While security has improved over the last few years, progress is not keeping pace with highly motivated attackers.
At a time of constantly mounting cyber threats, 73% of global organisations are vulnerable to cyber-attacks according to the Accenture Security Index.
The new analysis shows that businesses are unequipped and unprepared to protect corporate high-value assets and processes.
The report found that only 34% of organisations globally are capable of monitoring threats to the core elements of their businesses.
The Accenture Security Index works by assessing cyber security performance across a range of 33 capabilities, analysing effectiveness at industry and national levels. Only 9% of organizations were capable of achieving high performance results in 25 of the 33 assessed capabilities.
Positively for the UK, it ranked highest overall for cooperation with third-parties for crisis management, achieving 52%. At the other end of the spectrum was Spain, attaining high performance in just seven out of the 33 focus areas.
At industry level, banking organisations were able to achieve high performance in eight of the capabilities, including third-party cybersecurity in extended business ecosystems and “what-if” threat analysis. Following close behind are technology companies, ranking highest in seven capabilities including the ability to generate a security-minded culture.
The data behind the report was accumulated following the surveying of 2,000 enterprise security practitioners with annual revenues reaching figures of over $1 billion.
Kelly Bissell, managing director of Accenture Security said: “A turning point has been reached for cybersecurity. While organizations have improved their security over the last few years, progress has not kept pace with the sophistication of highly motivated attackers. A new approach is clearly needed. One that protects the organization from the inside out and across the entire industry value chain—from the wellhead to the oil pump. And the start of this must be a new, more comprehensive definition of what constitutes cybersecurity success based on impact to the business.”