Leapfrog organizations are more effective than Static organizations at addressing security across three important areas.
Research from Accenture and the Ponemon Institute shows that proactive strategies can improve and expand on value delivered to the business.
Of the nearly 240 companies surveyed as part of the global research, those with a more proactive security stance saw their security effectiveness score improve by an average of 53 percent over a two-year period, while non-proactive companies only achieved a change of 2 percent.
For instance, 70 percent of Leapfrog companies have a company-sanctioned security strategy, compared with just 55 percent of Static companies. In addition, the report’s probability estimates indicate that the perceived likelihood of material data breaches have decreased over time by 36 percent for Leapfrog companies but only by 5 percent for Static companies.
The research outlines how Leapfrog organizations are more effective than Static organizations at addressing security across three important areas:
- Strategy: Leapfrog companies establish a security strategy that places a high value on innovation and is aligned with business requirements. These companies see innovation as an important driver in developing sustainable strategies that adapt to keep pace with evolving business requirements to deliver effective security measures at scale, anywhere. Additionally, 62 percent of Leapfrog companies outsource core security operations in order to gain access to advanced technology and experience resources, versus 47 percent of Static companies.
- Technology: Leapfrog companies seek to develop security capabilities that enhance the user experience and productivity. To do this, they look at technology that can facilitate the organization’s digital uptake and improve the ability to counter advanced threats. This consists of embracing disruptive technologies brought to light by business users, instead of restricting or locking down the use of newer technologies.
Governance: The report found that leapfrogging ahead in security effectiveness requires strong leadership and business alignment, with the correct governance measures in place. This may require that a company’s Chief Information Security Officer (CISO) have the authority to define and manage the company’s security strategy, with a direct communications channel to the CEO and the board. Nearly three-quarters (71 percent) of Leapfrog companies have a CISO tasked with defining security strategies and initiatives. Within Static organizations, governance and controls are less effective, and security is viewed as a trade-off with employee productivity.