Overconfidence may heighten risk of cyberattacks


22 January 2017

In a recent report 'Building Confidence: Facing the Cybersecurity Conundrum', Accenture surveyed 2,000 enterprise security practitioners representing companies with annual revenues of US$1 billion or more in 15 countries, including Singapore, about their perceptions of cyber risks, the effectiveness of current security efforts and the adequacy of existing investments.

The Accenture survey reveals that close to half of Singaporean companies' security teams surveyed (45 per cent) discovered between 61 to 70 per cent of breach attempts.

According to the report, three-fifths (60 per cent) of Singapore respondents are most confident in measuring the impact of a breach, as compared to the global average of 47 per cent.

However, only 44 per cent of Singapore respondents say they are confident in their ability to perform the essential activity of monitoring for breaches, as compared to the global average of 37 per cent, and a similar number (38 per cent) say the same about minimising disruptions.

According to Accenture, the sentiment among those surveyed suggests organisations will continue to pursue the same countermeasures instead of investing in new and different security controls to mitigate threats.

The survey found that given extra budget, 41 per cent to 52 per cent of Singapore respondents would 'double down' on their current cybersecurity spending priorities, even though those investments have not significantly deterred regular and ongoing breaches.

These priorities, the report says, include protecting the company's reputation (52 per cent), safeguarding company information (48 per cent), and protecting customer data (41 per cent).

Far fewer companies would invest the extra funds in efforts that would directly affect their bottom line, such as mitigating against financial losses (31 per cent) or investing in cybersecurity training (8 per cent), according to Accenture.

"Cyberattacks are becoming an operational reality across industries and types of organisations, and our survey shows that detecting criminal behaviour, internally or externally, and overcoming threats requires more than just relying on existing strategies and investments," said Joshua Kennedy-White, Asia-Pacific Lead for Accenture Security.

Organisations in Singapore need to improve the alignment of their cybersecurity plans with business imperatives, he said.

Key Singapore highlights from the report include:

· In Singapore, 23 per cent of organisations take up to a year or more to detect a successful attack. This is slightly less time than it took in the US and the UK, where over a quarter of organisations take up to a year or more to detect a successful breach (30 per cent in the US; 26 per cent in the UK).

· Cybersecurity strategies among businesses in Singapore (35 per cent) focus less on protecting customer information than the global average (49 per cent).

· The average total IT budget on cybersecurity among organisations in Singapore (8.3 per cent) is comparable with the global average (8.2 per cent). Companies in France spend the most (9.4 per cent). Businesses in the US (8 per cent) and Australia (7.6 per cent) spend the least.

· About a third (30 per cent) of organisations in Singapore plan to increase their cybersecurity investment significantly (2 times or more) in the next three years, as compared to the global average of 16 per cent.

· Organisations in the UK (50 per cent) and Singapore (44 per cent) are the most confident in monitoring for breaches compared to the global average (38 per cent).

In order to grow confidently, Accenture's Kennedy-White suggests businesses need to identify areas of strategic importance and risks, embark on a comprehensive end-to-end digital security approach, and invest both commitment and funds to integrate cyber defence deeply into the enterprise.