Proactive Cyber Security Strategies Improve Security Effectiveness

Uploaded on 2015-04-15 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

0.jpg

New research from Accenture and the Ponemon Institute sheds light on the success factors of companies that have improved their cyber security strategies, resulting in quantifiable business benefits. The research shows that proactive strategies can improve and expand on value delivered to the business.

Of the nearly 240 companies surveyed as part of the global research, those with a more proactive security stance saw their security effectiveness score improve by an average of 53 percent over a two-year period, while non-proactive companies only achieved a change of 2 percent. The report, “The Cyber Security Leap: From Laggard to Leader,” looks at how companies can achieve better security performance while facing an ever-changing number of threats and is the result of a collaborative study conducted by Accenture and the Ponemon Institute.

The research focused on organizations that fit into one of two categories based on how they address security: ‘Leapfrog’ companies, which align security with business goals, focus on security innovation and proactively address potential cyber security threats; and ‘Static’ companies, which focus more on cyber security threat prevention and compliance.

For instance, 70 percent of Leapfrog companies have a company-sanctioned security strategy, compared with just 55 percent of Static companies. In addition, the report’s probability estimates indicate that the perceived likelihood of material data breaches have decreased over time by 36 percent for Leapfrog companies but only by 5 percent for Static companies.

The research outlines how Leapfrog organizations are more effective than Static organizations at addressing security across three important areas:
            Strategy: Leapfrog companies establish a security strategy that places a high value on innovation and is aligned with business requirements. These companies see innovation as an important driver in developing sustainable strategies that adapt to keep pace with evolving business requirements to deliver effective security measures at scale, anywhere. Additionally, 62 percent of Leapfrog companies outsource core security operations in order to gain access to advanced technology and experience resources, versus 47 percent of Static companies.
            Technology: Leapfrog companies seek to develop security capabilities that enhance the user experience and productivity. To do this, they look at technology that can facilitate the organization’s digital uptake and improve the ability to counter advanced threats. This consists of embracing disruptive technologies brought to light by business users, instead of restricting or locking down the use of newer technologies.
            Governance: The report found that leapfrogging ahead in security effectiveness requires strong leadership and business alignment, with the correct governance measures in place. This may require that a company’s Chief Information Security Officer (CISO) have the authority to define and manage the company’s security strategy, with a direct communications channel to the CEO and the board. Nearly three-quarters (71 percent) of Leapfrog companies have a CISO tasked with defining security strategies and initiatives. Within Static organizations, governance and controls are less effective, and security is viewed as a trade-off with employee productivity.
“Our research shows that defending your business is a dynamic, strategic activity,” said Mike Salvino, group chief executive – Accenture Operations. “To protect the business, security measures must be both proactive and adaptive, allowing your customers in, but keeping threats at bay. These findings underscore our commitment to helping companies move into the Leapfrog category by building a strong cyber security presence based on intelligent, insight-driven security efforts that increase confidence and trust, and improve business performance.”

Larry Ponemon, CEO of the Ponemon Institute, said, “Companies looking to increase their security effectiveness can apply lessons learned from the Leapfrog companies to make a significant positive impact on their security.  Starting with the C-suite, it’s time to champion and achieve a strong stance on security–effectively communicating with all employees.  By holding everyone accountable for achieving security objectives, you will eliminate security silos within your organization.”

Accenture: http://ow.ly/LnSd5

« Cyber Insurance: Worth the Money?
Are You Really Spending Enough on Security? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

MIIS Cyber Initiative

MIIS Cyber Initiative

The Cyber Initiative's mission is to assess the impact of the information age on security, peace and communications.

Tinfoil Security

Tinfoil Security

Tinfoil is a simple, developer friendly service that lets you scan your website for vulnerabilities and fix them quickly and easily.

IntelliGO Networks

IntelliGO Networks

IntelliGO Networks is a cybersecurity company focused on Managed Detection and Response (MDR).

7Safe

7Safe

7Safe has been delivering hands-on digital security training courses since 2001 and offer e a portfolio of university and industry-accredited courses.

Valire Software

Valire Software

Valire provide a solution for the automated detection of internal fraud.

AnChain.AI

AnChain.AI

AnChain.AI's analytics platform proactively protects crypto assets by providing proprietary artificial intelligence, knowledge graphs, and threat intelligence on blockchain transactions.

RUSCADASEC

RUSCADASEC

RUSCADASEC is an independent non-profit initiative on developing the open Russian-speaking international community of industrial cyber security/ICS/SCADA cyber security professionals.

TalaTek

TalaTek

TalaTek is a full-service risk management firm providing expert services in risk management, cybersecurity, and compliance.

Action1

Action1

Action1 is a Cloud-based lightweight endpoint security platform that discovers all of your endpoints in seconds and allows you to retrieve live security information from the entire network.

Contechnet Deutschland

Contechnet Deutschland

Contechnet Deutschland started as a specialist in the area of IT disaster recovery and has since broadened its portfolio into information security and data protection.

Valence Security

Valence Security

Valence manages and secures your Business Application Mesh by delivering visibility, reducing unauthorized access and preventing data loss.

Kriptos

Kriptos

Kriptos helps businesses improve their cybersecurity, risk, and compliance strategies by locating critical information through a technology that automatically classifies and labels documents using AI.

Verichains

Verichains

Verichains Lab is a pioneer and leading APAC blockchain security firm with extensive expertise in the areas of security, cryptography and core blockchain technology.

Lab 1

Lab 1

Lab 1 turns criminal data breaches and attacks into insights. Get alerts of data breaches or ransomware attack incidents as they happen.

Positka FSI Pte Ltd

Positka FSI Pte Ltd

Positka, being a Splunk Singapore partner, provides Splunk & Phantom Services, Cybersecurity & Risk Management, Analytics & Big Data, Lean Process Optimization, and Managed Security Services.

Cura Technology

Cura Technology

Cura Technology offers a wide array of security solutions meticulously designed to address specific facets of your security requirements.