Companies in Saudi Arabia are less than half as likely as those elsewhere to be leaders in cybersecurity performance, according to a new study from Accenture.
Based on a survey of more than 4,600 enterprise security practitioners around the globe, Accenture’s Third Annual State of Cyber Resilience study explores the extent to which companies prioritize security, the effectiveness of current security efforts, and the impact of new security-related investments.
The report identifies a group of “leaders” (based on high performances in at least three of the following four categories: stopping more attacks; finding breaches faster; fixing breaches faster; and reducing breach impact.). Only 8% of Saudi companies fell into the “leader” category, compared with 17% of surveyed companies globally.
In addition, Saudi companies took longer to detect and respond to attacks. In fact, they were only one-third as likely as other companies to resolve breaches in 15 days or less.
“The survey findings should be a wake-up call for companies in one of the most critical markets in the region,” said Ahmed Etman, who leads Accenture Security in the Middle East. “There is an enormous opportunity for Saudi businesses to improve their cyber-resilience by reducing the time it takes to detect and respond to attacks.”
Among the key differences in cybersecurity practices that the report identified between leaders and non-leaders:
• Leaders focus more of their budget allocations on sustaining what they already have, whereas non-leaders place significantly more emphasis on piloting and scaling new capabilities.
• Leaders were nearly three times less likely to have had more than 500,000 customer records exposed through cyberattacks in the last 12 months (15% vs. 44%).
• Leaders were more than three times as likely to provide users of security tools with required training for those tools (30% vs. 9%).
Accenture Security recommends three practical and actionable steps that organizations can take to be more like leaders in terms of cybersecurity:
1. Invest for operational speed — prioritize technology that focuses on faster detection, response and recovery.
2. Drive value from new investments — scale, train and collaborate more.
3. Sustain what you have — maintain existing investments and perform better at the basics.