Companies have ‘false sense’ of cyber security
Businesses are leaving themselves wide open to cyber attacks, falsely believing they are well protected, according to a survey by consultant Accenture.
The study of 2000 security executives from companies with annual revenue above $US1 billion ($1.3 billion) was carried out across 15 countries, including Australia.
It found 75% are confident in their ability to protect their businesses from attacks.
However, about one in three targeted attacks results in a security breach, which equates to 2-3 effective attacks per month for the average company.
The survey shows most companies lack effective technology to monitor for cyber attacks, and they are focused on risks and outcomes that have not kept pace with the evolving threat.
Australian businesses rate alongside France and the US as showing least confidence in the ability to monitor for breaches.
Australia comes in 15th for spending on cyber security (7.6%) as a percentage of IT budget, with the US at 14th (8%).
Accenture Security North America MD Kevin Richards says businesses need “a fundamentally different approach to security protection, starting with identifying and prioritising key company assets across the entire value chain”.
About half of respondents say that given more money they would “double down” on current cyber-security spending priorities, despite the ineffectiveness of previous investments.
These priorities include protecting the business’ reputation (54%), safeguarding company information (47%) and protecting customer data (44%). Far fewer companies would invest in mitigating against financial loss (28%) or in cyber-security training (17%).
While respondents acknowledge internal breaches have the greatest impact, 58% prioritise heightened capability in “perimeter” controls over internal checks.
More than half say it can take months to detect a breach, while up to a third of successful breaches are never detected.