Skip to main content
close search
site logo
Dive Brief

Organizations only protect 60% of their business ecosystem, Accenture finds

Published Feb. 3, 2020
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Elijah O'Donnell for Unsplash

Dive Brief:

  • Businesses experience 22 security breaches annually, down from 30 last year, according to Accenture's State of Cyber Resilience survey of more than 4,600 executives. Accenture found 17% of its respondents are "leaders," those who "scale, train and collaborate more." The majority, 74%, are "average performers," non-leaders between a leader and laggard. 
  • Of non-leaders, 44% suffered a breach compromising more than 500,000 customer records, compared to 15% of leaders. Less than 10% of leaders faced financial penalties as a result, compared to 19% of non-leaders.  
  • Indirect attacks exploiting "weak links" in the supply chain or partnerships caused 40% of security breaches in 2019. Currently, organizations only protect 60% of their business ecosystem, according to the report.

Dive Insight:

Data privacy regulators consider the health of business cybersecurity programs when calculating fines. Companies face fines even if they have extensive cyber hygiene. 

Regulators also consider how long it takes companies to recover when calculating fines. More than half of leaders experienced a breach for more than 24 hours, whereas 97% of non-leaders said the same, according to Accenture. 

Any lag time in remediation deepens a company's chance of fines under the General Data Protection Regulation or the California Consumer Privacy Act. While GDPR went into effect in 2018, most of its penalties fines are still in the "intent to fine" stage, leaving room for companies to negotiate with regulators.

Early detection is a company's best defense from a breach. However, less than one-fourth of non-leaders are able to detect a breach within a day, compared to 88% of leaders, according to Accenture. 

Samantha Schwartz/CIO Dive, data from Accenture
 

Data lives in motion, flowing between business partners and security systems. Bad actors find holes in data aggregators, brokers, contractors, or other service providers that sit between customers and the companies they do business with.

Quest Diagnostics and LabCorp's data breach was caused by a weak link in their business ecosystem: their billing collector. The billing company was compromised for eight months and left the two companies answering to Congress. The companies' third-party risk management was in question, their internal security programs were not. 

Only 15% of organizations have some degree of confidence in how they mitigate supply chain threats, according to Microsoft. Whitelisting, a mechanism for approving connections, is a solution for assessing third parties. With whitelisting, transactions are denied by default.

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
Newgen Recognized in Gartner® Magic Quadrant™ for Enterprise Low-code Application Platforms Fi…
From Newgen Software
October 30, 2024
Blackpoint Cyber Launches Global Partner Program and Enablement Platform Emphasizing a Focus o…
From Blackpoint Cyber
October 30, 2024
Celonis AgentC: Making AI Agents Work for the Enterprise with Process Intelligence
From Celonis
October 23, 2024
DigiCert Welcomes Lakshmi Hanspal as New Chief Trust Officer
From DigiCert
October 24, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell