Proactive Cyber Security Strategies Improve Security Effectiveness

Uploaded on 2015-04-15 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

0.jpg

New research from Accenture and the Ponemon Institute sheds light on the success factors of companies that have improved their cyber security strategies, resulting in quantifiable business benefits. The research shows that proactive strategies can improve and expand on value delivered to the business.

Of the nearly 240 companies surveyed as part of the global research, those with a more proactive security stance saw their security effectiveness score improve by an average of 53 percent over a two-year period, while non-proactive companies only achieved a change of 2 percent. The report, “The Cyber Security Leap: From Laggard to Leader,” looks at how companies can achieve better security performance while facing an ever-changing number of threats and is the result of a collaborative study conducted by Accenture and the Ponemon Institute.

The research focused on organizations that fit into one of two categories based on how they address security: ‘Leapfrog’ companies, which align security with business goals, focus on security innovation and proactively address potential cyber security threats; and ‘Static’ companies, which focus more on cyber security threat prevention and compliance.

For instance, 70 percent of Leapfrog companies have a company-sanctioned security strategy, compared with just 55 percent of Static companies. In addition, the report’s probability estimates indicate that the perceived likelihood of material data breaches have decreased over time by 36 percent for Leapfrog companies but only by 5 percent for Static companies.

The research outlines how Leapfrog organizations are more effective than Static organizations at addressing security across three important areas:
            Strategy: Leapfrog companies establish a security strategy that places a high value on innovation and is aligned with business requirements. These companies see innovation as an important driver in developing sustainable strategies that adapt to keep pace with evolving business requirements to deliver effective security measures at scale, anywhere. Additionally, 62 percent of Leapfrog companies outsource core security operations in order to gain access to advanced technology and experience resources, versus 47 percent of Static companies.
            Technology: Leapfrog companies seek to develop security capabilities that enhance the user experience and productivity. To do this, they look at technology that can facilitate the organization’s digital uptake and improve the ability to counter advanced threats. This consists of embracing disruptive technologies brought to light by business users, instead of restricting or locking down the use of newer technologies.
            Governance: The report found that leapfrogging ahead in security effectiveness requires strong leadership and business alignment, with the correct governance measures in place. This may require that a company’s Chief Information Security Officer (CISO) have the authority to define and manage the company’s security strategy, with a direct communications channel to the CEO and the board. Nearly three-quarters (71 percent) of Leapfrog companies have a CISO tasked with defining security strategies and initiatives. Within Static organizations, governance and controls are less effective, and security is viewed as a trade-off with employee productivity.
“Our research shows that defending your business is a dynamic, strategic activity,” said Mike Salvino, group chief executive – Accenture Operations. “To protect the business, security measures must be both proactive and adaptive, allowing your customers in, but keeping threats at bay. These findings underscore our commitment to helping companies move into the Leapfrog category by building a strong cyber security presence based on intelligent, insight-driven security efforts that increase confidence and trust, and improve business performance.”

Larry Ponemon, CEO of the Ponemon Institute, said, “Companies looking to increase their security effectiveness can apply lessons learned from the Leapfrog companies to make a significant positive impact on their security.  Starting with the C-suite, it’s time to champion and achieve a strong stance on security–effectively communicating with all employees.  By holding everyone accountable for achieving security objectives, you will eliminate security silos within your organization.”

Accenture: http://ow.ly/LnSd5

« Cyber Insurance: Worth the Money?
Are You Really Spending Enough on Security? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Applicure Technologies

Applicure Technologies

Applicure Technologies develops the leading multi-platform web application security software products to protect web sites and web applications from external and internal attacks.

American International Group (AIG)

American International Group (AIG)

AIG, is an American multinational insurance corporation. Commercial services include cyber risk insurance.

International Association of Professional Security Consultants (IAPSC)

International Association of Professional Security Consultants (IAPSC)

Members of the IAPSC represent a unique group of respected, ethical and competent security consultants.

Phoenix Contact Cyber Security

Phoenix Contact Cyber Security

Phoenix Contact Cyber Security is a leading manufacturer of network security appliances for use in industrial environments.

mmCERT

mmCERT

mmCERT is the national Computer Emergency Response Team for Myanmar.

DomainTools

DomainTools

DomainTools is the global leader for internet intelligence and the first place security practitioners go when they need to know.

Iceberg

Iceberg

Since 2016, Iceberg has redefined how businesses approach hiring in the Cybersecurity and eDiscovery space.

Clavis Information Security

Clavis Information Security

Clavis is an Information Security company offering a complete portfolio of solutions from Pentesting and Security Assessments to Managed Security Services and Training.

Dice

Dice

Dice is a leading recruitment platform, helping technology professionals manage their careers and employers connect with highly skilled tech talent in specialist areas including cybersecurity.

Nexum

Nexum

Nexum takes a comprehensive approach to security, from detecting and preventing network threats, to equipping you with the information, tools and training you need to effectively manage IT risk.

Templar Shield

Templar Shield

Templar Shield is a premier information security, risk and compliance technology professional services firm serving North America.

ConnectWise

ConnectWise

The Unified ConnectWise Platform offers intelligent software and expert services to easily run your business, deliver your services, secure your clients, and build your staff.

Silicon Labs

Silicon Labs

Silicon Labs are a leader in secure, intelligent wireless technology for a more connected world. We provide award-winning hardware and software security to help safeguard connected devices.

Labaton Sucharow

Labaton Sucharow

Standing on the horizon of law and technology, our Cybersecurity and Data Privacy Practice helps to protect consumers who have been harmed by businesses’ failures to safeguard their customers' data.

NetRise

NetRise

NetRise was founded as a direct result of the many shortcomings currently in the device security market, specifically targeting the firmware of devices.

Zenzero

Zenzero

Zenzero simplifies technology adoption and supports our customers through managed and outsourced IT support.