Accenture Report: Banks Confident in Cybersecurity Capabilities But Lack of Real-World Testing Leaves Gaps in Their Defense
April 19 2017 - 8:57AM
Business Wire
Many senior bank executives are confident about their
cybersecurity strategy, yet a lack of comprehensive, practical
testing is leaving gaps in their defense, according to a new report
from Accenture (NYSE:ACN).
This Smart News Release features multimedia.
View the full release here:
http://www.businesswire.com/news/home/20170419005186/en/
(Graphic: Business Wire)
The report, Building Confidence: Solving Banking’s Cybersecurity
Conundrum, is based on a global survey of 275 senior security
executives across the banking and capital markets sectors. It found
that 78 percent of executives surveyed expressed confidence in
their overall cybersecurity strategy, with more than half the
respondents indicating high levels of comfort in their ability to
identify the cause of a breach, measure the impact of a breach and
manage the financial risk due to a cybersecurity event (cited 51
percent, 51 percent and 50 percent, respectively).
However, the analysis also points to ongoing security challenges
for banks. For example, in addition to the many phishing, malware
and penetration attacks that banks around the world receive each
day, on average, respondents reported that their banks had
experienced 85 serious attempted cyber breaches each year. Of
these, about one third (36 percent) were successful, that is, at
least some information was obtained through the breach. In these
instances, it took 59 percent of banks several months to detect
breaches that occurred.
Additionally, nearly half (48 percent) of respondents cited
internal breaches as having the greatest cybersecurity impact and
52 percent indicated a lack of confidence in their organization’s
ability to detect a breach through internal monitoring.
“Bank executives are clearly confident when it comes to their
cybersecurity capabilities, but there is still much work to be
done,” said Chris Thompson, senior managing director and head of
financial services cybersecurity and resilience, Accenture
Security. “Most cybersecurity assessment programs, while
well-intentioned, are highly theoretical and based on known
cyberattack practices. The reality, however, is very different.
Fast-moving, dynamic threats are creating new challenges every day.
Banks should focus on deploying practical testing scenarios that
focus inside the perimeter to ultimately make the crooks’ job
as difficult as possible.”
While banks’ security teams detected a high number of each
company’s breaches, virtually all (99 percent) of respondents said
they learned about the remainder of the breaches from their own
employees, pointing to the critical importance of establishing
strong awareness, strengthening internal training programs and
establishing effective internal escalation processes.
According to the report, developing and implementing the right
governance model to drive a holistic approach to cybersecurity is
critically important in strengthening a firm’s external and
internal defense capabilities. Developing effective capabilities
should be driven by a two-pronged strategy: focused cybersecurity
assessments on one hand and comprehensive testing on the other.
Banks Expect Cybersecurity Skills Shortage
The research also points to several areas where respondents
foresee a significant skills shortage, including end-point /
network security, incident response and vulnerability management
(cited by 61 percent, 53 percent and 53 percent, respectively).
Thompson added: “Banks have traditionally prioritized their
cybersecurity investment around building higher, more secure walls.
But this has often been to the detriment of their internal
capabilities. While defending the perimeter is crucial, it’s often
the people inside the walls that present the biggest risk, but also
the biggest weapon in the fight for resiliency.”
The report complements the recently released Accenture Security
Index, in which banking organizations ranked second in a
cross-industry evaluation of high-performance security
capabilities. Banks received a high rating in eight capabilities,
including “what-if” threat analysis and “third party cybersecurity”
preparedness. To gauge the effectiveness of current enterprise
security efforts and the adequacy of their existing investments,
Accenture surveyed 2,000 top enterprise security practitioners
representing companies with annual revenues of $1 billion or more.
The results of this survey were analyzed in collaboration with
Oxford Economics to develop the Accenture Security Index comparing
the relative strength of organizations to protect themselves from
cyberattacks.
Methodology
Accenture surveyed 275 security executives from the Banking
sector via a hybrid online and telephone interview process. This
constituted an important subset of the 2,000 executives surveyed as
part of the global, cross-industry report. The report and
additional support materials are available here.
About Accenture
Accenture is a leading global professional services company,
providing a broad range of services and solutions in strategy,
consulting, digital, technology and operations. Combining unmatched
experience and specialized skills across more than 40 industries
and all business functions – underpinned by the world’s largest
delivery network – Accenture works at the intersection of business
and technology to help clients improve their performance and create
sustainable value for their stakeholders. With approximately
401,000 people serving clients in more than 120 countries,
Accenture drives innovation to improve the way the world works and
lives. Visit us at www.accenture.com.
Accenture Security helps organizations build
resilience from the inside out, so they can confidently
focus on innovation and growth. Leveraging its global network of
cybersecurity labs, deep industry understanding across client value
chains and services that span the security lifecycle, Accenture
protects organization’s valuable assets, end-to-end. With services
that include strategy and risk management, cyber defense,
digital identity, application security and managed security,
Accenture enables businesses around the world to defend against
known sophisticated threats, and the unknown. Follow us
@AccentureSecure on Twitter or visit us at
www.accenture.com/security.
View source
version on businesswire.com: http://www.businesswire.com/news/home/20170419005186/en/
AccentureJames Murphy,
+1-917-452-0588james.p.murphy@accenture.com
Accenture (NYSE:ACN)
Historical Stock Chart
From Aug 2024 to Sep 2024
Accenture (NYSE:ACN)
Historical Stock Chart
From Sep 2023 to Sep 2024