Accenture-网络安全复原力状况2023-How cybersecurity boosts enterprise reinvention to drive business resilience State of Cybersecurity Resilience 2023

>

Howcybersecurityboostsenterprisereinventiontodrivebusinessresilience

StateofCybersecurityResilience2023

Contents

Securing

transformation

success

Page3

Cybersecurityas

achangemaker

Page7

Whatittakesto

beacyber

transformer

Page16

Wherenext?

Abouttheresearch

Extrapressure

points

Page29

Page33

Page23

2

3

Theworldhasshifted

andcybersecurityisshiftingwithit—although,

notalwaysfastenoughtobringabouteliteperformance.

4

Securingtransformationsuccess

Marketdisruption—fueledby

technologicalchange,complexregulations,geopolitical

tensionsandeconomic

uncertainties—istestingglobal

organizations’approachtorisk

andresilience.

AsourTotalEnterpriseReinvention

research

shows,mostlarge

organizationsaretransformingfaster

andmorefrequently.

Ourlatestcybersecurityresearch

revealssomeorganizationsareusing

cybersecurityasadifferentiatorto

deliverbetterbusinessoutcomes.Thoseorganizationsthatcloselyaligntheir

cybersecurityprogramstobusiness

objectivesare18%morelikelyto

increasetheirabilitytodriverevenue

growth,increasemarketshareand

improvecustomersatisfaction,trustandemployeeproductivity.

What’smore,organizationsthatembedkeycybersecurityactionsintotheirdigitaltransformationeffortsandapplystrongcybersecurityoperationalpractices

acrosstheorganizationarenearlysix

timesmorelikelytoexperiencemore

effectivedigitaltransformationsthan

thosethatdon’tdoboth.

Yet,someorganizationsaren’tengagingcybersecurityearlyenoughtoaccelerate

transformationandmeetfuture

challengesandopportunities.

Wefoundthat,whenitcomesto

embeddingsecuritycontrols,18%ofoursurveyrespondentsstilldeploythemafterthey’vefinalizedatransformationeffort—andthat’sonlyifvulnerabilitiesare

detected.

Itcouldbeacaseoftoolittle,toolate.Asarecentstudyfound,thediscoveryofanerrorduetopoorapplicationsecurityinanapp'scodingphase,insteadofduringinitialplanning,costsfivetimesasmuchtofix—andthatsoarsto30timesthecostpost-release.1

Thenextwaveofbusiness

transformationwillmorphfrom

managingisolateddigitalcapabilitiesto

creatingthefoundationsofashared

reality.Itwillconvergethephysicallives

we’vebeenleadingwiththedigitalones

we’vebeenrapidlyexpanding.Insuch

anenvironment,organizationsshould

embedcybersecurityeachstepofthe

waytobettermanagethesehighstakes.

5

Securingtransformationsuccess

Byconvertingcybersecurity

fromanincident-driven

reactionintopartofthefabric

oftransformationefforts,

organizationscannotonly

boostcybersecurityresilience,

butalsopositionthemselves

to

reinventthewhole

enterprise

andsetanew

performancefrontier,safely.

6

7

53%

saidthatcybersecurityispartofthecore

transformationteam

Cybersecurityasachangemaker

OurannualStateofCybersecurityResilienceresearchinvolved

3,000globalrespondentsfrom15industriesacross14countries.

Surveyresponsesshowthat

morethanone-halfof

organizationsarebeginningto

recognizetheimportanceof

beingsecurefromthestartin

anytransformationeffort.

Source:AccentureStateofCybersecurityResilience

2023;N=3,000securityexecutivesandbusinessleaders

&

53%

saidthatcybersecurityis

requiredbeforeany

solutionisdeployed

8

9

Cybersecurityasachangemaker

Wediscoveredthatthemajorityoforganizationsundergoingdigital

transformation,inoursample,increasetheirchancesofbeingfullysatisfied

withthelevelofcybersecurityembeddedintheirdigitaltransformation

effortsby10%iftheyfollowthreeactions.

Threecybersecurityactionstoboosttransformation:

1.

Requirecybersecuritycontrolsbeforeallnewsolutionsaredeployed

2.

Applycybersecurityincrementally

aseachdigitaltransformation

milestoneisachieved

3.

Assignacybersecurityrepresentativetothecoretransformationteamandapointpersontoorchestratecybersecurity

acrossalltransformationinitiatives

Applicationsandplatforms

DataandAI

Infrastructureandsecurity

The

digital

core

10

Cybersecurityasachangemaker

Ourrecentlyreleased

ResilienceforReinvention

study2showsthatcompanies

achievinglong-termprofitablegrowthdisplayacommitmenttowarddeveloping

adigitalcore,whichconsistsofthreelayers:infrastructureandsecurity;dataand

artificialintelligence(AI);andapplicationsandplatforms.

Theyalsodemonstratea

consistentlyhighershareof

investmentsinnewtechnologies,

innovationandcybersecurity.

11

Cybersecurityasachangemaker

InthislatestStateofCybersecurityResilienceresearch,wefindthatsomeorganizations—

representing30%ofrespondents—arealreadyprovinghowprioritizingcybersecuritymakesadifference.Theseorganizations—wecallthemcybertransformers—haveaccelerateddigitaltransformationeffortsandplantocontinueacceleratingthemastheirhigh-performing

cybersecurityactionspropelthemforward(Figure1).

Figure1.Cybertransformersacceleratedigitaltransformation

Cybertransformers

Therest

0%30%100%

Cybersecurityasachangemaker

Andlikethecyberchampionsinour

2021report

,thisyear’scyber

transformersstrikeabalancebetweenexcellingatcyberresilienceand

aligningwiththebusinessstrategytoachievebetterbusinessoutcomes.

12

73%

37%

oftherestinvolvethe

cybersecurityteamfromthestartofbusinessplanning

vs.

ofcybertransformersinvolvethe

cybersecurityteamfromthestartofbusinessplanning

13

Cybersecurityasachangemaker

Cybertransformerscloselyaligncybersecurityprogramstobusinessobjectives.

Indoingso,theyare18%morelikelytoincreasethefollowingoutcomes:

•Theirabilitytoachievetargetrevenuegrowthandmarketshare

•Improvedcustomersatisfactionandtrust

•Greateremployeeproductivity

Additionally,cyber

transformersarenearlytwice

asgoodastherestat

involvingthecybersecurity

teamfromthestartof

businessplanning.Andthey

arefarmorecomfortablewith

theirorganization’sinternal

cybersecurityplanning.

14

Cybersecurityasachangemaker

Cybertransformers

buildtransformation

foundationsintwoways

Theynotonlyembedthreekey

cybersecurityactionsintotheir

transformationefforts,butalso

establishabetterfoundation

byapplyingstrong

cybersecurityoperational

practicesfromthestart.Asa

result,theyare5.8Xmorelikely

toexperiencemoreeffective

digitaltransformationsthanthe

rest(Figure2).

Figure2.Cybertransformersbuildtransformationfoundationsintwoways

Source:AccentureResearchlogisticregressionanalysisofStateofCybersecurityResilience2023data;estimatedprobability

premiumfromapplyingcybersecuritybestpracticeswhenconductingdigitaltransformation.N=2,500securityexecutives.

Relymoreheavilyonautomation

Cybersecurityasachangemaker

Cybertransformersoutperformtherestusing

strongcybersecurityoperationalpractices.

Excelatintegrating

cybersecurityandrisk

management

Leveragecybersecurityas-a-servicemorefrequentlyto

enhancesecurityoperations

Morecommittedto

protectingtheirecosystems

fromexternalattacks

15

16

17

Therest

Whatittakestobeacybertransformer

Thereareseveralfactorsthatillustratethedifferences

betweencybertransformersandtherest.

Cyber

transformers

Source:AccentureStateof

CybersecurityResilience2023;N=2,500securityexecutives

65%ofcybertransformersapplythree

leadingpracticestoexcelatrisk

management.Bycontrast,just11%ofthe

restadoptthis“best-in-class”approach.

1.Integratecyberrisk:Acyberrisk-basedframeworkiscompletelyintegratedintotheirenterpriseriskmanagementprogram

2.Agreeonpriorities:Theircybersecurity

operationsandexecutiveleadership

consistentlyagreeonthepriorityofassetsandoperationstoprotect

3.Lookatriskholistically:Theyconsidercybersecurityrisktoagreatextentwhenevaluatingoverallenterpriserisk

Casestudy

Forexample,bychoosingtointegrate

cybersecurityriskintoitsbroaderenterprise

riskmanagementframework,aglobaltravel

companywasabletogainbetterrisk

management,improvedcompliancewith

regulatoryrequirementsandenhanced

protectionforitsbusinessanditscustomers.

Thisindustry-leadingandcomprehensive

approachtoenterpriseriskmanagement

enabledthecompanytogainadeeper,

holisticunderstandingofthesecurityrisks

associatedwiththird-partyvendorsandIT

systems,aswellasbetterpreparednessand

recoveryplanningintheeventofabreach.

18

Whatittakestobeacybertransformer

Cybertransformersmorefrequentlyuse

cybersecurity-as-a-servicetoenhanceoperations.

40%ofcybertransformersusethirdpartiesormanagedservices

providerstoadministercybersecurityoperationsandaddresstalent

shortages,versus24%oftherest.

Casestudy

WhenaNorthAmericanretailchain

becameastandalonepubliccompany,itneededtorethinkitsIToperations.

Accenturewasaskedtosupportthe

retailer’sfocusedsecurityteamby

expandingintoacybersecurity-as-a-

servicemodel,initiallyrunningthe

company’ssecurityoperations,suchasthreatintelligenceandestablishingaSecurityOperationsCenter(SOC).

Today,Accentureprovidesarangeofservicesincludingdataprotection,

identitymanagement,networksecurity,vulnerabilitymanagement,security

awarenessandriskmanagement.

Improvingitscybersecurityoperationsenabledthecompanytoinnovate

continuously,runitsstoreoperationswithoutdisruptionandmaintain

consumertrust.Theretailergained

improvedcyberresilienceandbusinessoutcomesbybeingsecurefromthestart.

19

Whatittakestobeacybertransformer

Cybertransformersaremorecommitted

toprotectingtheirecosystem.

Basedonouranalysis,cyber

transformersperformedbetterthantherestwhenitcomestotaking

actiontoprotecttheirecosystems.

Forexample,cybertransformersmoreoften

incorporatetheirecosystemorsupplychain

partnersintotheirincidentresponseplan(45%vs.37%)andalsorequirethemtomeetstrictcybersecuritystandards(41%vs.29%).Whiletheseecosystemactionsprovidecyber

transformerswitha10%advantageovertherest,thereisroomforimprovement.

Casestudy

Aleadingpharmaceutical

companycollaboratedwithAmazon

WebServices(AWS)toacceleratedrugdevelopment,increaseoperational

agility,reducetechnologycostsanddeveloptheworkforceofthefuture.

Tocreateamorescalable,reliableandsecurearchitecture,thecompany

moved80%ofitsapplicationstothecloud,removingnon-differentiating

technology,reducingitsinternaldatacenterfootprint,decreasingcapital

expendituresandimprovingresilience.

Customers,employeesandpartnerscanbenefitfromthecompany’sabilityto

respondwithgreaterspeed,agilityandinsightsacrossthevaluechainwhich,inturn,improvespatientexperiences.

Acceleratingthedeliveryofdataservicesandcapabilitiescanhelpthecompanyincreasesecureconnectivityand

collaborationwiththeLifeSciencesecosystemandexternalpartners.

20

Whatittakestobeacybertransformer

Cybertransformersrelyheavilyonautomation.

89%ofcybertransformersrely

heavilyonautomation,comparedwithjust57%oftherest.

What’smore,96%ofrespondentswhose

organizationssubstantiallyautomatetheir

cybersecurityprogramsrecognizethat

automationhelpsthemalleviatecybertalentshortages,akeychallengeforanycompanyseekingcyberresilience.Asevidenceofaman+machineapproachbecomingmore

mainstream,Accentureanalysishasfoundthattheshareofcybersecurity-relatedAIpatentsincreased2.7XbetweenJanuary2017andOctober2022.

Casestudy

Inourownorganizationof738,000

employees,we’veembracedAIand

automationthroughourIntelligent

ApplicationSecurityPlatform.The

platformusesleadingcommercial

scanningtoolstoperformapplicationsecuritytestingatscaleandtodiscovervulnerabilitiesandcodeissues.Italsoautomates,orchestratesandscales

onboardingapplicationsaswellas

applicationtestingandpipelinegating.

Theplatformusesanartificial

intelligence-poweredfilterthat

removesandreducesvulnerabilities—fromseveralthousandtoafew—

resultinginacuratedandmoremanageableprocess.

Asaresult,thescanningservicehashelpedapplicationteamssave

thousandsofhoursthroughthe

automatedremovaloffalsepositivefindingsgeneratedbyscanningtools.

Whatittakestobeacybertransformer

Fast-emergingAI

developmentssuchas

generativeAIcandriveanewwaveofcybersecurity

advances.

Intime,generativeAIcouldsupportenterprisegovernanceandinformationsecurity,protectingagainstfraud,improvingregulatorycompliance,andproactivelyidentifyingriskbydrawingcross-domainconnectionsandinferencesbothwithinandoutsidetheorganization.3

Indeed,theemergenceofChatGPThasalreadybroughtbothdisruptionandopportunity,offeringtherapidadvancementofcybersecurity

capabilitiessuchasthreatdetection,analysisandresponseandaccelerateduseofautomationtoreduceworkloadandaugmentstaffing.

AsoneCISOnoted:

Thereisanargumentforautomating

SecurityOperationsCenter(SOC)level-onesupport—thingslikecreatingYararulesandmorecomplexqueries.

GenerativeAIalreadyhasthiscapability.However,Ibelieveyou’restillgoingtoneedhumanoversight.”

21

22

Whatittakestobeacybertransformer

Asour

research

shows,TotalEnterpriseReinventionisadeliberate

strategythataimstosetanewperformancefrontierforcompaniesand

inmostcases,theindustriesinwhichtheyoperate.

Cybertransformersarewellplacedtoexecutethatreinventionstrategythroughgainsthatareadirectresultofdifferentiatedcybersecurity

practicesandbehaviors.

Andwhilecybersecurityincidentswillstill

happeneveryday,onaverage,cyber

transformersreport26%lowercostof

breachesandcybersecurityincidentsinthe

past12monthsthantherest—that’smorethanaquarterofallcoststhatcouldbeallocated

acrosstheenterprisetooptimizeoperations,fuelgrowthandimproveresilience.

Casestudy

Alargeretailandcommercialbank

introducedagilecybersecuritydecisionmakingwhileundertakingtwodigital

transformations:movingtoaprivatecloudandcreatingnewproduct

offeringsusingthepubliccloud.

Thebank’sdecentralizedoperating

model,coupledwithembedding

cybersecurityearlyinthedigital

transformationprocess,hashelpedtoreducerisksandvulnerabilities,improvedataprotectionandenhanceitsoverallsecurityposture.

What’smore,thebankhasreducedcosts

anddowntimewhileimproving

compliance—andenhancingitsreputationasasecureandtrustworthyorganization.

23

Extrapressurepoints

Whilemanagingsecuredigitaltransformationisanimportantconsideration,our

researchshowsthereareotherongoingissuesthatcontinuetoputpressureonall

organizationsandinfluencethestateofcybersecurityresilience.Lookingacrossour

entiresetofglobalrespondents,theseadditionalpressurepointswererevealed.

Anuncertaingeopoliticallandscapeisacceleratingthreatsandattacks

Organizations’cyberresilienceis

underpressurefromongoing

geopoliticaltensions,especially

throughtheirsupplychains,physical

infrastructureandexternalnetworks.

Thewholeapproachtocyberriskis

underscrutiny,insideandoutside

Organizationsarefailingtokeeppace

withthescopeandscaleofcyberrisk.

There’sstillroomforimprovementin

cybersecurityandbusinessalignment

Organizationsarebetteraligning

cybersecuritywithbusinessleadership,

buttherearegapsintheeffectiveness

oftheirapproach.

24

Extrapressurepoints

Anuncertaingeopoliticallandscapeis

acceleratingthreatsandattacks

Organizations’cyberresilienceisunderpressurefromongoing

geopoliticaltensions,especiallythroughtheirsupplychains,

physicalinfrastructureand

externalnetworks,suchas

investmentpartners.

TheinfluenceofRussia’saggressionintheUkraineisbeingfeltbyalmosteveryone.

Nearlyallorganizations(97%)haveseenanincreaseincyberthreatssincethestartoftheRussia-Ukrainewarandalmostallsurveyrespondentshavetakensomeaction.

51%oforganizationshaveupdatedtheir

businesscontinuityandenterpriseriskplans

andnearlyhalfhaveincreasedtheirincident

responsecapabilities.Atthesametime,only

39%oforganizationsareprioritizingclose

collaborationwithgovernmentagencieson

policiesandrecommendationsinresponse

tothewar.Morethanhalf(54%)seethird

partiesandexternalnetworksasthemost

susceptibleareasforattack.

Indeed,consistentwithlastyear’sfindings,

thepercentageofsuccessfulbreachesfrom

outsidetheorganizationremainshigh,even

nudgingslightlyahead(61%comparedto

60%lastyear),whileforsomeindustries,

suchasUtilities,supplychainpartnerthreats

arehigheragainat62%.

25

Extrapressurepoints

Thewholeapproachtocyberriskisunder

scrutiny,insideandoutside

Organizationsarefailingtokeeppacewiththescopeandscaleofcyberrisk.

Cyberriskmanagementis

challenginginsidethe

organization.Lessthanhalfofallsurveyrespondentssaidthatjustoneaspectofenterpriserisk

management—theircyberrisk-basedframework—iscompletelyintegratedwithintheenterpriseriskmanagementprogram.

Theregulatorylandscapeplaysaparthere,withriskintegration

leapingto81%inthehighlyregulatedBankingindustryor65%fortheSoftwareand

Platformssector.

Andacceleratingtransformationwithoutaddressingsecurityalongthewaycanopenthedoorto

greaterrisk.

While35%ofrespondentssaid

theyembedsecuritycontrolsinalltransformationinitiativesfromthebeginning,therearestill18%whodeploysecurityaftertheevent.Totransformatspeed,securityshouldbebakedin,otherwise

organizationscanexpecttoincurmorecostorreworkdownthe

line(Figure3).

Cyberriskisalsomountingoutsidetheorganization,wherecyber

threatsareincreasingdueto

changesinthethreatlandscapeandcybersecurityomissionsleaveorganizationsexposed.

Figure3.Thesecurityofdigitaltransformationefforts

Deploysecurityaftertransformationisinitialized

onlyifvulnerabilitiesaredetected,ensuringwecan

movetransformationasfastaspossible

Implementsecuritycontrols,onlyforcritical

functions,balancingspeedandriskmanagement

Embedsecuritycontrolsinalltransformation

initiativesfromthebeginning

Source:AccentureStateofCybersecurityResilience2023N=2,500securityexecutivesand500businessleaders

Forexample,Russia’sinvasionofUkrainespurredreactionfrom

executivestoaddress

cybersecuritypractices,suchasupdatestobusinesscontinuity,incidentresponseandincreasingemployeecyberawareness.

Indeed,onlyone-thirdofall

respondents(35%)consider

cybersecurityrisk“toagreat

extent”whenevaluatingoverallenterpriserisk;thishighlights

thereisstillsomewaytogotomakecybersecurityaproactive,strategicnecessitywithin

thebusiness.

26

AsoneCISOreported:

Thebiggesthurdlesecurityleadershaveisexecutivepresence.Youneedto

demonstratebusiness

capabilityandvalueandengageinconversationsthatareaboutmorethanjustsecurity.”

Extrapressurepoints

There’sstillroomforimprovementin

cybersecurityandbusinessalignment

Organizationsarebetterataligningcybersecuritywithbusiness

leadership,buttherearegapsintheeffectivenessoftheapproach.

Businessleaders(CEOandCFOrespondentsintheresearch)expectCISOstogobeyondtheirtraditionaltechnicalroletoactasa

representativeoftheorganization.BusinessleadersreportedtheimportanceofCISOsadoptingcertaincharacteristics,suchas

translatingthetechnicalaspectsof

cybersecuritytotheCEOandBoard(44%),leadingtheresponseduringbreaches(42%)andestablishingtrustwithcustomers(41%).

Thesefindingsunderscoretheimportance

ofhavingabusiness-ledCISOwhoactsas

aneducatorandcollaboratorwithnon-

securityaudiences.

Inparticular,there’sagapbetweenCISOs

andbusinessleaderswhenitcomestoa

post-breachcommunicationstrategytothe

generalpublic.Andyet,asevery

organizationwhohasexperiencedanattack

knows,inthemiddleofacrisis,it’scriticalto

providequick,transparentcommunications

toinformandreassurestakeholders.

NearlyhalfofCISOssaidthatnodefined

executivewasresponsiblefor

communicatingexternallyduringabreach.

27

Extrapressurepoints

There’sstillroomforimprovementin

cybersecurityandbusinessalignment

Figure4.Communicationresponsibilitiesduringabreach

Securityexecutives

Businessleaders

Inaddition,thedifferencesinopinion

betweenCISOsandbusinessleaders

aboutthisresponsibilitymayindicatea

lackofclarityforpost-breach

communication(Figure4).

Thisisaredflagforthewholeenterprise

asitattemptstolimitthedamageofa

breachtoitsbrandandcustomer

satisfactionscores,identifiedasthemost

importantconsiderationfollowinga

breachby50%ofoursurveyrespondents.

Organizationshavearesponsibilityto

defineacrisiscommunicationsstrategy

thatisagile,thatconsidersthe

complexitiesofcybereventsandthat

Source:AccentureStateofCybersecurityResilience2023.N=2,500securityexecutivesand500businessleaders

clearlydefinesrolesandresponsibilitiesfor

communicatingwithstakeholders.

28

29

30

Wherenext?

Realistically,ifyou’renotlookingat

cybersecurityholistically,you’renot

fullyprotectingyourbusiness

Embedcybersecuritytoprotectthedigitalcore

Securityiscriticaltoenablingbusiness

agilityandscalabilityaswellasdriving

continuedinnovationandestablishinganorganization’sdigitalcore—onethat

empowersemployeesanddepartmentstoexperimentandscalewhilemitigatingrisk.

Whatyoucando:Takethethree

cybersecurityactionsandestablishastrongfoundationwithcybersecurityoperationalpractices

toimprovebusinessoutcomesandoverallperformance.

Wherenext?

Here’showyoucanemploycybersecuritytodrivebetterresults

Applycybersecurityto

reconciledigitaland

physicalworlds

Increasedaccess,devices,softwareandconnectivityacrosstheCloudContinuumandlegacyenvironmentshasresultedinanever-expandingthreatsurface.And

whilegenerativeAI4canheraldaneweraofagilityandcyberprotection,italsoactsasanewthreatvectorforcybercriminals.

Whatyoucando

Investinunderstandingyourdata,itsvalue

andwhohasaccess.Re-examine

enterpriseandcustomeridentitytobetterbridgethephysicalanddigitalworlds.

Establishenhancedmonitoringand

visibilityacrossbothlegacyandcloudenvironmentsusingendpointdetectionandresponse(EDR)andsecurity

orchestration,automationandresponse(SOAR)technologies.

Makecybersecurity

partofthefabricof

transformation

Thetraditionalapproachto

cybersecurityisunsustainable.Aglobalshortageofcybersecuritytalentto

handleongoingthreatsiscompoundedbyfewerpeopleavailabletohandlethe

effectsofcyberattacksonan

organization’sbusinesscontinuity,

economicsandreputation.Thelinesarebecomingblurredaroundwhen

transformationbeginsandends.

Whatyoucando

Makecybersecurityacornerstoneof

yourtransformationeffortsandelevatetheCISOreportingsothatthefunction

isfundamentaltobusiness

transformationefforts.

31

32

Wherenext?

Fromriskassessmentandmanagementto

securitycontrolimplementation,andfrom

securityawarenessandtrainingto

incidentresponseandrecovery,

cybersecurityisessentialtomaintain

dynamicprotectioninevery

transformationprogram.What’smore,as

ourcybertransformersshow,business

leadershaveanopportunitytomake

cybersecurity’simpactextendbeyond

protectingthebusinessinthehereand

now,toactivelyinfluencecontinuous,

dynamicreinvention.

33

Abouttheresearch

Demographics

OurStateofCybersecurity

Resilience2023researchinvolved3,000globalrespondentsfrom15industriesacross14countries.We

wantedtounderstandtheroleof

cybersecurityinorganizations’

approachtotransformationandthebroadercybersecuritypracticesthatfacilitatesecuredigital

transformation.Therespondents

representorganizationswithannualrevenuesof$1billionormoreacrossNorthandSouthAmerica,Europe

andAsiaPacific.

3,000

TotalRespondents

2,500Securityexecutives

500Businessleaders(CEO,CFO)

US$1B+

Revenues

14

Countries

Australia(234)

Brazil(100)

Canada(115)

France(201)

Germany(223)

Ireland(102)

Italy(200)

Japan(221)

Netherlands(101)Norway(100)

SaudiArabia(55)

Spain(100)

UnitedKingdom(360)UnitedStates(888)

15

Industries

Banking(265)HealthcarePayers(102)(100)

CapitalMarkets(177)HealthcareProvidersRetail(259)

Chemicals(186)(130)Software&Platforms

ConsumerGoods&HighTech(209)(135)

Services(288)Insurance(209)Telecommunications

Energy–OilandGasLifeSciences(199)(202)

(277)USFederalServicesUtilities(262)

34

35

Methodology

Surveydataanalysis

Weusedstandardsurveydataanalysistounderstandtheoveralllandscapeaswellascharacteristicsofvarious

groupsinoursample;inparticularwecomparedcyber

transformerswhomadeup30%ofthesecurityexecutivesinthesample(741respondents)andtherestofthesecurityexecutives(1,759respondents).Wedefinedcyber

transformersasorganizationsthathaveaccelerateddigitaltransformationeffortsandplantocontinueacceleratingthemoverthenexttwoyears.

Compositeindicators

Weconstructedtwoindependentindexestocapturehowadvancedcompaniesareinmorecomplexareas.

1.Ecosystemprotectionindex.Incorporatesoursurveydataandisbasedonthenumberofpositiveanswerstoquestionsonecosystemprotecti