CIO upfront: Better cybersecurity practice key to creating value

It’s well known that cybercrime is rising in complexity, fuelled by an ever-changing digital landscape.

New Zealand organisations, just like their global counterparts, likely feel overwhelmed with these changing cyber threats.

Organisations of all sizes, geographic locations and industries globally have been plagued by the financial, reputational and regulatory consequences of cybercrime.

In the last year, we saw a significant rise in economic espionage, such as the theft of high-value intellectual property by nation-states.

In the backdrop of this challenging environment, Accenture’s Cost of Cybercrime 2019 research shows how cybercrime is increasing in size, complexity and cost.

Yet it also offers a fresh perspective – looking at how better cybersecurity practices can create value for an organisation.

To better understand the effectiveness of investment decisions, Accenture analysed nine enabling security technologies to assess current levels of investment and adoption, and their value in terms of cost savings to the business.

The research revealed wide variations between the spending levels for various security technologies and their value in terms of cost savings to the business.

Security intelligence and threat sharing, which is used by 67 per cent of respondents, is currently top of the league table for cost savings (US$2.26 million).

Automation, artificial intelligence (AI) and machine learning, while also reaping rewards in cost savings (US$2.09 million) is only being taken up by 38 per cent of our respondent samplemdash;representing a lost opportunity for many.

No caption

Organisations should manage the largest component of spend, the cost of discovering an attack .Justin Gray, Accenture NZ

Advanced perimeter controls are being used by 58 per cent of respondents, but there is no cost savings being realised.

Advanced identity and access management is already widely adopted by 63 per cent of organisations and provides a substantial net cost saving mdash;US$1.83 millionmdash;after deducting the amount of money invested in the technology.

This is clearly a technology which is proving its worth.

Security intelligence and threat sharing is widely deployed by 67 per cent of companies and provides the greatest cost savings when compared with levels of spend (US$2.26 million). It is not only an important enabling technology for both discovery and investigation activities, but also it is an important source of information to understand threats and better target resources against anticipated attacks.

Forensic cyber and user behaviour analytics also present an opportunity for cost savingsmdash;US$1.72 millionmdash;with discovery and investigation activities. However, only 32 per cent of organisations have deployed.

The costs associated with information loss is rising faster than any other consequence of cybercrime. The extensive use of cryptography technologies provides a healthy net saving of US$0.85 million. Although the return is lower, organisations should also consider the use of data loss prevention technologies where appropriate.

So cybercrime is increasing and takes more time to resolve, however there is an opportunity here. By improving cybersecurity protection, the onerous burden of cybercrime and its associated costs can be lifted and new revenue opportunities discovered.

Organisations should manage the largest component of spend, the cost of discovering an attack.

Unsurprisingly, as the number of cyberattacks grows, discovery costs are risingmdash;and breakthrough technologies could be the answer to ending and reversing this increasing expense.

Investments in enabling security technologies, such as security intelligence and threat sharing, can help to reduce the cost of cybercrime.

Cloud services can make the investigation of cyber threats more efficient. Meanwhile, automation and advanced analytics can be used to investigate cybercrime and enhance recovery efforts, as well as being applied to supplement the work of scarce specialist security personnel.

Target technologies that reduce rising costs and your organisation will be much better prepared to face the increasingly complex cyber threat environment.

Justin Gray is the country managing director of Accenture New Zealand.

No caption

Sign up for CIO newsletters for regular updates on CIO news, career tips, views and events. Follow CIO New Zealand on Twitter:@cio_nz


Copyright © 2019 IDG Communications, Inc.

Security vs. innovation: IT's trickiest balancing act