Professional Documents
Culture Documents
Accenture FederalCyberAttacks 12 20
Accenture FederalCyberAttacks 12 20
1
ACHIEVING FEDERAL CYBER RESILIENCE
Contents
3 | FOREWORD 4 | EXECUTIVE SUMMARY 5 | ABOUT THE RESEARCH 6 | CYBER RESILIENCE DEFINED
Where are we now? Stop more attacks 18 Invest for operational speed 23
Investment in innovation grows 8 Find breaches faster 19 Drive value from new investments
Cybersecurity basics are improving 9 Fix breaches faster 20 Scale more 24
Filling the gaps in cybersecurity Reduce breach impact 21 Train more 25
performance 10
Collaborate more 26
Progress masks hidden threats 11
Sustain what they have
ROI is elusive 13
Maintain existing investments 27
Unsustainable cost increases 14
Perform better at the basics 28
How to help reduce the cost
of a cyberattack 15
29 | MASTERING FEDERAL EXECUTION 30 | THE CASE FOR MANAGED CYBER RESILIENCE 32 | ABOUT THE AUTHORS
2
ACHIEVING FEDERAL CYBER RESILIENCE
Foreword
Federal agencies, like all large global organizations, are under Yet despite the challenges, results from Accenture’s Third Annual
attack from bad actors. Though they share many of the same State of Cyber Resilience Report - Federal Edition demonstrate
challenges as commercial entities (e.g., deficit of cybersecurity that federal agencies on average perform on par or better
professionals and overabundance of segregated security than the rest of the global population. But there is room for
technologies), they also face unique compliance requirements improvement when agencies are compared to the subset of
and acquisition challenges that complicate their approach to respondents deemed “leaders” based on their survey responses.
cyber resilience.
This report yields insights into how federal agencies stack up
Existing long-term government procurement processes, against commercial peers across the globe, and the results are
combined with a systemic focus on compliance, can hinder enlightening and encouraging. It also provides details about how
effective federal cyber response. This makes it difficult to organizations are investing in cyber resilience, the results they are
acquire and implement the right tools while also creating false achieving, and the sustainability of current models.
confidence in the agency’s security.
Aaron Faulkner
CYBERSECURITY PRACTICE LEAD
ACCENTURE FEDERAL SERVICES
aaron.faulkner@accenturefederal.com
3
ACHIEVING FEDERAL CYBER RESILIENCE
Executive Summary
Cybersecurity is improving globally, and cyber resilience is on the rise. Accenture’s Detailed modeling of cybersecurity
latest research shows that most organizations, including federal agencies, are performance identified an elite group
getting better at defending against cyberattacks. But as defenses evolve, so too do of leaders — 17% — that achieved
the threats. Attackers have already moved on to indirect targets, such as suppliers significantly higher levels of performance
compared to the rest. Federal agencies
and other third parties. This leads to massive vulnerability for federal agencies that
outperformed the global sample, with
rely heavily on a contractor network to achieve their missions. 28% qualifying as leaders.
And while vulnerabilities continue to shift, cybersecurity costs are reaching These leading organizations set
unsustainable levels. Despite the hefty price tags, security investments often fail the bar for innovation.
to deliver the desired security outcomes. This is particularly challenging for large
federal agencies that cannot implement security solutions consistently throughout
their organizations. Proliferation of outdated, hodgepodge legacy security solutions
complicate progress. BEHAVIORS OF
CYBERSECURITY LEADERS
But there is good news.
Leaders focus on technologies that provide
Accenture’s analysis reveals there is a group of standout organizations within the the greatest benefit.
public and private sectors that have cracked the cybersecurity code for innovation.
They scale, train, and collaborate more.
In Accenture’s Third Annual State of Cyber Resilience Report - Federal Leaders focus on speed for detection,
Edition, we identify what sets leaders apart. 4,644 executives were surveyed, mobilization, and remediation.
including one hundred federal professionals, and Accenture’s industry experts
compiled key findings to benefit commercial and government organizations.
4
ABOUT THE RESEARCH
DEMOGRAPHICS:
Third Annual Research Study
16
Australia Italy Portugal
4,644
Brazil Japan Singapore
SECURITY EXECUTIVES
Netherlands
COUNTRIES Germany
Norway
United States
Ireland
24 100
Aerospace Consumer Industrial Retail
Goods
Automotive Insurance Telecom
Energy
Banking Life Sciences Travel
Health
Biotech Media Software
Provider
FEDERAL AGENCY
Capital MedTech U.S. Federal
Health Payer
INDUSTRIES Markets
Metals & Mining Utilities
Chemicals
High Tech
Pharma RESPONSES
For the purposes of this research, we investigated targeted cyberattacks. These have the highest potential to both penetrate
network defenses, cause damage, and extract high-value assets from within the organization. This excludes the deluge of
hundreds—if not thousands—of speculative attacks organizations face on a daily basis.
5
CYBER RESILIENCE DEFINED
WHAT IS
continuity, and enterprise resilience.
It applies holistic security strategies to help
CYBER
federal agencies and other organizations
respond quickly to threats so they can
RESILIENCE?
minimize the damage and continue to
operate under attack.
6
S TAT E O F CY B E R R E S I L I E N C E
Innovation
investment is
LEADERS OUTPERFORM
growing THE PACK
A group of leading organizations are doing things differently
Cybersecurity 4x 4x 3x 2x
basics are better better at
stopping
better at
finding
better at
fixing
better at
reducing
attacks breaches faster breaches faster breach impact
BUT...
There are hidden HOW DO THEY DO IT?
threats
Invest for Drive value Sustain
ROI is elusive operational from new what they
speed investments have
Costs are
unsustainable
7
S TAT E O F CY B E R R E S I L I E N C E
Spending on cybersecurity innovation has grown significantly in the past three years.
8
S TAT E O F CY B E R R E S I L I E N C E
More than four out of five global and U.S. federal survey
WHERE ARE WE NOW? respondents agreed that cybersecurity tools have advanced
significantly over the past few years and are noticeably
are improving
Improvements in basic security hygiene back up this finding.
Being able to accurately assess the number of cyberattacks
against an organization depends on the ability of each
organization to detect them.
DIRECT
ATTACKS 11% SECURITY
BREACHES 27% DIRECT
ATTACKS 53% SECURITY
BREACHES 43%
9
S TAT E O F CY B E R R E S I L I E N C E
10
S TAT E O F CY B E R R E S I L I E N C E
hidden threats 232 to about 280, a potential increase of 20% over the prior year.
232 202 30
A closer look at the sources of cyberattacks A potential
2018
20% increase in
reveals 45% of federal agencies’ security overall annual attacks
breaches are now indirect, as threat actors 280 184 22 74
target the weak links in their extended 2019 40% of security breaches
from indirect attacks
operation. This is modestly higher than
global responses, where indirect attacks
represent 40% of security breaches. This
Federal Hidden Attacks
For federal agencies, the total number—both direct and indirect—could jump from
shift to indirect attacks blurs the true scale
201 annual attacks to about 613, a potential 3x increase over the prior year.
of cyberthreats.
11
S TAT E O F CY B E R R E S I L I E N C E
LOCK THE
contractors, grantees, and other partners. But there are
enormous challenges in managing third-party cyber risks.
FRONT
Many federal CISOs feel the sizable number of partners outstrips
their capacity to monitor them.
AND
Given finite security resources, there is value in a data-driven,
mission-focused, tiered-risk approach to secure the
enterprise ecosystem.
DOORS
services to tackle the wider scope and scale of security risks,
extending their coverage to trusted third parties.
With only a little more than half of Low 83% of breaches 54% of breaches 70% of breaches
their organization covered by their detection found by security found by security found by security
rates teams teams teams
cybersecurity programs, non-leaders are
at risk of having many areas unprotected.
55% say all 97% say all 72% say all
This contrasts with leaders who are able Longer breaches had an breaches had an breaches had
to cover 85% of their organization with breach impact lasting impact lasting an operational
impact more than 24 more than 24 impact of more
their cybersecurity programs. hours hours than 24 hours
13
U N S U S TA I N A B L E C O S T S
COST OF A $107,000US:
CYBERATTACK The average cost-per-attack for leaders
WHY LEADERS
ARE MORE CYBER RESILIENT
Leaders stop Leaders find Leaders fix Leaders reduce
more attacks breaches faster breaches faster breach impact
Leaders have nearly Leaders have a Leaders have nearly a Leaders have a
a fourfold advantage fourfold advantage threefold advantage in twofold advantage
in stopping targeted in detection speed. speed of remediation. in containing
cyberattacks. damage impact.
Leaders are the 17% of global organizations who set the standard for
cybersecurity excellence. 28% of federal agencies fit in this category.
16
B E HAVI O R O F LE AD E RS
17
B E HAVI O R O F LE AD E RS
Federal agencies perform better than average, but still shy 22%
of leaders. 45% can detect security breaches in less than a
day, with 91% of breaches detected in seven days or less.
Less than 1-7 1-4 More than
a day days weeks a month
Key Enabling Technologies
1. Artificial Intelligence (AI)
Key: Leaders Non-Leaders Federal Agencies
2. Security Orchestration, Automation, and Response (SOAR)
3. Next-Generation Firewall (NGF)
19
B E HAVI O R O F LE AD E RS
20
B E HAVI O R O F LE AD E RS
Federal agencies perform better than non-leaders, but not No impact Minor Moderate Significant
as well as leaders. 42% of federal security breaches deliver a No material effect,
breach notification
Short-term business
impact, limited breach
Moderate exposure
to business by
Very high profile, severe
and long-term impact on
moderate or significant impact. required, but little or notification and breach notification organization’s business (or
no damage financial exposure process or public mission) by massive
image impact notification process, lost
21
HOW LEADERS SUCCEED
LEADERS
Leaders scale more, train more, and
collaborate more to increase the value from
SUCCEED
innovative technology.
22
HOW LEADERS SUCCEED
23
HOW LEADERS SUCCEED
25
HOW LEADERS SUCCEED
27
HOW LEADERS SUCCEED
28
MASTERING FEDERAL CYBERSECURITY EXECUTION
Follow the leaders The state of federal cyber resilience
A core group of leaders (which includes 28% of federal Federal agencies face a disproportionately large number of
respondents) has shown that cyber resilience is achievable and cyberattacks versus their commercial counterparts. Agencies
can be reproduced. By investing for operational speed, driving are under a constant barrage of attempted breaches from
value from these investments, and sustaining what they have, organizations and individuals all over the world, and many of
they are well on the way to mastering cybersecurity execution. the cyberattacks (almost one-half) are now indirect, targeting
federal partners and federal contractors.
Leaders often take a more considered approach to their use of
advanced technologies by choosing those which help deliver Yet despite the growing and evolving threats agencies face, they
the speed of detection and response they need to reduce are still able to outperform most organizations surveyed, though
the impact of cyberattacks. The number of leaders spending they lag behind the performance of leaders, on average.
more than one-fifth of their budget on advanced technologies
has doubled in the last three years, and once they do invest As your agency continues its journey to improve against all key
in technology, they scale fast. The combined result is a new metrics – stopping more attacks, finding and fixing breaches
level of confidence from leaders in their ability to extract more faster, and reducing breach impact – Accenture can help
value from these investments— and by doing so, exceed the you assess your current processes and technologies. We can
performance levels of the non-leaders. help you define a strategy, architecture, and roadmap for
strengthening your cyber posture in a sustainable, scalable, and
agile manner.
How can an agency choose technologies (often down to the SKUs) that will Accenture’s Third
Annual State of
protect it from threats two years from now – let alone five years? They can’t
Cyber Resilience
make that decision effectively without knowing the unknowable, namely, what
Report - Federal
attacks will look like in the future, and what new technologies will be available
Edition survey results
to aid in defense. This is especially true given the diverse and ever-changing illustrate that strong cyber
set of tools needed to secure and monitor the end-to-end enterprise. resilience is not achieved by throwing money at the
problem or simply buying the latest technologies.
Choosing specific technology solutions in multi-year increments runs counter
Cyber resilience is achieved through a combination
to the government’s interests. Flexible contracting models, with an emphasis
of good planning, a nimble approach to technology
on managed service solutions based on delivery outcomes via contractual use and procurement, collaboration among
service level agreements and key performance indicators, show great organizations, and well-trained staff.
promise in addressing this issue.
30
THE CASE FOR CYBER MANAGED SERVICES
31
ACHIEVING FEDERAL CYBER RESILIENCE
32
About Accenture Federal Services
Accenture Federal Services, a wholly owned subsidiary of Accenture LLP, is a U.S. company with offices in Arlington, Virginia. Accenture’s federal business
has served every cabinet-level department and 30 of the largest federal organizations. Accenture Federal Services transforms bold ideas into breakthrough
outcomes for clients at defense, intelligence, public safety, civilian and military health organizations.
Visit us at www.accenturefederal.com.
Accenture, the Accenture logo, and other trademarks, service marks, and designs are registered or unregistered trademarks
of Accenture and its subsidiaries in the United States and in foreign countries. All trademarks are properties of their respective
owners. All materials are intended for the original recipient only. The reproduction and distribution of this material is forbidden
without express written permission from Accenture. The opinions, statements, and assessments in this cybersecurity report are
solely those of the individual author(s) and do not constitute legal advice, nor do they necessarily reflect the views of Accenture,
Copyright © 2020 Accenture All rights reserved. its subsidiaries, or affiliates.