Proactive Cyber Security Strategies Improve Security Effectiveness

Uploaded on 2015-04-15 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

0.jpg

New research from Accenture and the Ponemon Institute sheds light on the success factors of companies that have improved their cyber security strategies, resulting in quantifiable business benefits. The research shows that proactive strategies can improve and expand on value delivered to the business.

Of the nearly 240 companies surveyed as part of the global research, those with a more proactive security stance saw their security effectiveness score improve by an average of 53 percent over a two-year period, while non-proactive companies only achieved a change of 2 percent. The report, “The Cyber Security Leap: From Laggard to Leader,” looks at how companies can achieve better security performance while facing an ever-changing number of threats and is the result of a collaborative study conducted by Accenture and the Ponemon Institute.

The research focused on organizations that fit into one of two categories based on how they address security: ‘Leapfrog’ companies, which align security with business goals, focus on security innovation and proactively address potential cyber security threats; and ‘Static’ companies, which focus more on cyber security threat prevention and compliance.

For instance, 70 percent of Leapfrog companies have a company-sanctioned security strategy, compared with just 55 percent of Static companies. In addition, the report’s probability estimates indicate that the perceived likelihood of material data breaches have decreased over time by 36 percent for Leapfrog companies but only by 5 percent for Static companies.

The research outlines how Leapfrog organizations are more effective than Static organizations at addressing security across three important areas:
            Strategy: Leapfrog companies establish a security strategy that places a high value on innovation and is aligned with business requirements. These companies see innovation as an important driver in developing sustainable strategies that adapt to keep pace with evolving business requirements to deliver effective security measures at scale, anywhere. Additionally, 62 percent of Leapfrog companies outsource core security operations in order to gain access to advanced technology and experience resources, versus 47 percent of Static companies.
            Technology: Leapfrog companies seek to develop security capabilities that enhance the user experience and productivity. To do this, they look at technology that can facilitate the organization’s digital uptake and improve the ability to counter advanced threats. This consists of embracing disruptive technologies brought to light by business users, instead of restricting or locking down the use of newer technologies.
            Governance: The report found that leapfrogging ahead in security effectiveness requires strong leadership and business alignment, with the correct governance measures in place. This may require that a company’s Chief Information Security Officer (CISO) have the authority to define and manage the company’s security strategy, with a direct communications channel to the CEO and the board. Nearly three-quarters (71 percent) of Leapfrog companies have a CISO tasked with defining security strategies and initiatives. Within Static organizations, governance and controls are less effective, and security is viewed as a trade-off with employee productivity.
“Our research shows that defending your business is a dynamic, strategic activity,” said Mike Salvino, group chief executive – Accenture Operations. “To protect the business, security measures must be both proactive and adaptive, allowing your customers in, but keeping threats at bay. These findings underscore our commitment to helping companies move into the Leapfrog category by building a strong cyber security presence based on intelligent, insight-driven security efforts that increase confidence and trust, and improve business performance.”

Larry Ponemon, CEO of the Ponemon Institute, said, “Companies looking to increase their security effectiveness can apply lessons learned from the Leapfrog companies to make a significant positive impact on their security.  Starting with the C-suite, it’s time to champion and achieve a strong stance on security–effectively communicating with all employees.  By holding everyone accountable for achieving security objectives, you will eliminate security silos within your organization.”

Accenture: http://ow.ly/LnSd5

« Cyber Insurance: Worth the Money?
Are You Really Spending Enough on Security? »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Contrast Security

Contrast Security

Contrast Security is the leader in modernized application security, embedding code analysis and attack prevention directly into software.

National Crime Agency (NCA) - United Kingdom

National Crime Agency (NCA) - United Kingdom

The NCA's Cyber Crime Unit focuses on critical cyber incidents in the UK as well as longer-term activity against the criminals and the services on which they depend.

ThreatHunter.ai

ThreatHunter.ai

ThreatHunter.ai (formerly Milton Security) is a business that tracks down and mitigates attacks in real time using our ARGOS Platform and our Elite Threat Hunters.

totemo

totemo

Totemo offers solutions for the secure exchange of business information.

Mnemonica

Mnemonica

Mnemonica specializes in providing data protection system, information security compliance solutions, cloud and managed services.

Elron Ventures

Elron Ventures

Elron partner with early stage ventures to build companies that transform lives and industries. Our main areas of focus are enterprise software, cybersecurity, and healthcare.

RIA in a Box

RIA in a Box

MyRIACompliance combines our team of RIA compliance experts with an online software platform to help investment advisers better manage regulatory compliance and cybersecurity responsibilities.

ActiveNav

ActiveNav

ActiveNav provide dark data discovery solutions for compliance and information governance.

Vijilan Security

Vijilan Security

Vijilan provides 24/7 SOC services to MSPs/VARs. Our Security Operations Center is global, and our services are exclusive to the Channel.

Policy Monitor

Policy Monitor

Policy Monitor is a cyber security company founded by experts with extensive experience in operational and risk management.

Firesand

Firesand

Based in Milton Keynes, Firesand Ltd provides penetration testing services to improve your cyber security and protect your company against hackers.

Silent Circle

Silent Circle

Silent Circle is the leader in end-to-end enterprise solutions for secure mobile communications.

Jera IT

Jera IT

Jera IT provide fully managed IT support, cybersecurity services, telecoms systems, and IT strategy consultancy to businesses based in Aberdeen and the surrounding area.

Buguard

Buguard

Buguard is a multi-award-winning supplier of Application Security Assessments and GRC services.

Nexer

Nexer

Nexer is a modern tech company with expertise in strategy, technology and communication with a strong vision.

Western Balkans Cyber Capacity Centre (WB3C)

Western Balkans Cyber Capacity Centre (WB3C)

WB3C is a programme founded by France, Slovenia and Montenegro with the mission of building a secure and connected Western Balkans region through enhancing its cyber capabilities and resilience.