Accenture Report: Banks Confident in Cybersecurity Capabilities But Lack of Real-World Testing Leaves Gaps in Their Defense

Delhi; Apr. 27, 2017 – Many senior bank executives are confident about their cybersecurity strategy, yet a lack of comprehensive, practical testing is leaving gaps in their defense, according to a new report from Accenture (NYSE: ACN).

The report, Building Confidence: Solving Banking’s Cybersecurity Conundrum, is based on a global survey of 275 senior security executives across the banking and capital markets sectors. It found that 78 percent of executives surveyed expressed confidence in their overall cybersecurity strategy, with more than half the respondents indicating high levels of comfort in their ability to identify the cause of a breach, measure the impact of a breach and manage the financial risk due to a cybersecurity event (cited 51 percent, 51 percent and 50 percent, respectively).

However, the analysis also points to ongoing security challenges for banks. For example, in addition to the many phishing, malware and penetration attacks that banks around the world receive each day, on average, respondents reported that their banks had experienced 85 serious attempted cyber breaches each year. Of these, about one third (36 percent) were successful, that is, at least some information was obtained through the breach. In these instances, it took 59 percent of banks several months to detect breaches that occurred.

Additionally, nearly half (48 percent) of respondents cited internal breaches as having the greatest cybersecurity impact and 52 percent indicated a lack of confidence in their organization’s ability to detect a breach through internal monitoring.

“As Indian financial services firms are in the initial stages of adopting digital technologies they have a unique opportunity to set up proper checks and balances to prevent cyber-attacks,” said Piyush Singh, managing director for Accenture’s financial services group in APAC and India. “They should take an enterprise-wide view of cyber security, weed out cyber security protocols operating in silos, tackle the issue as a business priority, and hire and continuously train people skilled in building cyber resilient businesses. They should also focus on deploying practical testing scenarios that include highly realistic simulated attacks. No amount of vulnerability scanning or risk assessment will replicate that.”

While banks’ security teams detected a high number of each company’s breaches, virtually all (99 percent) of respondents said they learned about the remainder of the breaches from their own employees, pointing to the critical importance of establishing strong awareness, strengthening internal training programs and establishing effective internal escalation processes.

According to the report, developing and implementing the right governance model to drive a holistic approach to cybersecurity is critically important in strengthening a firm’s external and internal defense capabilities.  Developing effective capabilities should be driven by a two-pronged strategy: focused cybersecurity assessments on one hand and comprehensive testing on the other.

Banks Expect Cybersecurity Skills Shortage
The research also points to several areas where respondents foresee a significant skills shortage, including end-point / network security, incident response and vulnerability management (cited by 61 percent, 53 percent and 53 percent, respectively).

The report complements the recently released Accenture Security Index, in which banking organizations ranked second in a cross-industry evaluation of high-performance security capabilities. Banks received a high rating in eight capabilities, including “what-if” threat analysis and “third party cybersecurity” preparedness. To gauge the effectiveness of current enterprise security efforts and the adequacy of their existing investments, Accenture surveyed 2,000 top enterprise security practitioners representing companies with annual revenues of $1 billion or more. The results of this survey were analyzed in collaboration with Oxford Economics to develop the Accenture Security Index comparing the relative strength of organizations to protect themselves from cyberattacks.

Methodology
Accenture surveyed 275 security executives from the Banking sector via a hybrid online and telephone interview process. This constituted an important subset of the 2,000 executives surveyed as part of the global, cross-industry report. The report and additional support materials are available here.

About Accenture
Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions – underpinned by the world’s largest delivery network – Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With approximately 401,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com.

Accenture Security helps organizations build resilience from the inside out, so they can confidently focus on innovation and growth. Leveraging its global network of cybersecurity labs, deep industry understanding across client value chains and services that span the security lifecycle, Accenture protects organization’s valuable assets, end-to-end. With services that include strategy and risk management, cyber defense, digital identity, application security and managed security, Accenture enables businesses around the world to defend against known sophisticated threats, and the unknown. Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.