BUILDINGCONFIDENCE

MOST SURVEYED BANKS ARE CONFIDENT IF NOT OVERCONFIDENT IN THEIR ABILITY TO PROTECT THE ENTERPRISE. YET, 1 IN 3 FOCUSED BREACH ATTEMPTS SUCCEED.

DEFINE CYBERSECURITY EFFECTIVENESSImprove alignment of cybersecurity strategies with business imperatives and improve ability to detect and prohibit more advanced attacks.

BUSINESS ALIGNMENTOnly 34% of surveyed banks are able to identify high-value assets and business processes.

Understand scenarios that could materially a�ect the business, identify key drivers, decision points and barriers to strategy development.

PRESSURE-TEST SECURITY CAPABILITIESEngage “white-hat” external hackers for attack simulations to establish a realistic assessment of internal capabilities.

PROTECT FROM THE INSIDE OUT

Prioritize protection of the organization’s key assets and focus on the internal incursions with greatest potential impact.

...AND RELY TOO MUCH ON COMPLIANCECompliance frameworks and programs help define security foundations but don’t protect a company from breaches

KEEP INNOVATINGInvest in state-of-the-art programs to outmaneuver adversaries vs. investing more in existing programs.

MAKE SECURITY EVERYONE’S JOB99% of breaches not detected by banks' security teams, are found by employees. Prioritize training for all employees.

LEAD FROM THE TOPChief Information Security O�icers should materially engage with enterprise leadership and make the case that cybersecurity is a critical priority in protecting company value.

INVEST TO INNOVATE AND OUTMANEUVER

BUILD CONFIDENCEIN THE SECURITY ORGANIZATION

ABOUT ACCENTURE

Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions—underpinned by the world’s largest delivery network—Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With more than 394,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com.

REBOOT YOUR APPROACHDEAL EFFECTIVELY WITH THREATS

GOVERNANCE AND LEADERSHIP Only 40% of banks have a clear cybersecurity chain of command.

Focus on cybersecurity accountability, nurture a security-minded culture and create a clear-cut cybersecurity chain of command.

STRATEGIC THREAT CONTEXTOnly 41% of banks are competent in business-relevant threat monitoring.

Align the security program with the business strategy by analyzing competitive and geo-political risks, peer monitoring and other areas of cybersecurity threats.

CYBER RESILIENCEOnly 40% of banks have systems and processes that are properly designed in accordance with cyber resilience requirements.

Understand the threat landscape, design key asset protection approaches and use “design for resilience” techniques to limit a cyber attack’s impact.

CYBER RESPONSE READINESSOnly 44% of banks have proper cyber-incident escalation paths.

Develop a robust response plan, strong cyber incident communications, tested plans to protect and recover key assets and e�ective escalation paths.

THE EXTENDED ECOSYSTEMOnly 44% of banks are competent at dealing with third-party cybersecurity, only 37% are competent at cybersecurity regulatory compliance.

Be ready to cooperate during crisis management, develop third-party cybersecurity clauses and agreements and focus on regulatory compliance.

INVESTMENT EFFICIENCYOnly 40% of cybersecurity investments protect key assets.

Drive financial understanding of and compare cybersecurity investments against industry benchmarks, organizational business objectives and cybersecurity trends.

Accenture’s 2016 global survey on high performance security reveals several such contradictions.

Nearly 4 of 5banking respondents express confidence in their abilities to protect their organizations from cyber attacks

76%say they have completelyembedded cybersecurity intotheir cultures

MANY SURVEYED BANKS INVEST INEFFECTIVELY IN CYBERSECURITY...

43%-59%would spend extra budget on protecting company and customer information instead of hedging other risks

Only 28% would invest in mitigating financial losses

1 in 3targeted attacks result in a securitybreach. That's almost 3 e�ectiveattacks per month.

85targeted cyber attacks are facedby the average bank per year

Copyright © 2017 AccentureAll rights reserved.Accenture, its logo, andHigh Performance Delivered aretrademarks of Accenture.

1 2 3

4 5 6

Improve cybersecurity strategy alignment with business imperatives.2

Improve overall maturity of the security team and its skills in protecting the business from devastating losses.1

Continuously improve your ability to detect and prevent advanced attack scenarios. 3

171642

INVEST IN YOUR CYBERSECURITY CAPABILITY ACROSS 7 DOMAINS TO IMPROVE DEFENSES AND STRENGTHEN RESILIENCE.

SOLVING BANKING'S CYBERSECURITY CONUNDRUM

Accenture Finance and Risk

Follow us on LinkedIn

FOR MORE INFORMATION, VISIT:

www.accenture.com/BankingCyberSecurityReport

Only 13%would invest in cybersecurity training