Cyber resilience is rapidly becoming the new paradigm for enterprise cybersecurity. As the breadth and severity of cyberattacks grow, enterprises both large and small are coming to realize the necessity of managing threats more strategically and holistically.
Accenture’s recent report, State of Cybersecurity Resilience 2021, quantifies the benefits of implementing a cyber resiliency strategy that closely aligns cybersecurity with business continuity. Accenture categorizes organizations into four groups according to levels of cyber resilience:
- Cyber Champions: Excel at cyber resilience but strike a balance with business objectives.
- Business Blockers: Prioritize cyber resilience over alignment with business strategy.
- Cyber Risk Takers: Prioritize business growth and accept higher cyber risk.
- The Vulnerable: Do not align security with business strategy and secure the bare minimum.
The table below shows the dramatic advantage accruing to companies that integrate cybersecurity with business operations. These advantages extend beyond limiting the number of attacks to more quickly repairing the damage and reducing the impact from those that get through.
Implementing an enterprise-wide cyber resilient strategy remains at an early stage for many companies. A recent IBM survey asked organizations to describe the maturity levels of their cyber resiliency programs. Only 21% reported their organizations were mature, meaning all planned and defined cyber resiliency security activities were deployed, maintained, and/or refined across the organization.
The good news, however, was that most respondents believed their organizations’ cyber resiliency had significantly improved (24%), improved (27%), or somewhat improved (23%) over the last two years. The table below indicates what respondents believed were the top investments driving the improvement.
We expect an acceleration toward more holistic cyber resiliency strategies from the siloed, reactive status quo as companies strive to maintain business continuity in an environment of rising threat proliferation. This will lead to a significant increase in the integration of cybersecurity measures and initiatives with broader business practices, which will, in turn, drive the evolution and adoption of innovative threat-countering technologies for enterprise security.