One third of all cyber attacks successful!
One third of all cyber attacks on companies are successful. On average, this equates to two to three attacks per month for each company in which security measures are overcome. Despite this, almost eight out of ten IT security managers worldwide (75 percent) feel well equipped to defend against attacks.
The consulting firm Accenture conducted a survey of 2,000 IT security managers in 15 countries. The survey asked about cyber attacks, the effectiveness of security measures and the existing budget in companies with an annual turnover of more than one billion US dollars.
Thinking oneself in a false sense of security
Almost eight out of ten respondents (78 percent) said that IT security is considered important by the company's management and is supported accordingly. 75 percent of respondents are convinced that their strategy for defending against cyber attacks is working. In addition, 38 percent of respondents said they can monitor attacks and 44 percent can identify them.
Of the average 595 attacks on each company each year, 190 were successful, according to the respondents. Only 65 percent of security breaches are discovered by IT security teams; they learn about the remaining breaches primarily through other employees. And five out of ten respondents (51 percent) said that IT security breaches are only discovered after several months, with 17 percent discovering successful attacks even after a year or even later.
"The survey results show that Central European companies in particular feel more secure than they actually are," says Uwe Kissmann, Accenture AG Zurich and Managing Director Cyber Security Services, EALA (Europe, Africa & Latin America). "Yet permanent cyber attacks are a reality in every industry today."
Protection of customer data top priority
When asked about the top three objectives they prevent with their IT security strategy, 49 percent of respondents cited protecting customer data. Preventing business interruptions was the second most important at 51 percent. However, just over a third (36 percent) of respondents are confident that disruption will be minimized in the event of cyber attacks.
At just over nine percent, French companies spend the most money on security; in Germany, an average of eight percent of IT budgets is available for security measures. Compared to other countries, investments in IT security have grown the most among American companies over the past three years (21 percent increase compared to the global average, which is 18 percent).
"Detecting criminal behavior requires more than the best practices of the past," says Uwe Kissmann. "Companies need an approach that identifies and prioritizes corporate assets along the entire value chain. On the technology side, it is essential to actively challenge existing procedures and approaches and supplement them with 'real-world' scenarios. This requires, among other things, access to resources with years of experience in monitoring and fighting cybercrime. If this 'from attack to defense' approach can be applied to the really sensitive areas of a company, a significantly more effective protection is guaranteed. The need for a holistic and end-to-end approach that integrates digital security across the enterprise has never been greater."
Source: www.accenture.com/cybersecurityreport
