Cybersecurity attacks targeting large enterprises are hardly new in 2021, but a new study has found that more than half of large companies are not effectively stopping cyberattacks.

The new research study from Accenture plc, based on a survey of more than 4,700 enterprise security practitioners globally, found that 55% of large companies are not effectively stopping cyberattacks. The study explores the extent to which organizations prioritize security, the effectiveness of current security efforts and how their security investments are performing.

Some 81% of respondents said that they believe that “staying ahead of attackers is a constant battle and the cost is unsustainable” — an increase from 69% in last year’s survey. In a mixed bag of results, 82% of survey respondents said that their companies had increased cybersecurity spending this past year, but at the same time, the number of successful breaches, including unauthorized access to data, applications, services, networks, or devices, jumped 31% over the previous year, to 270 per company on average.

Despite 67% of organizations believing that their ecosystem is secure, indirect attacks accounted for 61% of all cyberattacks this past year, up from 44% the prior year.

It wasn’t all doom and gloom. The research identified a small group of companies that excel at cybersecurity resilience and align with the business strategy to achieve better business outcomes and return on cybersecurity investments. Compared with other organizations, these so-called “cyber champions” are far more likely to balance cybersecurity and business objectives.

Other signs of cyber champions include a close relationship between cybersecurity and C-suite execs with a focus on protecting their organization from the loss of data. In this scenario, security is also baked into cloud initiatives and cybersecurity resilience is reviewed at least on an annual basis.

“Our analysis reveals that organizations too often focus solely on business outcomes at the expense of cybersecurity, creating greater risk,” Kelly Bissell, the head of Accenture Security, said in a statement. “While getting the balance right isn’t easy, those who have a clear view of the threat landscape and a strong alignment on business priorities and outcomes achieve greater levels of cyber resilience.”

Jacky Fox, group technology officer at Accenture Security, noted that spending more on cybersecurity without the focus being closely aligned to the business does not make a business safer.

“When it comes to managing cyber risks, organizations can’t afford to lean one way or the other,” Fox explained. “To achieve sustained and measurable cyber resilience, chief information security officers need to move away from security-focused silos so they can collaborate with the right executives in their organization to gain a 360-degree view of the business risks and priorities.”

Photo: JiriMatejicek/Wikimedia Commons