Ce diaporama a bien été signalé.
Le téléchargement de votre SlideShare est en cours. ×

2018 State of Cyber Reslience in Healthcare

Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Chargement dans…3
×

Consultez-les par la suite

1 sur 19 Publicité

2018 State of Cyber Reslience in Healthcare

Télécharger pour lire hors ligne

Accenture’s 2018 State of Cyber Resilience report reveals that healthcare payers and providers are improving cyber resilience even as targeted attacks more than doubled over the last year. Visit https://accntu.re/2RNIQJN to learn more.

Accenture’s 2018 State of Cyber Resilience report reveals that healthcare payers and providers are improving cyber resilience even as targeted attacks more than doubled over the last year. Visit https://accntu.re/2RNIQJN to learn more.

Publicité
Publicité

Plus De Contenu Connexe

Diaporamas pour vous (20)

Similaire à 2018 State of Cyber Reslience in Healthcare (20)

Publicité

Plus par accenture (20)

Publicité

2018 State of Cyber Reslience in Healthcare

  1. 1. 2018StateofCyberResilience GAINING GROUND ONTHE CYBER ATTACKER HealthcareIndustry Copyright © 2019 Accenture Security. All rights reserved.
  2. 2. Copyright © 2019 Accenture Security. All rights reserved. CLOSING THE GAP ON CYBER ATTACKS Organizations are improving cyber resilience and showing they can perform better under greater pressure as the number of targeted attacks more than doubles. Organizations reduced the rate of successful attacks from 30% to 13%. In the past 12 months, how many attempted / successful breaches have you identified and how many were successful? Average. 2017 2018 106 32 232 30 Targeted attacks Security breaches 24 155 Healthcare Payer and Provider Targeted attacks Security breaches
  3. 3. Copyright © 2019 Accenture Security. All rights reserved. CLOSING THE GAP ON CYBER ATTACKS Despite the rising number of cyber attacks, security teams continue to identify nearly two-thirds of all breach attempts, 63% on average, and twice as many of them are now able to detect 76% or more cyber attacks. Proportion of cyber attacks discovered by security teams GLOBAL 2018 2017 HEALTHCARE PAYER AND PROVIDER 14% 24% Less than 50% 30% 28% 51%-65% 45% 22% 66%-75% 10% 23% 76% or more 13% 32% Less than 50% 34% 26% 51%-65% 44% 13% 66%-75% 9% 29% 76% or more Global mean: 63% Healthcare payer or provider mean: 62%
  4. 4. Copyright © 2019 Accenture Security. All rights reserved. CLOSING THE GAP ON CYBER ATTACKS Collaboration is helping with attacks undetected by security teams. For the breaches that are not detected by your security team, how do you most frequently learn about them? (Ranked top 3) 66% 74% 60% 64% 57% 50% 56% 59% 53% 51% Internally by our employees Externally by a peer/ competitor in our industry Externally by the media White hats Law enforcement Healthcare payer and provider Global Cyber attacks discovered outside of security teams
  5. 5. Copyright © 2019 Accenture Security. All rights reserved. CLOSING THE GAP ON CYBER ATTACKS The majority of security teams are also more effective at finding security breaches faster— from months and years to just days and weeks. Improvements in detection speed of security breaches Thinking about the past year, how long, on average, did it take for a successful breach to be detected? 2017 2018 12% 43% 34% 11% GLOBAL HEALTHCARE PAYER AND PROVIDER 14% 47% 27% 13% Less than one day 1-7 days 1-4 weeks More than one month
  6. 6. Copyright © 2019 Accenture Security. All rights reserved. IMPROVING CYBER RESILIENCE We evaluated 33 cybersecurity capabilities across seven domains Business Exposure High Value Assets & Business Processes Physical & Safety Risks Cyber Attack Scenarios IT Risk Support Cybersecurity Strategy Cyber Response Readiness Cyber Response Plans Cyber Incident Escalation Plans Cyber Incident Communication Stakeholder Involvement Recovery of Key Assets Strategic Threat Context What-If Analysis Business Relevant Threat Monitoring Peer Situation Monitoring Threat Vector Monitoring Resilience Readiness Recovery Ability Design for Resilience Exposure Driven Design Continuous Improvement Threat Landscape Alignment Investment Efficiency Securing Future Architecture Security in Project Funding Protection of Key Assets Security in Investment Funding Risk Analysis & Budgeting Governance & Leadership High Value Assets & Business Processes Physical & Safety Risks Actual IT Support Scenarios of Material Impact Key Protection Assumptions Extended Ecosystem Contractual Dependability Operational Cooperation Contractual Assurance Regulatory Compliance Focus
  7. 7. Copyright © 2019 Accenture Security. All rights reserved. CLOSING THE GAP ON CYBER ATTACKS Being better at detection, prevention and collaboration is not all that security teams can be proud of— they have also realized an impressive 42 percent improvement in security capabilities. Cybersecurity capabilities rated high performing 1 11 capabilities rated high performing Capabilities rated high performing: 2018 Global: 19 2018 Healthcare payer and provider: 19 33 2017 2018 19 capabilities rated high performing
  8. 8. Copyright © 2019 Accenture Security. All rights reserved. CLOSING THE GAP ON CYBER ATTACKS In terms of delivering the next wave of improvements, it is easy to focus exclusively on counteracting external attacks, but organizations should not neglect the enemy within. Most damaging security breaches ranked by frequency and impact 28% of respondents ranked ‘External Attacks’ as having the greatest impact on their organization while 33% ranked ‘Internal Attacks’ as 0% the most frequent. Most Frequent GreatestImpact
  9. 9. Copyright © 2019 Accenture Security. All rights reserved. INTERNAL ATTACKS & HACKER ATTACKS ARE THE MOST FREQUENT ATTACKS and cause the greatest impact on the organization Among the types of breaches your organization has experienced, please rank them from most to least frequent. (Ranked top 3) Among the successful breaches, please indicate which of the following causes had the greatest impact on your organization. (Ranked top 3) 70% 56% 44% 43% 39% 26% 24% 62% 61% 44% 45% 37% 28% 23% Internal attack Hacker attack Accidentally published information Configuration error that affected security Legacy infrastructure that is challenging to secure Lost/stolen media Lost/stolen computer 61% 58% 53% 45% 36% 25% 21% 66% 63% 56% 30% 40% 27% 17% Internal attack Hacker attack Accidentally published information Configuration error that affected security Legacy infrastructure that is challenging to secure Lost/stolen media Lost/stolen computer Healthcare payer and provider Global
  10. 10. Copyright © 2019 Accenture Security. All rights reserved. CLOSING THE GAP ON CYBER ATTACKS Organizations need to protect their most valuable assets, from the inside out, and across the entire value chain. Which of the following is your cybersecurity program actively protecting? Multiple responses Areas cybersecurity program is actively protecting 63% 57% 56% 56% 48% 47% 32% 61% 54% 50% 55% 41% 48% 33% Healthcare payer and provider GlobalCorporate IT (all systems in the corporate office) Cloud service providers) Operational technologies (i.e. manufacturing industrial control systems)) Customer or partner environments (i.e. hosted websites, collaborations portals) Products and services (i.e., wearables, xx) Field operations (branches, franchises, subsidiaries) Third Parties Percentage of organization actively protected by cybersecurity program 2018 Global: 67% 2018 Healthcare payer and provider: 66%
  11. 11. Copyright © 2019 Accenture Security. All rights reserved. CLOSING THE GAP ON CYBER ATTACKS Cybersecurity standards should extend beyond the organization. Which of the following statements best represents the degree to which you hold your ecosystem partners and/or strategic partners to cybersecurity standards? We do not review cybersecurity standards of partners We review cybersecurity standards of partners, but do not impose any standards or requirements We hold partners to a minimum standard for cybersecurity, that is below our business standards, and audit regularly We hold partners to the same cybersecurity standards as our business, and audit regularly We hold partners to higher cybersecurity standards than our business Healthcare payer and provider Global Degree to which ecosystem partners are held to cybersecurity standards 6% 14% 16% 46% 18% 5% 13% 21% 47% 13%
  12. 12. Copyright © 2019 Accenture Security. All rights reserved. CLOSING THE GAP ON CYBER ATTACKS If the current rate of progress is maintained, organizations could reach a sustainable level of cyber resilience in the next two to three years. Forecast of average cybersecurity capabilities reaching a sustainable level of cyber resilience Healthcare payer and provider Global18% 34% 59% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 2016e 2017 2018 2019e 2020e 2021e *Cyber resilience embedded into the business Log. (Global Measured capacity average) * Estimate based on current rate of improvement
  13. 13. Copyright © 2019 Accenture Security. All rights reserved. CLOSING THE GAP ON CYBER ATTACKS Cybersecurity investment is important to keep the momentum of improved security resilience. Significant increase in investment (double or more) in cybersecurity Next 3 years Past 3 years 22% 31% GlobalGLOBAL 22% 27% GlobalHEALTHCARE PAYER AND PROVIDER
  14. 14. Copyright © 2019 Accenture Security. All rights reserved. CLOSING THE GAP ON CYBER ATTACKS Focusing on the right success measures ensures security objectives are aligned with the business. How do you measure the success of your cybersecurity program? Multiple responses Healthcare payer and provider Global Measures of success for cybersecurity programs 62% 57% 56% 53% 51% 41% 40% 38% 60% 58% 56% 46% 45% 40% 48% 39% Cyber IT resiliency (i.e., how many times an enterprise system went down and for how long) Cyber recovery/restoration time (i.e., how long it takes to restore normal activity) Cyber response time (i.e., how long it takes to identify and mobilize) Cyber OT resiliency (i.e., how many times an operational technology system stopped and for how long) Cyber compliance with national standards Trend measurement (incidents increasing/decreasing) Repetition (portion of breaches that come from repeated attempts of the same type) Business risk improvement
  15. 15. Copyright © 2019 Accenture Security. All rights reserved. CLOSING THE GAP ON CYBER ATTACKS Breakthrough technologies are essential to securing the organization’s future and driving the next round of cyber resilience. In which of the following new and emerging technologies are you investing to evolve your security program? Multiple responses Emerging technologies organizations invest in to evolve security programs Healthcare payer and provider Global 55% 54% 48% 45% 45% 44% 43% 41% 40% 43% 57% 43% 50% 49% 45% 40% 44% 38% IoT security Security intelligence platforms Blockchain Threat hunting Continuous control monitoring and reporting Managed security services Machine learning/artificial intelligence Password-less authentication Robotic process automation (RPA) New technologies such as artificial intelligence, machine/deep learning user behavior analytics, blockchain, etc. are essential to securing the future of the organization. 2018 Global: 83% 2018 Healthcare payer and provider: 85%
  16. 16. DEMOGRAPHICS
  17. 17. Copyright © 2019 Accenture Security. All rights reserved. THIS STUDY WAS FIELDED FEBRUARY 2018 Healthcare payer and provider sample size: 202 Location Global Healthcare Australia 401 12 Brazil 130 11 Canada 150 10 France 401 13 Germany 400 12 Ireland 124 10 Italy 302 14 Japan 400 12 Netherlands 115 10 Norway 114 10 Singapore 126 10 Spain 250 15 United Arab Emirates 132 15 United Kingdom 450 18 United States 1174 25 Industry Global Healthcare Aerospace & Defense 100 0 AFS 152 0 Automotive 101 0 Banking & Capital Markets 410 0 Chemicals 202 0 Comm & Media 410 0 CP&S 410 0 Energy (Oil & Gas) 200 0 Healthcare (payer) 100 100 Healthcare (provider) 102 102 High Technology 411 0 Industrial Equipment 313 0 Insurance 411 0 Life Sciences 200 0 Public Service 301 0 Retail 411 0 Software & Platforms 221 0 Utilities 214 0 Title Global Healthcare CISO 1513 68 Chief Security Officer 1429 63 Chief Compliance Officer 829 37 Chief Risk Officer 535 23 Chief Security Architect 133 4 Corporate Security Officer 78 7 Civilian - Political Appointee 50 0 Civilian - Senior Executive Service (SES) 49 0 Civilian - GS-13 to GS-15 27 0 Military - Officer (O-7 to O-10) 23 0 Military - Officer (O-4 to O-6) 3 0 Title Global Healthcare $50 bn or more 58 3 $20 bn-$49.9 bn 276 14 $10 bn-$19.9 bn 891 38 $6 bn-$9.9 bn 1,432 54 $1 bn-$5.9 bn 2,012 93
  18. 18. Copyright © 2019 Accenture. All rights reserved. 18 ABOUT THE RESEARCH In 2017, Accenture Security surveyed 2,000 executives to understand the extent to which organizations prioritize security, how comprehensive their security plans are, what security capabilities they have, and their level of spend on security. Just over a year later, Accenture Security undertook a similar survey, this time interviewing 4,600 executives—representing organizations with annual revenues of $1bn or more—from 19 industries and 15 countries across North and South America, Europe and Asia Pacific. More than 98 percent of respondents were sole or key decision-makers in cybersecurity strategy and spending for their organization. LEARN MORE accenture.com/stateofcyber 2018 State of Cyber Resilience
  19. 19. Copyright © 2019 Accenture. All rights reserved. 19 About Accenture Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions—underpinned by the world’s largest delivery network—Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With approximately 442,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com About Accenture Security Accenture Security helps organizations build resilience from the inside out, so they can confidently focus on innovation and growth. Leveraging its global network of cybersecurity labs, deep industry understanding across client value chains and services that span the security lifecycle, Accenture protects organization’s valuable assets, end-to-end. With services that include strategy and risk management, cyber defense, digital identity, application security and managed security, Accenture enables businesses around the world to defend against known sophisticated threats, and the unknown. Follow us @AccentureSecure on Twitter or visit the Accenture Security blog.

×