One-third of corporate cyber attacks succeed - survey


Jerusalem - About one-third of targeted attempts to breach corporations’ cyber defenses succeed but three-quarters of executives remain unaccountably confident in their security strategies, Accenture Plc. reported on Wednesday in a survey of 2,000 security officers representing large enterprises worldwide.

The “alarmingly high” failure rate in defending against attacks is compounded by their “sheer volume,” Accenture said in the report, titled Building Confidence: Facing the Cybersecurity Conundrum. 

“On average, an organization will face more than a hundred focused and targeted breach attempts every year, and respondents say one in three of these will result in a successful security breach,” the report’s authors write. “That’s two to three effective attacks per month.”

READ: How cyber attacks are getting bigger, nastier

The survey follows recent high-profile data breaches of Sony Corp., Target Corp., the US Office of Personnel Management, leaks from the e-mail accounts of Democratic Party officials, and a denial of service attack on the servers of Dyn Inc. in October that silenced Twitter Inc. and other major internet companies for several hours.

Each year, businesses spend an estimated $84bn to defend against data theft that costs them about $2 trillion - damage that could rise to $90 trillion a year by 2030 if current trends continue, according to a forecast earlier this year by Omar Abbosh, Accenture’s chief strategy officer.

Confidence Lacking

Even though more than half of the survey’s respondents say internal breaches cause the most damage, two-thirds say they lack confidence in their organization’s ability to monitor internal threats and the majority continue to focus on defense against external attackers, the report says.

“Cyberattacks are a constant operational reality across every industry today and our survey reveals that catching criminal behavior requires more than the best practices and perspectives of the past,”  Kevin Richards, managing director of Accenture Security, North America, said in a statement accompanying the report.

READ: Here's how cyber crooks get in the door

“There needs to be a fundamentally different approach to security protection starting with identifying and prioritizing key company assets across the entire value chain.”

Most respondents said it takes “months” to detect successful breaches and 17% said the attacks were only discovered “within a year” or longer. 98% of breaches were reported by employees outside the security team.

Reboot Needed

“To survive in this contradictory and increasingly risky landscape, organizations need to reboot their approaches to cybersecurity,” the report’s authors write. “Ultimately, many remain unsure of their ability to manage the internal threats with the greatest cybersecurity impact even as they continue to prioritize external initiatives that produce the lowest return on investment.”

READ: Thousands of cyber attacks target SA

There is still too much emphasis on compliance, the authors conclude: “Just as adhering to generally accepted accounting principles does not ensure protection against financial fraud, cybersecurity compliance alone will not protect a company from successful incursions.”

Accenture surveyed 2,000 executives from 12 industries and 15 countries in North and South America, Europe and Asia Pacific

Read Fin24's top stories trending on Twitter:

We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For 14 free days, you can have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today. Thereafter you will be billed R75 per month. You can cancel anytime and if you cancel within 14 days you won't be billed. 
Subscribe to News24
Rand - Dollar
Rand - Pound
Rand - Euro
Rand - Aus dollar
Rand - Yen
Brent Crude
Top 40
All Share
Resource 10
Industrial 25
Financial 15
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot