Pride cometh despite one in three targeted attacks resulting in a security breach
Overconfident security execs may be putting their organisations at greater risk, according to new research.
A report by services firm Accenture has revealed that of the 2,000 enterprise security practitioners – representing companies with annual revenues of more than $1bn – three in four were confident in their ability to stop all crooks getting into their systems.

Titled Building Confidence: Facing the Cybersecurity Conundrum (PDF), the report revealed that more than half of security executives admit it can take months to detect sophisticated breaches, and a third of those successful breaches are never discovered at all.
The Anglosphere performs particularly poorly when it comes to detecting successful breaches, with 30 per cent of organisations in the US and 26 per cent in the UK taking a year or more to detect a successful attack.
This may be due to the bulk of attacks hitting English-speaking nations, but it doesn’t excuse the UK’s confidence in monitoring for breaches, where we are second only to Germany in believing we can detect what’s happening with our systems.
Executives from the biggest companies across 15 countries said that they had “completely embedded cybersecurity into their cultures” but with the average organisation facing 106 targeted attacks per year, and a third of those being successful, corporations are being successfully breached two to three times every month.
Despite this, up to 54 per cent of executives would invest additional budget on “more of the same things they’re doing now”. Only 17 per cent would invest it in cybersecurity training, and only 28 per cent would invest in mitigating financial losses.
The French spend 9.4 per cent of their total IT budget on security, ahead of the 8.2 per cent global average, while the Australians tend to scrimp by with a mere 7.6 per cent on security, pipped by the Americans at 8 per cent – though ironically it is French, American and Australian companies who are the least confident in their ability to monitor for a breach. ®

Leave a Reply