Conventional wisdom is that it takes a fairly long time to detect a cybersecurity breach. Typically, most research suggests, it takes two to three months, possibly longer. That may not be the case anymore, though, according to a recent report.
Accenture’s “2018 State of Cyber Resilience” survey–a report based on interviews with 4,600 cybersecurity executives worldwide–suggests that network attacks are now being detected in a matter of days or weeks, not months. In fact, 89 percent of respondents said they detected a breach within one month, up from 32 percent last year; and 55 percent said it took one week or less to detect a breach, up from 10 percent last year.
All told, the survey paints a somewhat rosy picture of the cybersecurity landscape. While the number of attacks has more than doubled since the last survey, fewer attackers are reaching their targets. Given that last year was a banner year for ransomware–thanks to the WannaCry cryptoworm–the survey unsurprisingly found that ransomware and targeted attacks rocketed to 232 on average, up from 106 the prior year. Still, the number of attacks that were thwarted also increased significantly–87 percent were prevented this year, up from 70 percent last year.
Equally encouraging, the survey found that more money is being allotted to cybersecurity. Roughly 90 percent of respondents expect an uptick in cybersecurity investment over the next three years. Unfortunately, however, only 31 percent expect the investment to be “significant”–double or more. Of the executives interviewed, 90 percent had seen an increase in their budgets over the last three years, up from 64 percent in the prior year; and 74 percent spent more than 10 percent of their budget on IT security, up from 22 percent in 2017.
Perhaps the most concerning aspect of the current cybersecurity climate, according to the study, is the lack of investment in the new wave of breakthrough technologies, such as artificial intelligence–AI–machine learning, blockchain, and behavior analytics. While nearly all respondents–83 percent–agreed that these technologies will play a vital role in the future of cybersecurity, only two out of five executives are investing in these advanced areas.
In another fairly substantial change from last year, the study found that CIOs have less control over cybersecurity funding. Twenty-nine percent of respondents said their CIO has budget authorization, down from 35 percent last year. Most respondents–66 percent–said they report to either the CEO or board, and a growing percentage–27 percent–say their security budgets are approved by the board–up from 11 percent last year. The upshot is that more CISOs and CSOs report directly to the CEO, as opposed to the CIO or CTO, which may be one reason why many CISOs and CSOs have been able to increase spending on security, according to the study.