Getty Images
Security Investments Are Increasing, But So Are Cyberattacks
New research from Accenture highlights the growing challenges that executives face in balancing security investments with risk to achieve cyber resilience.
In a survey of over 4,700 executives across a variety of industries including healthcare, Accenture discovered that more than half of large companies are not effectively stopping cyberattacks, finding data breaches quickly, or reducing the impact of breaches.
From 2020 to 2021, executives saw a 31 percent increase in the average number of cyberattacks per company. At the same time, more than 80 percent of respondents reported increasing their IT security budgets in the past year. IT security budgets now make up 15 percent of all IT spending on average.
In addition, the survey found that executives are more stressed than ever about cybersecurity. Over 80 percent of respondents said that staying ahead of hackers is a constant battle and incurs unsustainable costs, compared to 69 percent in 2020.
Healthcare organizations face a unique risk compared to other industries. Since patient safety must be considered, healthcare organizations are seen as easy targets because they are more likely to pay the ransom in order to restore their systems as quickly as possible.
Improving organization-wide security measures, educating employees, and investing in technical safeguards can help the healthcare industry improve its cyber resilience.
“The cyber-resilient business brings together the capabilities of cybersecurity, business continuity and enterprise resilience,” the report explained.
“It embeds security across the business ecosystem and applies fluid security strategies to respond quickly to threats, so it can minimize the damage and continue to operate under attack. As a result, the cyber-resilient business can introduce innovative offerings and business models securely across the entire value chain, strengthen customer trust and grow with confidence.”
Although cloud adoption is increasing across all industries, a third of respondents said that security has not been part of initial cloud adoption discussions. Although cloud adoption is increasing exponentially, organizations that were reluctant to make the jump cited security issues.
“About one-third of all respondents say poor governance and compliance practices around cloud security are a problem, that cloud security is too complex and that they do not have the skills internally to structure a proper cloud security framework,” the report continued.
In order to achieve cyber resilience, Accenture suggested that organization start by giving chief information security officers (CISOs) a seat at the table. Instead of working in security-focused siloes, CISOs should be interacting with executives to understand business risks and enterprise-wide priorities.
Stopping cyberattacks altogether is impossible but mitigating risks by implementing preventive measures is not. Continually monitoring risk and reassessing third-party vendor agreements is crucial to maintaining cyber hygiene.
The study also recommended prioritizing cloud security to enable better outcomes and mitigate risk. Security should be part of the cloud adoption conversation from the start, rather than an afterthought.
“We’re seeing familiar challenges that we’ve noted in the past—cyberattacks are spiraling upward, security investments are still on the rise and security’s relationship with cloud continues to prove challenging,” the report concluded.
“In such a climate, where change is the byword, seeking out the best way to run security operations can make all the difference. It is not a one-way street.”