“Cybersecurity nerds” like myself wait with bated breath for Accenture’s annual “State of Cybersecurity Resilience 2023” report to be released. This is because the report never fails to disappoint in providing a “snapshot” of the current state of cybersecurity. With such explosive growth in connectivity, the report has never been more relevant.
This annual insight is based on a survey of security and business executives from large organizations across the globe, assessing the state of cybersecurity resilience. It provides a glimpse into the challenges and trends facing organizations and best practices for improving cybersecurity resilience. As someone who writes about cybersecurity and stays on top of trends, there are few better barometers than surveys of business leaders who are in the trenches daily.
By the way, cybersecurity resilience means different things to different people. You can ask dozens of cybersecurity experts (and I have!) what this term means and come up with a dozen other answers. Cyber resilience is an organization’s ability to anticipate, withstand, recover from, and adapt to attacks or compromises on systems. It is a holistic cybersecurity approach that encompasses preventive and contingency measures. In other words, how does an organization respond and recover if there’s a breach?
“For a lot of us independent consultants, cyber resiliency is simply `how do we react,’ you see some businesses brought to their knees by cyber incidents, while others respond and move on, the latter is cyber-resilient, the first is cyber-vulnerable,” says Wayne Wright, a cybersecurity consultant in Chicago. Wright also reviewed Accenture’s State of Cybersecurity Resilience 2023 report.
Here are a few key takeaways:
- Cyberattacks are becoming more frequent and sophisticated. The report found that the average organization experienced 270 cyberattacks in 2022, up from 230 in 2021. The attacks were also more sophisticated, with 61 percent exploiting vulnerabilities in the organization’s ecosystem or supply chain.
- Organizations need to be adequately prepared for cyberattacks. The report found that only 30 percent of organizations have a mature cybersecurity program. This means that most organizations are not well-positioned to defend themselves against cyberattacks.
- Cybersecurity is becoming increasingly crucial to business success. The report found that organizations that excel at cybersecurity are more likely to achieve target revenue growth, market share, and customer satisfaction. They are also less likely to experience data breaches or other security incidents.
- Organizations need to adopt a new approach to cybersecurity. The report recommends that organizations adopt a “cyber resilience” approach to security. This means that organizations must focus on building a solid security foundation and developing a culture of security awareness.
“Some of the report’s findings are interesting, namely how much a good cybersecurity program aligns with overall business success, more and more, a strong, resilient, cybersecurity program dovetails with overall good business. This is an important shift. You might see businesses begin to really ‘sell’ their cybersecurity, imagine fast-food restaurants adverting not just their great hamburgers but also their impenetrable cybersecurity when placing an order. That is the direction we are going,” Wright explains.
Wright noted that the report also shows that many businesses need more resiliency. “Far too many businesses are still much too vulnerable, and while this is bad for them, it is a shining opportunity for MSPs,” Wright points out. “MSPs are the ones that can come into many organizations and implement a cyber resilience program at a reasonable cost.”
Other takeaways from the report:
- Eighty-seven percent of business leaders believe cybersecurity is their organization’s top priority.
- Sixty-three percent of business leaders believe cybersecurity is complex and challenging.
- Seventy-three percent of business leaders believe cybersecurity is a shared responsibility between organizations and governments.
“Some of these findings aren’t surprising, for instance, cybersecurity is a complex and challenging issue, but other findings are more heartening, like how many business leaders are now prioritizing cybersecurity,” Wright shares.
- The report also highlights several cybersecurity challenges that businesses face, including the increasing sophistication and frequency of cyberattacks.
- The growing number of connected devices and the resulting increase in attack surface
- The shortage of skilled cybersecurity professionals
- The difficulty of keeping up with the pace of technological change
“Of course, the talent shortage is well documented, but I find it interesting how many businesses say they are having difficulty keeping up with the pace of technological change. That is also an opportunity for MSPs to showcase themselves,” says Wright.
Despite these challenges, the report also found that organizations are taking steps to improve their cybersecurity resilience, such as:
- Investing in new technologies, such as artificial intelligence and machine learning
- Adopting a more risk-based approach to security
- Enhancing collaboration between security and business teams
- Building a culture of cybersecurity awareness
“Of course, AI has made a big splash this year and will continue providing new challenges and opportunities. MSPs who are well integrated with AI already are ahead of the game,” Wright says.
Photo: Tamisclao / Shutterstock
This post originally appeared on Smarter MSP.