Organisations that closely align their cybersecurity programs to business objectives are 18% more likely to achieve target revenue growth and market share and improve customer satisfaction, as well as 26% more likely to lower the cost of cybersecurity breaches/incidents, on average, according to new research from Accenture (NYSE: ACN).
Accenture’s “State of Cybersecurity Resilience 2023” report is based on a survey of 3,000 security and business executives from large organisations across Europe, North America, South America and Asia-Pacific. The report identifies a group of companies that are leading the way in their cybersecurity efforts. These companies — which Accenture calls “cyber transformers” and account for 30% of respondents — strike a balance between excelling at cyber resilience and aligning with the business strategy to achieve better business outcomes.
“The accelerated adoption of digital technologies like generative AI — combined with complex regulations, geopolitical tensions and economic uncertainties — is testing organisations’ approach to managing cyber risk,” said Jacqui Kernot, Security Lead ANZ at Accenture. “In this rapidly changing environment, businesses leaders need to embed cybersecurity into the fabric of their digital core transformation efforts to become business resilient. This is one of the key differentiating traits of cyber transformers, who demonstrate that they are better equipped to drive successful business outcomes.”
Four characteristics set cyber transformers apart from other companies. They:
-
Excel at integrating cybersecurity and risk management. Cyber transformers integrate a cyber risk-based framework into their enterprise risk management program; have their cybersecurity operations and executive leadership agree on the priority of assets and operations to be protected; and consider cybersecurity risk to a great extent when evaluating overall enterprise risk (65% vs. 11%).
-
Leverage cybersecurity-as-a-service to enhance security operations. Cyber transformers are more likely than others to use managed services providers to administer cybersecurity operations (40% vs. 24%).
-
Are more committed to protecting their ecosystem. Cyber transformers are more likely than others to take such actions as incorporating their ecosystem or supply chain partners into their incident response plan (45% vs. 37%) and to require them to meet strict cybersecurity standards (41% vs. 29%).
-
Rely heavily on automation. Cyber transformers are far more likely than others to rely heavily on automation for their cybersecurity programs (89% vs. 57%). In addition, 96% of all respondents whose organisations substantially automate their cybersecurity said that automation helps them alleviate cyber talent shortages — a key challenge for any company seeking cyber resilience.
“While organisations are taking steps to better align cybersecurity programs with business goals, there is still plenty of room for improvement, with more than 60% of respondents still falling victim to successful breaches coming from outside their organisations,” said Jacqui. “Working more effectively across the C-suite and ensuring that security efforts have a positive business impact require a business-led CISO who acts as an educator and collaborator with non-security leaders.”
The report highlights that organisations that embed three key cybersecurity actions into their digital transformation efforts and apply strong cybersecurity practices across the organisation are nearly six times more likely to experience more effective digital transformations than those that don’t do both. The cybersecurity actions that organisations can take to increase the success and satisfaction of their digital transformations are:
-
Require cybersecurity controls before all new business services and products are deployed.
-
Apply cybersecurity incrementally as each digital transformation milestone is achieved.
-
Appoint a cybersecurity representative as part of the core transformation team who orchestrates cybersecurity across all transformation initiatives.