Now in its ninth year, the global consulting firm Accenture has released their latest report on the cost of cybercrime. The report collates research from across 11 countries and 16 industries, with interviews from 2,647 senior leaders from 355 companies, and a wealth of experience from Accenture’s security professionals providing valuable insights into the economic impact of cybercrime.
While it outlines the grim reality of cybercrime today, Accenture’s study is not all doom and gloom. In fact, the report outlines various ways in which companies can find and unlock the value opportunities within cybersecurity, emphasising that organisations have the ability to refocus their resources in order to make game-changing improvements and savings.
But first: the reality. Accenture’s research found that cybercrime is on the rise. An evolving threat landscape and continuous business innovation is enabling cyberattacks to proliferate, with the average number of security breaches in the last year growing by 11% from 130 to 145.
In dealing with these attacks, organisations are spending more. The average cost of a cyberattack for an organisation has increased from $11.7 million to $13 million. Companies have become extremely reliant on the internet, and Accenture estimates that almost 80% of organisations are introducing digitally-fuelled innovation faster than they can secure it against cybercrime.
Having analysed almost 1,000 cyberattacks, the report found that the most prevalent attacks were through malware, internal threats and phishing/social engineering attacks. The latter has seen an increase of 16% over the last year alone.
This research shows that the targets, impact and techniques of cybercrime are evolving rapidly, and that businesses are not keeping up. This can change, however, if organisations prioritise their cybersecurity protection and invest in the short term in order to achieve greater value in the long term.
Capturing the Value of Cybersecurity
By understanding the need to utilise technologies and techniques designed to improve cybersecurity protection, companies can reduce the consequences of cybercrime and unlock future economic value in their business. This involves a refocusing of resources, and an understanding of where value can be added using cybersecurity.
An interesting point raised by the report was the importance of the wider business ecosystem. Businesses must appreciate that cybersecurity is not limited to their four walls. Extended supply chains have come under increasing fire, with cyberattackers shifting their patterns to the wider business environment in order to find entry points into target systems. Hence, companies must take a step back and collaborate with their supply chain partners in order to implement a strategy that protects the entire organisation ecosystem.
By making investments like this, attacks will be prevented and the cost of cybercrime will diminish. Value will also be added where customers can see the positive impacts of cybersecurity and begin placing more trust in the business, thereby strengthening the relationship. This new level of confidence in the company could even be compounded by a competitor’s inability to inspire the same.
The report summarised three vital steps to unlocking the value in cybersecurity. These are:
- Prioritise Protecting People-Based Attacks: A security-first culture is essential when countering attacks such as phishing, ransomware and malicious insiders. This involves ongoing staff training and education that reinforces effective behaviour and cooperating with all partners and third parties to enhance the safety of the business ecosystem.
- Invest to Limit Information Loss and Business Disruption: Organisations have the responsibility to protect their critical information and data, especially now with the various privacy regulations such as the GDPR and CCPA. Investing in data loss prevention technologies and cryptographic techniques can reduce costs and enhance confidence. Having a data-centric culture that prioritises the handling, maintenance and sharing of information is essential to limiting the loss from damage and instilling trust.
- Target Technologies that Reduce Rising Costs: The costs associated with discovering an attack are higher than ever. However, by harnessing breakthrough technologies, companies may reverse this expense. Technology such as security intelligence and threat sharing, cloud services, automation and advanced analytics, to name a few, are capable of enhancing efficiency and reducing the costs of cybercrime.
This report shows that now, more than ever, companies must engage their workforces, adopt effective data-centric strategies and apply emerging, powerful technologies to drive their cyber resilience. Inevitably, companies will find these investments extremely rewarding.
Author: Elsa Chapple, Agilient Consultant