the cyber security leap: from laggard to leader
TRANSCRIPT
![Page 1: The cyber security leap: From laggard to leader](https://reader031.vdocuments.us/reader031/viewer/2022030317/586fe0a51a28ab18428b7411/html5/thumbnails/1.jpg)
The Cyber Security Leap:From Laggard to Leader
How Australian organisations can learn from the Leapfrogs
![Page 2: The cyber security leap: From laggard to leader](https://reader031.vdocuments.us/reader031/viewer/2022030317/586fe0a51a28ab18428b7411/html5/thumbnails/2.jpg)
2Copyright © 2015 Accenture All rights reserved. 2Copyright © 2015 Accenture All rights reserved.
How do some organisation achieve better security performance?We compared organisation that were able to “leapfrog” their security effectiveness against others that remained static.
Defining a Leapfrog organisation
Key findings
Implications
About the research
![Page 3: The cyber security leap: From laggard to leader](https://reader031.vdocuments.us/reader031/viewer/2022030317/586fe0a51a28ab18428b7411/html5/thumbnails/3.jpg)
3Copyright © 2015 Accenture All rights reserved. 3Copyright © 2015 Accenture All rights reserved.
Leapfrog organisation improved their security effectiveness an average of 53% over two yearsSuccess characteristics can be summarised across three areas
Research and analysis conducted by Accenture in Collaboration with the Ponemon Institute, LLC.All data in this presentation taken from “The Cyber Security Leap: From Laggard to Leader, 2015
• Security is a business priority aligned with the enterprise’s goals
• Focus on innovation• Outsourcing is a
component of the security program
• Respond proactively to major changes to the threat landscape
• Open communications with CEOs and corporate boards
• Establish dedicated security budgets that have steadily increased
• Chief Information Security Officer (CISO) has authority to define and manage the security strategy
• Deploy enterprise risk management procedures
• Embrace new and disruptive security technologies as part of the strategy
Strategy Technology Governance
![Page 4: The cyber security leap: From laggard to leader](https://reader031.vdocuments.us/reader031/viewer/2022030317/586fe0a51a28ab18428b7411/html5/thumbnails/4.jpg)
4Copyright © 2015 Accenture All rights reserved. 4Copyright © 2015 Accenture All rights reserved.
Leapfrog organisation improved their security effectiveness an average of 53% over two yearsSuccess characteristics can be summarised across three areas
• Security is a business priority aligned with the enterprise’s goals
• Focus on innovation• Outsourcing is a
component of the security program
• Respond proactively to major changes to the threat landscape
• Open communications with CEOs and corporate boards
• Establish dedicated security budgets that have steadily increased
• Chief Information Security Officer (CISO) has authority to define and manage the security strategy
Strategy Governance
• Deploy enterprise risk management procedures
• Embrace new and disruptive security technologies as part of the strategy
Technology
Research and analysis conducted by Accenture in Collaboration with the Ponemon Institute, LLC.All data in this presentation taken from “The Cyber Security Leap: From Laggard to Leader, 2015
![Page 5: The cyber security leap: From laggard to leader](https://reader031.vdocuments.us/reader031/viewer/2022030317/586fe0a51a28ab18428b7411/html5/thumbnails/5.jpg)
5Copyright © 2015 Accenture All rights reserved. 5Copyright © 2015 Accenture All rights reserved.
Leapfrog organisation improved their security effectiveness an average of 53% over two yearsSuccess characteristics can be summarised across three areas
• Security is a business priority aligned with the enterprise’s goals
• Focus on innovation• Outsourcing is a
component of the security program
• Respond proactively to major changes to the threat landscape
• Open communications with CEOs and corporate boards
• Establish dedicated security budgets that have steadily increased
• Chief Information Security Officer (CISO) has authority to define and manage the security strategy
• Deploy enterprise risk management procedures
• Embrace new and disruptive security technologies as part of the strategy
Strategy Technology Governance
Research and analysis conducted by Accenture in Collaboration with the Ponemon Institute, LLC.All data in this presentation taken from “The Cyber Security Leap: From Laggard to Leader, 2015
![Page 6: The cyber security leap: From laggard to leader](https://reader031.vdocuments.us/reader031/viewer/2022030317/586fe0a51a28ab18428b7411/html5/thumbnails/6.jpg)
6Copyright © 2015 Accenture All rights reserved. 6Copyright © 2015 Accenture All rights reserved.
Organisations with static security effectiveness demonstrated different characteristics
• Operate security under a veil of stealth, secrecy and underfunding
• Prioritise external threats
• Focus on prevention rather than quick detection or containment
• Drive security investments by compliance with regulations and policies
• View security as diminishing employee productivity
• Believe security budgets are inadequate for meeting the company’s security mission
![Page 7: The cyber security leap: From laggard to leader](https://reader031.vdocuments.us/reader031/viewer/2022030317/586fe0a51a28ab18428b7411/html5/thumbnails/7.jpg)
7Copyright © 2015 Accenture All rights reserved. 7Copyright © 2015 Accenture All rights reserved.
Leapfrog organisations value innovation as a way to strengthen their security posture
Higher value placed on security innovation
33%
Higher level of security innovation change in the past two years
45%
More security innovation
20%
![Page 8: The cyber security leap: From laggard to leader](https://reader031.vdocuments.us/reader031/viewer/2022030317/586fe0a51a28ab18428b7411/html5/thumbnails/8.jpg)
8Copyright © 2015 Accenture All rights reserved. 8Copyright © 2015 Accenture All rights reserved.
Establishing a security strategy as a business priority separates Leapfrog from Static organisations
Security and business objectives aligned
70%
55%
69%
45%
63%
40%
Security is priority
Security strategy exists
LEAPFROG
STATIC
LEAPFROG
STATIC
LEAPFROG
STATIC
![Page 9: The cyber security leap: From laggard to leader](https://reader031.vdocuments.us/reader031/viewer/2022030317/586fe0a51a28ab18428b7411/html5/thumbnails/9.jpg)
9Copyright © 2015 Accenture All rights reserved. 9Copyright © 2015 Accenture All rights reserved.
Security outsourcing is often a component of Leapfrog organisations’ strategiesOutsourcing core security operations can greatly increase security effectiveness by providing access to advanced technology and expert resources.
Leapfrog Static
Has strategy & does not outsource
security operations
23%15%
55%
32%
Has strategy & outsources security
operations
![Page 10: The cyber security leap: From laggard to leader](https://reader031.vdocuments.us/reader031/viewer/2022030317/586fe0a51a28ab18428b7411/html5/thumbnails/10.jpg)
10Copyright © 2015 Accenture All rights reserved. 10Copyright © 2015 Accenture All rights reserved.
Leapfrog organisations proactively use advanced technologies to secure their network and cloud environments
LeapfrogStatic (Rankings on a 10 point scale, 1 = low; 10 = high)
Secure (encrypt)data stored in
cloud environments
7.186.00
Establish security protocols over
big data
6.334.94
Pinpoints anomalies in
network traffic
8.557.45
Provide advance warning about
threats and attackers
8.277.56
![Page 11: The cyber security leap: From laggard to leader](https://reader031.vdocuments.us/reader031/viewer/2022030317/586fe0a51a28ab18428b7411/html5/thumbnails/11.jpg)
11Copyright © 2015 Accenture All rights reserved. 11Copyright © 2015 Accenture All rights reserved.
Leapfrog organisations focus more on securing network, sensitive data and the cloud; Static organisations focus more on locking things down.
Control insecuremobile devicesincluding BYOD
7.167.76
Limit insecure devices from
accessing security systems
6.037.18
LeapfrogStatic (Rankings on a 10 point scale, 1 = low; 10 = high)
![Page 12: The cyber security leap: From laggard to leader](https://reader031.vdocuments.us/reader031/viewer/2022030317/586fe0a51a28ab18428b7411/html5/thumbnails/12.jpg)
12Copyright © 2015 Accenture All rights reserved. 12Copyright © 2015 Accenture All rights reserved.
Establishing strong governance and controls supports Leapfrog security effectivenessImportant governance components include dedicated budget, use of benchmarks and metrics and regular communications with board of directors.
Metrics to evaluate security
operations
20%26%
Enterprise risk management
procedures
35%
Regular reporting to the
board of directors
34%
BenchmarkSecurity
operations
![Page 13: The cyber security leap: From laggard to leader](https://reader031.vdocuments.us/reader031/viewer/2022030317/586fe0a51a28ab18428b7411/html5/thumbnails/13.jpg)
13Copyright © 2015 Accenture All rights reserved. 13Copyright © 2015 Accenture All rights reserved.
The CISO role in Leapfrog organisations reflects the importance placed on securityWhile both types of organisations have a CISO, the level of responsibility is notably different.
CISO definessecurity strategy and initiatives
Leapfrog 71%
Static 60%
CISO directly reports to a
senior executive
71%
58%
CISO is accountable for budgets or
discretionary spending
65%
55%
![Page 14: The cyber security leap: From laggard to leader](https://reader031.vdocuments.us/reader031/viewer/2022030317/586fe0a51a28ab18428b7411/html5/thumbnails/14.jpg)
14Copyright © 2015 Accenture All rights reserved. 14Copyright © 2015 Accenture All rights reserved.
Security effectiveness can be notably improved over a short period of time, by applying lessons learned from three priority areas
Strategy Technology Governance
![Page 15: The cyber security leap: From laggard to leader](https://reader031.vdocuments.us/reader031/viewer/2022030317/586fe0a51a28ab18428b7411/html5/thumbnails/15.jpg)
15Copyright © 2015 Accenture All rights reserved. 15Copyright © 2015 Accenture All rights reserved.
Suggestions for developing or improving your security strategy• Establish a security strategy that encourages innovation, has
dedicated budget and programs, a strong eco-system and a clear vision for how innovation gets on-boarded into production.
• Develop the ability to adapt quickly and proactively to the changing threat landscape
• Help the organisation embrace digital disruption
• Align security and organisational priorities
• Treat security as a business priority
![Page 16: The cyber security leap: From laggard to leader](https://reader031.vdocuments.us/reader031/viewer/2022030317/586fe0a51a28ab18428b7411/html5/thumbnails/16.jpg)
16Copyright © 2015 Accenture All rights reserved. 16Copyright © 2015 Accenture All rights reserved.
Suggested areas for technology focus
• Seek out technology and capabilities that enhance the user experience and productivity
• Balance prevention, detection and response better—lessen the focus on prevention
• Better exploit data within the organisation to gain an advantage in detection and response times—move toward security intelligence
![Page 17: The cyber security leap: From laggard to leader](https://reader031.vdocuments.us/reader031/viewer/2022030317/586fe0a51a28ab18428b7411/html5/thumbnails/17.jpg)
17Copyright © 2015 Accenture All rights reserved. 17Copyright © 2015 Accenture All rights reserved.
Governance measures to improve performance• Foster a working relationship between
CISO and the board to take effective action; educate and collaborate to articulate and prioritise business risk
• Use benchmarks and metrics to continually assess the strategy and evolve the organisation’s posture
• Outsource security operations as appropriate for best use of available expert resources
• Eliminate fire-fighting and use resources effectively
![Page 18: The cyber security leap: From laggard to leader](https://reader031.vdocuments.us/reader031/viewer/2022030317/586fe0a51a28ab18428b7411/html5/thumbnails/18.jpg)
18Copyright © 2015 Accenture All rights reserved. 18Copyright © 2015 Accenture All rights reserved.
Organisations studied represent various industries and sizes across Australia, NA, Europe, Middle East and Asia Pacific
16%
14%
14%
10%8%
9%
6%
6%
5%
5%4%
4% 9%
11%
28%
24%
18%
11%
Less than 1,000
1,000 to 5,000
5,001 to 10,000
10,001 to 25,000
25,000 to 75,000
More than 75,000Financial
services
Industries represented Organisation size
Public sector
Services
RetailEnergy and utilities
Industrial
Health & pharmaceutical
Consumer
Technology and software
TransportationOther
Hospitality
Education and research, 1%Communications, 1%
![Page 19: The cyber security leap: From laggard to leader](https://reader031.vdocuments.us/reader031/viewer/2022030317/586fe0a51a28ab18428b7411/html5/thumbnails/19.jpg)
19Copyright © 2015 Accenture All rights reserved. 19Copyright © 2015 Accenture All rights reserved.
For more information: - Visit accenture.com.au/security
- Contact Accenture APAC Security Lead, Jean-Marie Abi-Ghanem:[email protected]
19Copyright © 2015 Accenture All rights reserved.