify the high-value assets of your company and then strengthen their security as Software amp Platforms companies today do not protect on average a quarter of their organization with their cybersecurity program Make sure to prepare for the worst and test those scenarios

Pressure test your resilience use coached incident simulation As the red team blue team modelmdashwhere a red team is tasked with infiltrating your security system and a blue team is tasked with detecting itmdashhas its limitations we advise using a coached incident simulation often referred to as purple teaming which also uses threat intelligence and advanced adversary simulation techniques as well as coaching

Employ breakthrough technologies automate defenses Use AI big data analytics and machine learning to enable security teams to react and respond in nano- or milliseconds not minutes hours or days Furthermore implement multi-factor authentication user behavior monitoring AI-driven access provisioning and deprovisioning

Use intelligence and data to be proactive hunt threats Use a data-driven approach and advanced threat intelligence to better anticipate potential attacks and develop a more proactive security posture for your business

Evolve the role of the CISO The next-generation CISO should be business adept and tech-savvy someone who is equally at home in the boardroom as in the security operations center

01

02

03

04

05

15

ABOUT ACCENTUREAccenture is a leading global professional services company providing a broad range of services and solutions in strategy consulting digital technology and operations Combining unmatched experience and specialized skills across more than 40 industries and all business functions ndash underpinned by the worldrsquos largest delivery network ndash Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders With 459000 people serving clients in more than 120 countries Accenture drives innovation to improve the way the world works and lives Visit us at wwwaccenturecom

Copyright copy 2018 Accenture All rights reserved

Accenture and its logo are trademarks of Accenture

For more information contact Kevin Collins kevinjcollinsaccenturecom

Paul Johnson pauldjohnsonaccenturecom

10

FIGURE 12 Only 32 of Software amp Platforms respondents invest in Machine learning and AI today

Indeed it is breakthrough technologies that will drive the next round of cyber resiliencemdashalthough only one in three (or around 32 percent) of Software amp Platforms business leaders are already investing in areas like machine learningAI and automation as most of them instead invest in IoT security security intelligence platforms and blockchain (see Figure 12)

In which of the following newemerging technologies are you investing to evolve your security programm (multiple responses)

61

54

49

48

37

37

32

55

54

48

45

45

44

43

IoT security

Security intelligence platforms

Threat hunting

Continuous control monitoringand reporting

Managed security services

Machine learningAI

38

37

41

40

Password-less authentication

Robotic process automation (RPA)

Blockchain

Global 2018 SampP

In which of the following newemerging technologies are you investing to evolve your security program (Multiple responses)

11

Both internal and external focus needed

In terms of delivering the next wave of improvements it is easy to focus exclusively on counteracting external attacks but organizations should not neglect the enemy within When looking at the incidents security teams fail to prevent the top two attacks with the greatest impact are external attacks such as hackers and internal attacks such as malicious insiders (see Figure 13) Furthermore these two types of attacks are also the most frequent ones according to respondents This serves as a timely reminder for organizations to protect themselves from the inside out against the equally damaging threats of internal and external attacks

FIGURE 13 External attacks such as hackers and internal attacks such as malicious insiders are both the most frequent attacks and those with the greatest impact

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Most damaging breaches ranked by frequency amp impact

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Among the successful breaches please indicate which of the following causes had the greatest impact

12

FIGURE 15 41 of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their partners as to their own business

FIGURE 14 On average one-quarter of a Software amp Platforms company is not protected by a cybersecurity program

On average Software amp Platforms respondents said a cybersecurity program does not protect one-quarter (27 percent) of their organization (see Figure 14) including corporate IT and the systems in the corporate office Protection of third parties ranked lowest of all at only 36 percent

Cybersecurity performance should also extend beyond the organizationsrsquo own four walls but for many organizations they are only as good as their weakest link Subsidiary and third-party risk is top of mind especially when 41 percent of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their extended ecosystem of partners as they apply to their own business (see Figure 15)

Consequently Software amp Platforms companies must do more to put the basics of cybersecurity in place to protect their most valuable assetsmdashfrom the inside outmdashacross their entire industry value chain

Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards

Not protected Protected

2018 Global 2018 SampP

67

33

73

27

Not protected Protected

2018 Global 2018 SampP

67

33

73

27

Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards

We do not review cybersecurity standards of partners

We review cybersecurity standards of partners but do not impose any standards or requirements

We hold partners to a min standards for cybersecurity that is below our business standards and audit regularly

We hold partners to the same cybersecurity standards as our business and audit regularly

We hold partners to higher cybersecurity standards than our business

2018 Global 2018 SampP

46

16

14

18

6

37

21

15

22

5

13

FIGURE 16 Share of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE

2 of FTEs work with security at Software amp Platforms companies

Organizations rely on their internal security workforce but also supplement it with contractors and outsourced staff Software amp Platforms companies have less of their total headcount around 2 percent work with security compared to the global average of almost 3 percent At the same time Software amp Platforms companies have more employees working with ldquoSecurity Strategy and Leadershiprdquo PMO and ldquoSecurity Architecture and Engineeringrdquo On the other hand Software amp Platforms companies have fewer contractors and consultants as well as fewer outsourced FTEs than the global average (see Figure 16)

Percentage of various Internal Security FTE ContractorsConsultants and Outsoursed FTE as a percentage of Total FTE

2

073

059

088

06

075

286

073

071

07

067

066

Security FTE

Security operations

Security strategy andleadership PMO

Security architectureand engineering

Risk and compliance

033

02

057

032

Contractorsconsultants

Outsourced

Digital identity

Global 2018 SampP

Percentage of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE

14

FIGURE 17 Software amp Platforms respondents feel least confident about their organizationrsquos effectiveness when it comes to Third Party amp Compliance while they are generally confident about their cybersecurity capabilities and effectiveness

Confidence is high amongst Software amp Platforms respondents on all capabilities we asked them about For example 86 percent feel confident about their companyrsquos ability to monitor breaches 87 percent feel confident about identifying the cause of a breach and 84 percent feel confident about restoring normal activity after a breach (see Figure 17)

Although confidence is also generally high amongst respondents in their organizationrsquos cybersecurity effectiveness only 76 percent feel confident in their Third Party amp Compliance-related effectiveness (see Figure 17)

Software amp Platforms companies rate themselves the least effective in Third Party amp Compliance

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

How confident are you in the effectiveness of each of the following for your organization

15

Five steps to cyber resilienceBuild on a strong foundation harden and protect your core assets Important to identify the high-value assets of your company and then strengthen their security as Software amp Platforms companies today do not protect on average a quarter of their organization with their cybersecurity program Make sure to prepare for the worst and test those scenarios

Pressure test your resilience use coached incident simulation As the red team blue team modelmdashwhere a red team is tasked with infiltrating your security system and a blue team is tasked with detecting itmdashhas its limitations we advise using a coached incident simulation often referred to as purple teaming which also uses threat intelligence and advanced adversary simulation techniques as well as coaching

Employ breakthrough technologies automate defenses Use AI big data analytics and machine learning to enable security teams to react and respond in nano- or milliseconds not minutes hours or days Furthermore implement multi-factor authentication user behavior monitoring AI-driven access provisioning and deprovisioning

Use intelligence and data to be proactive hunt threats Use a data-driven approach and advanced threat intelligence to better anticipate potential attacks and develop a more proactive security posture for your business

Evolve the role of the CISO The next-generation CISO should be business adept and tech-savvy someone who is equally at home in the boardroom as in the security operations center

01

02

03

04

05

15

ABOUT ACCENTUREAccenture is a leading global professional services company providing a broad range of services and solutions in strategy consulting digital technology and operations Combining unmatched experience and specialized skills across more than 40 industries and all business functions ndash underpinned by the worldrsquos largest delivery network ndash Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders With 459000 people serving clients in more than 120 countries Accenture drives innovation to improve the way the world works and lives Visit us at wwwaccenturecom

Copyright copy 2018 Accenture All rights reserved

Accenture and its logo are trademarks of Accenture

For more information contact Kevin Collins kevinjcollinsaccenturecom

Paul Johnson pauldjohnsonaccenturecom

11

Both internal and external focus needed

In terms of delivering the next wave of improvements it is easy to focus exclusively on counteracting external attacks but organizations should not neglect the enemy within When looking at the incidents security teams fail to prevent the top two attacks with the greatest impact are external attacks such as hackers and internal attacks such as malicious insiders (see Figure 13) Furthermore these two types of attacks are also the most frequent ones according to respondents This serves as a timely reminder for organizations to protect themselves from the inside out against the equally damaging threats of internal and external attacks

FIGURE 13 External attacks such as hackers and internal attacks such as malicious insiders are both the most frequent attacks and those with the greatest impact

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Most damaging breaches rankedby frequency amp impact

70

56

44

43

39

26

24

69

59

37

45

43

27

21

Internal attack (eg

0

malicious insiders)

Hacker attack

Configuration errorthat affected securityLegacy infrastructurethat is challenging to

secure

Loststolen media

Loststolen computer

Among the successful breaches please indicate which of the following causes had the greatest impact

61

58

53

45

36

25

21

61

66

49

46

39

21

18

Internal attack (egmalicious insiders)

Hacker attack

Accidentally published information

Accidentally published information

Legacy infrastructurethat is challenging to

secureConfiguration error

that affected security

Loststolen media

Loststolen computer

Global

External Attacks

Configuration ErrorLegacy Infrastructure

Loststolen MediaLoststolen Computer

AccidentallyPublished Information

Internal Attacks

Software amp Platforms

5

5 10 15 20 25 30 35 40

10

15

20

25

30

35

40

Greatest Impact

Most Frequent

Most damaging breaches ranked by frequency amp impact

Among the types of breaches your organization has experienced please rank them from most to least frequent (Ranked top 3)

Among the successful breaches please indicate which of the following causes had the greatest impact

12

FIGURE 15 41 of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their partners as to their own business

FIGURE 14 On average one-quarter of a Software amp Platforms company is not protected by a cybersecurity program

On average Software amp Platforms respondents said a cybersecurity program does not protect one-quarter (27 percent) of their organization (see Figure 14) including corporate IT and the systems in the corporate office Protection of third parties ranked lowest of all at only 36 percent

Cybersecurity performance should also extend beyond the organizationsrsquo own four walls but for many organizations they are only as good as their weakest link Subsidiary and third-party risk is top of mind especially when 41 percent of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their extended ecosystem of partners as they apply to their own business (see Figure 15)

Consequently Software amp Platforms companies must do more to put the basics of cybersecurity in place to protect their most valuable assetsmdashfrom the inside outmdashacross their entire industry value chain

Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards

Not protected Protected

2018 Global 2018 SampP

67

33

73

27

Not protected Protected

2018 Global 2018 SampP

67

33

73

27

Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards

We do not review cybersecurity standards of partners

We review cybersecurity standards of partners but do not impose any standards or requirements

We hold partners to a min standards for cybersecurity that is below our business standards and audit regularly

We hold partners to the same cybersecurity standards as our business and audit regularly

We hold partners to higher cybersecurity standards than our business

2018 Global 2018 SampP

46

16

14

18

6

37

21

15

22

5

13

FIGURE 16 Share of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE

2 of FTEs work with security at Software amp Platforms companies

Organizations rely on their internal security workforce but also supplement it with contractors and outsourced staff Software amp Platforms companies have less of their total headcount around 2 percent work with security compared to the global average of almost 3 percent At the same time Software amp Platforms companies have more employees working with ldquoSecurity Strategy and Leadershiprdquo PMO and ldquoSecurity Architecture and Engineeringrdquo On the other hand Software amp Platforms companies have fewer contractors and consultants as well as fewer outsourced FTEs than the global average (see Figure 16)

Percentage of various Internal Security FTE ContractorsConsultants and Outsoursed FTE as a percentage of Total FTE

2

073

059

088

06

075

286

073

071

07

067

066

Security FTE

Security operations

Security strategy andleadership PMO

Security architectureand engineering

Risk and compliance

033

02

057

032

Contractorsconsultants

Outsourced

Digital identity

Global 2018 SampP

Percentage of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE

14

FIGURE 17 Software amp Platforms respondents feel least confident about their organizationrsquos effectiveness when it comes to Third Party amp Compliance while they are generally confident about their cybersecurity capabilities and effectiveness

Confidence is high amongst Software amp Platforms respondents on all capabilities we asked them about For example 86 percent feel confident about their companyrsquos ability to monitor breaches 87 percent feel confident about identifying the cause of a breach and 84 percent feel confident about restoring normal activity after a breach (see Figure 17)

Although confidence is also generally high amongst respondents in their organizationrsquos cybersecurity effectiveness only 76 percent feel confident in their Third Party amp Compliance-related effectiveness (see Figure 17)

Software amp Platforms companies rate themselves the least effective in Third Party amp Compliance

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

How confident are you in the effectiveness of each of the following for your organization

15

Five steps to cyber resilienceBuild on a strong foundation harden and protect your core assets Important to identify the high-value assets of your company and then strengthen their security as Software amp Platforms companies today do not protect on average a quarter of their organization with their cybersecurity program Make sure to prepare for the worst and test those scenarios

Pressure test your resilience use coached incident simulation As the red team blue team modelmdashwhere a red team is tasked with infiltrating your security system and a blue team is tasked with detecting itmdashhas its limitations we advise using a coached incident simulation often referred to as purple teaming which also uses threat intelligence and advanced adversary simulation techniques as well as coaching

Employ breakthrough technologies automate defenses Use AI big data analytics and machine learning to enable security teams to react and respond in nano- or milliseconds not minutes hours or days Furthermore implement multi-factor authentication user behavior monitoring AI-driven access provisioning and deprovisioning

Use intelligence and data to be proactive hunt threats Use a data-driven approach and advanced threat intelligence to better anticipate potential attacks and develop a more proactive security posture for your business

Evolve the role of the CISO The next-generation CISO should be business adept and tech-savvy someone who is equally at home in the boardroom as in the security operations center

01

02

03

04

05

15

ABOUT ACCENTUREAccenture is a leading global professional services company providing a broad range of services and solutions in strategy consulting digital technology and operations Combining unmatched experience and specialized skills across more than 40 industries and all business functions ndash underpinned by the worldrsquos largest delivery network ndash Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders With 459000 people serving clients in more than 120 countries Accenture drives innovation to improve the way the world works and lives Visit us at wwwaccenturecom

Copyright copy 2018 Accenture All rights reserved

Accenture and its logo are trademarks of Accenture

For more information contact Kevin Collins kevinjcollinsaccenturecom

Paul Johnson pauldjohnsonaccenturecom

12

FIGURE 15 41 of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their partners as to their own business

FIGURE 14 On average one-quarter of a Software amp Platforms company is not protected by a cybersecurity program

On average Software amp Platforms respondents said a cybersecurity program does not protect one-quarter (27 percent) of their organization (see Figure 14) including corporate IT and the systems in the corporate office Protection of third parties ranked lowest of all at only 36 percent

Cybersecurity performance should also extend beyond the organizationsrsquo own four walls but for many organizations they are only as good as their weakest link Subsidiary and third-party risk is top of mind especially when 41 percent of Software amp Platforms companies do not apply the same or higher cybersecurity standards to their extended ecosystem of partners as they apply to their own business (see Figure 15)

Consequently Software amp Platforms companies must do more to put the basics of cybersecurity in place to protect their most valuable assetsmdashfrom the inside outmdashacross their entire industry value chain

Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards

Not protected Protected

2018 Global 2018 SampP

67

33

73

27

Not protected Protected

2018 Global 2018 SampP

67

33

73

27

Which of the following best represents the degree to which you hold your ecosystem partnersstrategic partners to cybersecurity standards

We do not review cybersecurity standards of partners

We review cybersecurity standards of partners but do not impose any standards or requirements

We hold partners to a min standards for cybersecurity that is below our business standards and audit regularly

We hold partners to the same cybersecurity standards as our business and audit regularly

We hold partners to higher cybersecurity standards than our business

2018 Global 2018 SampP

46

16

14

18

6

37

21

15

22

5

13

FIGURE 16 Share of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE

2 of FTEs work with security at Software amp Platforms companies

Organizations rely on their internal security workforce but also supplement it with contractors and outsourced staff Software amp Platforms companies have less of their total headcount around 2 percent work with security compared to the global average of almost 3 percent At the same time Software amp Platforms companies have more employees working with ldquoSecurity Strategy and Leadershiprdquo PMO and ldquoSecurity Architecture and Engineeringrdquo On the other hand Software amp Platforms companies have fewer contractors and consultants as well as fewer outsourced FTEs than the global average (see Figure 16)

Percentage of various Internal Security FTE ContractorsConsultants and Outsoursed FTE as a percentage of Total FTE

2

073

059

088

06

075

286

073

071

07

067

066

Security FTE

Security operations

Security strategy andleadership PMO

Security architectureand engineering

Risk and compliance

033

02

057

032

Contractorsconsultants

Outsourced

Digital identity

Global 2018 SampP

Percentage of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE

14

FIGURE 17 Software amp Platforms respondents feel least confident about their organizationrsquos effectiveness when it comes to Third Party amp Compliance while they are generally confident about their cybersecurity capabilities and effectiveness

Confidence is high amongst Software amp Platforms respondents on all capabilities we asked them about For example 86 percent feel confident about their companyrsquos ability to monitor breaches 87 percent feel confident about identifying the cause of a breach and 84 percent feel confident about restoring normal activity after a breach (see Figure 17)

Although confidence is also generally high amongst respondents in their organizationrsquos cybersecurity effectiveness only 76 percent feel confident in their Third Party amp Compliance-related effectiveness (see Figure 17)

Software amp Platforms companies rate themselves the least effective in Third Party amp Compliance

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

How confident are you in the effectiveness of each of the following for your organization

15

Five steps to cyber resilienceBuild on a strong foundation harden and protect your core assets Important to identify the high-value assets of your company and then strengthen their security as Software amp Platforms companies today do not protect on average a quarter of their organization with their cybersecurity program Make sure to prepare for the worst and test those scenarios

Pressure test your resilience use coached incident simulation As the red team blue team modelmdashwhere a red team is tasked with infiltrating your security system and a blue team is tasked with detecting itmdashhas its limitations we advise using a coached incident simulation often referred to as purple teaming which also uses threat intelligence and advanced adversary simulation techniques as well as coaching

Employ breakthrough technologies automate defenses Use AI big data analytics and machine learning to enable security teams to react and respond in nano- or milliseconds not minutes hours or days Furthermore implement multi-factor authentication user behavior monitoring AI-driven access provisioning and deprovisioning

Use intelligence and data to be proactive hunt threats Use a data-driven approach and advanced threat intelligence to better anticipate potential attacks and develop a more proactive security posture for your business

Evolve the role of the CISO The next-generation CISO should be business adept and tech-savvy someone who is equally at home in the boardroom as in the security operations center

01

02

03

04

05

15

ABOUT ACCENTUREAccenture is a leading global professional services company providing a broad range of services and solutions in strategy consulting digital technology and operations Combining unmatched experience and specialized skills across more than 40 industries and all business functions ndash underpinned by the worldrsquos largest delivery network ndash Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders With 459000 people serving clients in more than 120 countries Accenture drives innovation to improve the way the world works and lives Visit us at wwwaccenturecom

Copyright copy 2018 Accenture All rights reserved

Accenture and its logo are trademarks of Accenture

For more information contact Kevin Collins kevinjcollinsaccenturecom

Paul Johnson pauldjohnsonaccenturecom

13

FIGURE 16 Share of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE

2 of FTEs work with security at Software amp Platforms companies

Organizations rely on their internal security workforce but also supplement it with contractors and outsourced staff Software amp Platforms companies have less of their total headcount around 2 percent work with security compared to the global average of almost 3 percent At the same time Software amp Platforms companies have more employees working with ldquoSecurity Strategy and Leadershiprdquo PMO and ldquoSecurity Architecture and Engineeringrdquo On the other hand Software amp Platforms companies have fewer contractors and consultants as well as fewer outsourced FTEs than the global average (see Figure 16)

Percentage of various Internal Security FTE ContractorsConsultants and Outsoursed FTE as a percentage of Total FTE

2

073

059

088

06

075

286

073

071

07

067

066

Security FTE

Security operations

Security strategy andleadership PMO

Security architectureand engineering

Risk and compliance

033

02

057

032

Contractorsconsultants

Outsourced

Digital identity

Global 2018 SampP

Percentage of various internal security FTE contractorsconsultants and outsourced FTE as a percentage of total FTE

14

FIGURE 17 Software amp Platforms respondents feel least confident about their organizationrsquos effectiveness when it comes to Third Party amp Compliance while they are generally confident about their cybersecurity capabilities and effectiveness

Confidence is high amongst Software amp Platforms respondents on all capabilities we asked them about For example 86 percent feel confident about their companyrsquos ability to monitor breaches 87 percent feel confident about identifying the cause of a breach and 84 percent feel confident about restoring normal activity after a breach (see Figure 17)

Although confidence is also generally high amongst respondents in their organizationrsquos cybersecurity effectiveness only 76 percent feel confident in their Third Party amp Compliance-related effectiveness (see Figure 17)

Software amp Platforms companies rate themselves the least effective in Third Party amp Compliance

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

How confident are you in the effectiveness of each of the following for your organization

15

Five steps to cyber resilienceBuild on a strong foundation harden and protect your core assets Important to identify the high-value assets of your company and then strengthen their security as Software amp Platforms companies today do not protect on average a quarter of their organization with their cybersecurity program Make sure to prepare for the worst and test those scenarios

Pressure test your resilience use coached incident simulation As the red team blue team modelmdashwhere a red team is tasked with infiltrating your security system and a blue team is tasked with detecting itmdashhas its limitations we advise using a coached incident simulation often referred to as purple teaming which also uses threat intelligence and advanced adversary simulation techniques as well as coaching

Employ breakthrough technologies automate defenses Use AI big data analytics and machine learning to enable security teams to react and respond in nano- or milliseconds not minutes hours or days Furthermore implement multi-factor authentication user behavior monitoring AI-driven access provisioning and deprovisioning

Use intelligence and data to be proactive hunt threats Use a data-driven approach and advanced threat intelligence to better anticipate potential attacks and develop a more proactive security posture for your business

Evolve the role of the CISO The next-generation CISO should be business adept and tech-savvy someone who is equally at home in the boardroom as in the security operations center

01

02

03

04

05

15

ABOUT ACCENTUREAccenture is a leading global professional services company providing a broad range of services and solutions in strategy consulting digital technology and operations Combining unmatched experience and specialized skills across more than 40 industries and all business functions ndash underpinned by the worldrsquos largest delivery network ndash Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders With 459000 people serving clients in more than 120 countries Accenture drives innovation to improve the way the world works and lives Visit us at wwwaccenturecom

Copyright copy 2018 Accenture All rights reserved

Accenture and its logo are trademarks of Accenture

For more information contact Kevin Collins kevinjcollinsaccenturecom

Paul Johnson pauldjohnsonaccenturecom

14

FIGURE 17 Software amp Platforms respondents feel least confident about their organizationrsquos effectiveness when it comes to Third Party amp Compliance while they are generally confident about their cybersecurity capabilities and effectiveness

Confidence is high amongst Software amp Platforms respondents on all capabilities we asked them about For example 86 percent feel confident about their companyrsquos ability to monitor breaches 87 percent feel confident about identifying the cause of a breach and 84 percent feel confident about restoring normal activity after a breach (see Figure 17)

Although confidence is also generally high amongst respondents in their organizationrsquos cybersecurity effectiveness only 76 percent feel confident in their Third Party amp Compliance-related effectiveness (see Figure 17)

Software amp Platforms companies rate themselves the least effective in Third Party amp Compliance

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

42404343

42414839

4241

4840

4546

4241

42424241

4140

4042

4245

3945

Monitor for breaches

Identify the cause of a breach

Measure the impact of a breach

Restore normal activityafter a breach

Know the frequencyof breaches

Manage financial risk due to a cybersecurity event

Minimize disruption froma cybersecurity event

Manage reputational risk dueto a cybersecurity event

Global | Confident Global | Extremely Confident

SampP | Confident SampP | Extremely Confident

39413748

How confident are you in the effectiveness of each of the following for your organization

45404545

43424643

4242

4640

4148

4243

48383943

4242

4041

4840

4145

Password Mgmt

Infrastructure security

Application Mgmt

Patch Mgmt

User Account Mgmt

Physical security

Configurationamp Change Mgmt

Training amp awareness

Third Party amp Compliance

Asset Mgmt

Global 2018 SampP

40434344

39433847

35413244

How confident are you that your organization can do the following

How confident are you in the effectiveness of each of the following for your organization

15

Five steps to cyber resilienceBuild on a strong foundation harden and protect your core assets Important to identify the high-value assets of your company and then strengthen their security as Software amp Platforms companies today do not protect on average a quarter of their organization with their cybersecurity program Make sure to prepare for the worst and test those scenarios

Pressure test your resilience use coached incident simulation As the red team blue team modelmdashwhere a red team is tasked with infiltrating your security system and a blue team is tasked with detecting itmdashhas its limitations we advise using a coached incident simulation often referred to as purple teaming which also uses threat intelligence and advanced adversary simulation techniques as well as coaching

Employ breakthrough technologies automate defenses Use AI big data analytics and machine learning to enable security teams to react and respond in nano- or milliseconds not minutes hours or days Furthermore implement multi-factor authentication user behavior monitoring AI-driven access provisioning and deprovisioning

Use intelligence and data to be proactive hunt threats Use a data-driven approach and advanced threat intelligence to better anticipate potential attacks and develop a more proactive security posture for your business

Evolve the role of the CISO The next-generation CISO should be business adept and tech-savvy someone who is equally at home in the boardroom as in the security operations center

01

02

03

04

05

15

ABOUT ACCENTUREAccenture is a leading global professional services company providing a broad range of services and solutions in strategy consulting digital technology and operations Combining unmatched experience and specialized skills across more than 40 industries and all business functions ndash underpinned by the worldrsquos largest delivery network ndash Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders With 459000 people serving clients in more than 120 countries Accenture drives innovation to improve the way the world works and lives Visit us at wwwaccenturecom

Copyright copy 2018 Accenture All rights reserved

Accenture and its logo are trademarks of Accenture

For more information contact Kevin Collins kevinjcollinsaccenturecom

Paul Johnson pauldjohnsonaccenturecom

15

Five steps to cyber resilienceBuild on a strong foundation harden and protect your core assets Important to identify the high-value assets of your company and then strengthen their security as Software amp Platforms companies today do not protect on average a quarter of their organization with their cybersecurity program Make sure to prepare for the worst and test those scenarios

Pressure test your resilience use coached incident simulation As the red team blue team modelmdashwhere a red team is tasked with infiltrating your security system and a blue team is tasked with detecting itmdashhas its limitations we advise using a coached incident simulation often referred to as purple teaming which also uses threat intelligence and advanced adversary simulation techniques as well as coaching

Employ breakthrough technologies automate defenses Use AI big data analytics and machine learning to enable security teams to react and respond in nano- or milliseconds not minutes hours or days Furthermore implement multi-factor authentication user behavior monitoring AI-driven access provisioning and deprovisioning

Use intelligence and data to be proactive hunt threats Use a data-driven approach and advanced threat intelligence to better anticipate potential attacks and develop a more proactive security posture for your business

Evolve the role of the CISO The next-generation CISO should be business adept and tech-savvy someone who is equally at home in the boardroom as in the security operations center

01

02

03

04

05

15

ABOUT ACCENTUREAccenture is a leading global professional services company providing a broad range of services and solutions in strategy consulting digital technology and operations Combining unmatched experience and specialized skills across more than 40 industries and all business functions ndash underpinned by the worldrsquos largest delivery network ndash Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders With 459000 people serving clients in more than 120 countries Accenture drives innovation to improve the way the world works and lives Visit us at wwwaccenturecom

Copyright copy 2018 Accenture All rights reserved

Accenture and its logo are trademarks of Accenture

For more information contact Kevin Collins kevinjcollinsaccenturecom

Paul Johnson pauldjohnsonaccenturecom

ABOUT ACCENTUREAccenture is a leading global professional services company providing a broad range of services and solutions in strategy consulting digital technology and operations Combining unmatched experience and specialized skills across more than 40 industries and all business functions ndash underpinned by the worldrsquos largest delivery network ndash Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders With 459000 people serving clients in more than 120 countries Accenture drives innovation to improve the way the world works and lives Visit us at wwwaccenturecom

Copyright copy 2018 Accenture All rights reserved

Accenture and its logo are trademarks of Accenture

For more information contact Kevin Collins kevinjcollinsaccenturecom

Paul Johnson pauldjohnsonaccenturecom