UNLOCKING THE VALUE OF IMPROVED CYBERSECURITY … · • The average cost of cybercrime for an organization increased US$1.4M to US$13.0M. • Phishing and social engineering (+16%),

UNLOCKING THE VALUE OF IMPROVEDCYBERSECURITY PROTECTIONNINTH ANNUAL COST OF CYBERCRIME STUDY IN FRANCE

Presenter

Presentation Notes

S size = 4.9” x 4.64” Position = Horz: 8.14“ | Vert: = 1”

• The average cost of cybercrime for an organization increased US$1.4M to US$13.0M.• Phishing and social engineering (+16%), ransomware (+15%), and stolen devices (+15%)—

largely people-based attacks—show the biggest increases.• Information theft is the most expensive consequence of cybercrime and companies spend

most on discovery activities.

Organizations spend more than ever to deal with the costs and consequences of more sophisticated attacks.

• The threat landscape continues to expand with an increase in nation-state espionage, supply chain and critical infrastructure threats.

• In the drive for growth and innovation, 79% of business leaders say new business modelsintroduce technology vulnerabilities faster than they can be secured.

• The average number of security breaches in the last year grew by 11% from 130 to 145.

The expanding threat landscape and new business innovation is leading to an increase in cyberattacks.

• Place greater emphasis on protecting people to combat the rise in attacks against them.• Prioritize technologies to limit information loss and business disruption which are the

largest consequences of cybercrime and a growing concern with new privacy regulation like GDPR and CCPA.

• Use automation (including AI and machine learning) and advanced analytics to manage the rising cost of discovering attacks. the largest component of spend.

Prioritize technologies that reduce the consequences of cybercrime to unlock future economic value.

• Improving cybersecurity protection can reduce the cost of cybercrime and provide additional revenue opportunities. A total of $US5.2 trillion over the next five years.

• This translates into additional revenue of 2.8 percent—or an average of $US580M annually—in each of the next five years for an average G2000 company.

• This provides a useful benchmark to measure investments in cybersecurity protection.

What is the economic value of improving cybersecurity protection worth to an organization?

THE GLOBAL STORY IN BRIEF

Copyright © 2018 Accenture. All rights reserved. 2

ABOUT THE RESEARCH


11 USUnited KingdomJapanGermanyFrance

BrazilCanadaAustraliaSpainItalySingapore

EXAMINING THE ECONOMIC IMPACT OF CYBER ATTACKS

355Companies

2,647Jointly developed by:

Countries

TravelComm & MediaLife sciencesRetailHealthConsumer GoodsPublic Sector

US FederalEnergyCapital MarketsHigh TechInsuranceAutomotiveSoftwareUtilitiesBanking

Annual research study

9th

16Industries Interviews

What types of cyberattacks and security breaches are included in this research? We define cyberattacks as malicious activity conducted against the organization through the IT infrastructure via the internal or external networks or the Internet. Cyberattacks also include attacks against industrial control systems (ICS). A security breach is one that results in the infiltrationof a company’s core networks or enterprise systems. It does not include the plethora of attacks stopped by a company’s firewall defenses.

DEFINING CYBERATTACKS AND SECURITY BREACHES


WITH AN EXPANDED THREAT LANDSCAPE AND NEW DIGITAL VULNERABILITIES, THE NUMBER OF SECURITY BREACHES INCREASED IN THE LAST YEAR


Average number of security breaches in 2017 in

France +14%Average number of

security breaches in 2018 in France

69 Increase in one year 80* 31 French companies, 248

interviews

THE LARGEST INCREASES COME FROM THE NUMBER OF ORGANIZATIONS EXPERIENCING PEOPLE-BASED ATTACKS

Copyright © 2019 Accenture Security. All rights reserved. 6

Types of cyberattacks experienced by French companies(% increase 2017–2018)

Phishing (+12%) and Ransomware (+20%)

46%

46%

66%

61%

72%

65%

86%

84%

78%

46%

26%

65%

55%

63%

57%

76%

76%

79%

Malicious insider (+0%)

Ransomware (+20%)

Stolen devices (+1%)

Denial of service (+6%)

Malicious code (+9%)

Botnets (+8%)

Web-based attacks (+10%)

Phishing and social engineering (+8%)

Malware (-1%)

2017 2018

INDIVIDUAL INCIDENTS ARE BECOMING MORE EXPENSIVE TO RESOLVE


Types of cyberattacks experienced by French companiesUS$ (% increase 2017–2018)

Malicious Insiders increased (+10%), Malicious Code (+25%) and Ransomware an alarming ( +76%)

$995

$5 880

$29 593

$79 544

$62 184

$101 400

$124 852

$126 325

$191 700

$963

$6 159

$33 785

$71 609

$35 316

$99 136

$110 510

$100 743

$174 703

Botnets (+3%)

Malware (-5%)

Stolen devices (-12%)

Web-based attacks (+11%)

Ransomware (+76%)

Phishing and social engineering (+2%)



Malicious insider (+10%)

2017 2018

Length of time taken to resolve cyberattacks for French CompaniesDays (% increase 2017–2018)

Malicious code attacks shows the most significant increase in the number of days taken to resolve (+16%).

MANY ATTACK TYPES ARE TAKING MORE TIME TO RESOLVE

8Copyright © 2019 Accenture Security. All rights reserved.

2,4

6,5

18,8

23,0

21,4

32,3

26,2

55,4

63,7

2,3

5,9

17,9

22,1

26,3

35,1

25,6

47,6

70,0

Botnets (+3%)

Malware (+10%)

Stolen devices (+5%)


Web-based attacks (-19%)

Phishing and social engineering (-8%)

Ransomware (+2%)


Malicious insider(-9%)

2017 2018

Organizations were asked to report their spend(costs) to discover, investigate, contain and recover from cyberattacks over four consecutive weeks. Also covered are the expenditures that result in after-the-fact activities and efforts to reduce business disruption and the loss of customers.These costs do not include outlays and investments made to sustain an organization’s security posture or compliance with standards, policies and regulations.Once compiled and validated, these costs were then grossed-up to determine the annualized cost.

CALCULATING THE COST OF CYBERCRIME


$7,6 $7,7

$9,5

$11,7

$13,0

$-

$2,0

$4,0

$6,0

$8,0

$10,0

$12,0

$14,0

2014 2015 2016 2017 2018

Tota

l ave

rage

cos

t of c

yber

crim

e (U

S$ M

)


THE AVERAGE COST OF CYBERCRIME FOR AN ORGANIZATION INCREASED BY 12 PERCENT OVER THE YEAR TO US$13.0 MILLION

+2%

+23%

+23%

The GLOBAL average cost of cybercrime for companies in studyUS$

The increase over the last five years is 72%, or US$ 5.5 million, on average for companies in our study.

+12%


THE COST OF CYBERCRIME IS INCREASING IN ALL COUNTRIES Change in cybercrime cost by countryUS$ millions(% increase 2017–2018)

The average increase in cybercrime costs for the countries in our sample is +26%. The United Kingdom (31%), Japan (31%) and United States (29%) have the largest increases followed by Australia (+26%).

The increase for Germany (18%) is less than half the increase in 2017 (42%).

$6,79

$7,24

$8,01

$8,16

$9,25

$9,32

$9,72

$11,46

$13,12

$13,57

$27,37

$5,41

$6,73

$7,90

$8,74

$11,15

$10,45

$21,22

- $5M $10M $15M $20M $25M $30M

Australia (+26%)

Brazil*

Italy (+19%)

Spain*

Canada*

Singapore*

France (+23%)

United Kingdom(+31%)

Germany (+18%)

Japan (+30%)

United States (+29%)

2017 2018Cost ($US Millions)


BANKING AND UTILITIES CONTINUE TO HAVE THE LARGEST COST OF CYBERCRIME BY INDUSTRYAverage annualized cost by industry sectorUS$ (million)

Average cost of cybercrime= US$13.0 million

$7,91

$8,15

$9,21

$10,91

$11,43

$11,82

$11,91

$13,74

$13,77

$13,92

$14,69

$15,76

$15,78

$16,04

$17,84

$18,37

$6,58

$4,61

$7,55

$5,87

$9,04

$12,86

$8,09

$10,41

$13,21

$10,56

$12,90

$12,93

$10,70

$14,46

$15,11

$16,55

- $2M $4M $6M $8M $10M $12M $14M $16M $18M $20M

Public sector

Travel

Communications & media

Life sciences

Retail

Health

Consumer goods

US federal

Energy

Capital markets

High Tech

Insurance

Automotive

Software

Utilities

Banking

2017 2018Cost ($US Millions)

What is the economic valueof improving cybersecurity protection worth to an organization?

THE VALUE OF CYBERSECURITY

0

2

4

6

8

10

12

14

16

18

The cost of cybercrime The value of cybersecurity

$US

mill

ion

New revenueopportunity

Savings in the cost ofcybercrime

The cost of cybercrime


HOW MUCH IS IMPROVED CYBERSECURITY PROTECTION WORTH TO A BUSINESS?There is a positive correlation between size and cost. The bigger the organization the bigger the cost burden on them.

But can improved cybersecurity protection create more economicvalue for businesses?

Economic value includes savings in the cost of cybercrime plus new revenue opportunity.

The economic value of improvedcybersecurityprotection

Econometric modelling

Historical analysis

THE COST OF CYBERCRIME THE VALUE OF CYBERSECURITY

2014–2018 2019–2023

23%

77%

Value at risk: 2019–2023(Value at Risk* due to direct and indirect attacks, Cumulative 2019–2023, US$t)

* Expected loss of savings in cybersecurity spend and revenue opportunity over the next 5 years. Calculations over a sample of 4,700 global public companies.

$5.2t

Direct Attacks

Indirect Attacks


Value at risk by industry (US$Bn)

Source: Accenture Research

Value at risk by country (US$Bn)

47

70

110

147

209

219

223

257

283

305

340

347

347

385

505

642

753

Capital MarketsTravel

TransportationChemicals

EnergyUtilities

Nat. Res.Comms & Media

Ind. Equip.Insurance

RetailHealth

BankingCG&S

AutomativeLife Sciences

High Tech

97

100

133

133

137

172

216

347

532

1700 t

AustraliaSpain

CanadaBrazil

ItalyFrance

United KingdomGermany

JapanUnited States

THE ECONOMIC VALUE AT RISK DUE TO CYBERATTACKS OVER THE NEXT FIVE YEARS IS $5.2 TRILLION GLOBALLY


THE ECONOMIC VALUE AT RISK PROVIDESA USEFUL BENCHMARK FOR SECURITY INVESTMENTSAverage annualized cost by industry sectorUS$ (million)

The average G2000 company revenue in 2018 was US$20 billion.

Life sciences and high tech companies have the highest revenue at risk.

Capital markets and industrial equipment companies have the lowest revenue at risk.

IndustryRevenue at Risk

(CAGR 2019 –2023)

Global=2.8%

2018 Average G2000 Revenue

(USD$ M)

Average annual revenue opportunity

at risk 2019–2023 (US$ M)

2019 –2023 Cumulative revenue

opportunity at risk (USD$ M)

Automotive 3.1% $20,000 $770 $3,851

Banking 2.4% $20,000 $570 $2,848

CG&S 3.4% $20,000 $738 $3,689

Capital Markets 1.5% $20,000 $365 $1,826

Chemicals 2.7% $20,000 $572 $2,859

Comms & Media 2.0% $20,000 $456 $2,282

High Tech 4.5% $20,000 $1,056 $5,278

Energy 2.1% $20,000 $352 $1,762

Health 3.7% $20,000 $1,156 $5,779

Industrial Equipment 1.5% $20,000 $368 $1,841

Insurance 3.9% $20,000 $949 $4,743

Life Sciences 5.6% $20,000 $1,475 $7,375

Natural Resources 2.6% $20,000 $541 $2,703

Retail 1.5% $20,000 $339 $1,695

Transportation 1.6% $20,000 $343 $1,715

Travel 1.5% $20,000 $378 $1,891

Utilities 2.9% $20,000 $579 $2,895

Prioritize technologies that reduce the costs and consequences of cybercrime to unlock future economic value.

THE VALUE OF CYBERSECURITY

Percentage cost by consequence for French Companies

Information loss is a worrying trend with new regulation like GDPR and CCPA to consider.

18

INFORMATION LOSS REMAINS THE MOST EXPENSIVE CONSEQUENCE OF A CYBERCRIME

Copyright © 2019 Accenture Security. All rights reserved.

34%

39%

21%

4%2%

32%

41%

21%

5%

1%

Business disruption Information loss Revenue loss Equipment damages Other

FY 2017 FY 2018

Percentage cost by internal activities for French Companies

Discovery and recovery spend highlight a significant cost-reduction opportunity for organizations that are able to systematically deploy enabling security technologies to help facilitate the discovery-to-recovery cycle.

19

COMPANIES SPEND THE MOST ON RECOVERY AND THE LEAST ON INVESTIGATION ACTIVITIES


29%

23%

19%

29%

25%

17%

23%

34%

Discovery Investigation Containment Recovery

FY 2017 FY 2018

The proportion of French companies who deploy nine enabling security technologies

The deployment of Automation, AI and machine learning as well as cyber and user behavior analytics remains stubbornly low.

20

PERIMETER CONTROLS ARE FULLY DEPLOYED BY MORE COMPANIES THAN ANY OTHER SECURITY TECHNOLOGY


70%

68%

62%

57%

48%

37%

37%

33%

23%

Advanced perimeter controls

Extensive use of cryptographic technologies

Advanced identity and access governance

Security intelligence and threat sharing

Extensive use of data loss prevention

Enterprise deployment of GRC

Automation, AI and machine learning

Extensive use of cyber analytics and UBA

Automated policy management

Cost savings when deploying enabling technologies for French CompaniesUS$

While not widely used as yet, automation (with AI and machine learning) and extensive use of cyber analytics can provide significant cost savings on average.


SECURITY INTELLIGENCE AND THREAT SHARING DELIVER THE LARGEST COST SAVINGS WHEN FULLY DEPLOYED

Rank9

8

7

6

5

4

3

2

1

$2 150 000

$2 060 000

$1 770 000

$1 590 000

$1 300 000

$1 090 000

$890 000

$760 000

$490 000

Security intelligence and threat sharing

Automation, AI and machine learning

Extensive use of cryptographic technologies

Extensive use of cyber analytics and UBA

Advanced identity and access governance

Advanced perimeter controls

Enterprise deployment of GRC

Extensive use of data loss prevention

Automated policy management

PRIORITIZE BREAKTHROUGH INNOVATIONS LIKE AI AUTOMATION AND ANALYTICS


Place greater emphasis on protecting people due to the rise in phishing, ransomware and malicious insider attacks

Invest to prevent information loss and business disruption which are growing concerns with new privacy regulation like GDPR and CCPA.

Use automation and advanced analytics to manage the rising cost to discover attacks which is the largest component of spend.

1

2

3

55 daysThe time to resolve denial of service attacks increased by 16 percent

41% of cost Information loss remains the most expensive consequenceof cybercrime

57% of spend Incident discovery and recovery are the largest elements of internal spend

ORGANIZATIONS NEED TO:

UNLOCKING THE VALUE OF IMPROVED CYBERSECURITY … · • The average cost of cybercrime for an organization increased US$1.4M to US$13.0M. • Phishing and social engineering (+16%),

Documents