SECURING THE DIGITAL ECONOMY Reinventing the Internet for Trust CONTENTS

04 BUILDING ON TRUST 18 STEPPING UP TO MAKE A STAND 35 PAVING THE WAY FOR A TRUSTWORTHY DIGITAL 08 WHY THE INTERNET CAN’T SUSTAIN ABOVE GROUND: ECONOMY THE DIGITAL ECONOMY BUSINESS INITIATIVES 37 APPENDIX 12 The Internet Just Can’t Keep Up 21 Governance Join Forces with Other 43 ACKNOWLEDGMENTS 13 The IoT Effect Companies and Govern Globally 45 SOURCES 14 Identities in Crisis 26 Business Architecture 47 ABOUT THE AUTHORS 15 No Flow Versus Free Flow Connect and Protect with a Business Model That Runs on 16 The Cost of Insecurity Digital Trust 17 Keeping Tabs on Cybersecurity BELOW GROUND: Investments THE INTERNET’S INFRASTRUCTURE

31 Technology Advance Businesses and Enhance Safety Through Technology Authors

Omar Abbosh Kelly Bissell Group Chief Executive, Accenture Senior Managing Director, Communications, Media & Technology Accenture Security

Omar is responsible for the company’s US$8 billion Kelly leads the company’s US$2 billion security business business serving the digital platforms, media, across all industries. As a recognized cybersecurity expert, telecommunications, semiconductor and Kelly specializes in incident response, identity management, consumer electronics industries. Omar brings three privacy and data protection, secure software development, decades of experience to his role, and his and cyber risk management. experience and deep connections in Silicon Valley Kelly’s vision is to help businesses embed security in enable him to stay ahead of key shifts across everything they do. multiple technologies.

3 SECURING THE DIGITAL ECONOMY Building on Trust

When a person creates an online Why? The once open, global escalating cyberthreats. account, makes a purchase from a Internet has outgrown its original Companies have handled many purpose as a communication and threats with markedly successful website or downloads an app, it’s not information-sharing tool. As the results, but their efforts have not just the exchange of data, goods or Internet has become more solved the larger problem of services taking place. complex, digitally fueled Internet fragility. innovation has outpaced the Attackers need only a single lucky It’s a transaction in the ultimate ability to introduce adequate strike, while defenders must be safeguards against currency: trust. constantly vigilant against any cybercriminals. Today, there is a real risk that trust in potential type of incursion. Unless business leaders take The fragile nature of the Internet the digital economy is eroding. effective action, there is a real is putting the value of the digital risk that this lack of safeguards economy at risk, which is why could reduce the growth of the CEOs need to end their entire digital economy, hurting piecemeal approach and put trust both individual companies and and security at the forefront of the economy as a whole. business strategy. CEOs are aware of the problem and have increased spending on cybersecurity in response to

4 SECURING THE DIGITAL ECONOMY In an analysis we conducted with 30 leading technologists, and additional fieldwork with 1,700 C-level executives, we uncovered concrete actions CEOs can take to begin the crucial work of securing the digital economy.

For a practical framework that can help Similarly, securing the digital Another above-ground action safeguard the Internet’s future, leaders economy will take more than CEOs can take is steering what should look to an analogy from the oil and fixing Internet technology and we call business architecture—a network issues below ground. company’s own business model gas industry. Oil and gas executives spend There are also clear opportunities and value chain—in a direction much of their time determining how to for CEOs to step up on the above- that makes their own enterprise maximize production—which often means ground business initiatives. secure. Examples of actions that can be taken include committing focusing on the engineering and So, what can business leaders do to giving data access only to technology solutions that largely operate above ground? CEOs can own people who need it and who have “below ground.” and drive a secure Internet as a the right credentials. Importantly, critical component of their they should extend their business strategies. One key commitment to making their own However, innovative extractive technologies above-ground action would be enterprise secure to their are only part of the equation. Executives improving governance. partners, applying the same also have to address the many challenges CEOs need to join forces with standards to their entire business related to business and operating models, other top executives, government ecosystem. strategy, politics and economics that exist leaders and regulators to develop And they should ensure that the principle-based standards and “above ground.” very idea of a trusted digital policies to safeguard the Internet. economy is embedded in all future business models.

5 SECURING THE DIGITAL ECONOMY To some CEOs, above-ground embrace new technologies that decision-making opportunities can advance their businesses and may seem more accessible than enhance digital safety. Meanwhile, below-ground choices, but they should elevate their leadership is needed in both, understanding of how the same even from CEOs outside the technologies can introduce Building a trustworthy digital economy technology sector. All CEOs also unintended vulnerabilities. will take decisive—and, at times, have the opportunity to influence But the CEOs whose businesses unconventional—leadership from the and inspire technology focus on the Internet itself have an C-suite. Where should they start? By infrastructure investments below even greater responsibility: They ground. By making decisions to working collaboratively with each other. can concentrate explicitly on update everything from devices If they follow the roadmap detailed on promoting innovation in the to cables and networks, CEOs page 7, leaders could bring back the Internet’s infrastructure. Their can support the complexity and actions resolve inherent confidence needed in the Internet for connectivity of today’s Internet vulnerabilities, enable growth and individuals, organizations and societies while also promoting security. prepare for the advent of quantum to innovate and grow. These technology decisions computing, which will present new present the third concrete way opportunities and threats. CEOs can proactively secure the digital economy. CEOs should

6 SECURING THE DIGITAL ECONOMY Governance: ABOVE Join Forces with Other Companies and GROUND Govern Globally BANK Standards and 74 percent of business leaders say Best Practices solving the cybersecurity challenges of the Internet economy will require an organized group effort.

Business Architecture: Connect and Protect with a Model Run on Digital Trust 80 percent of business leaders say protecting companies from weaknesses in third parties is BELOW increasingly difficult given the GROUND complexity of today’s sprawling Internet ecosystems. Technology Investments

Technology: Advance Business and Enhance Safety 79 percent of business leaders say the rate of technology adoption and innovation has outpaced the security How Leaders Can Address Internet Security: features needed to ensure a resilient Above ground, the strategic initiatives of CEOs can lead to standards and best digital economy. practices. Below ground, through innovative technology improvements, CEOs can invest in improving the Internet’s infrastructure.

7 SECURING THE DIGITAL ECONOMY WHY THE INTERNET CAN’T SUSTAIN THE DIGITAL ECONOMY Without trust, the future of our dependent on the Internet. At Handling these connections requires more lines of digital economy and its nearly the same time, while businesses, code, more data and more capacity. Without a limitless potential is in peril. individuals and societies are more resilient and trustworthy Internet, a single Piecemeal efforts to address increasingly connected, those breach can have serious, cascading effects. For cybersecurity issues—including connections are also becoming example, the 2017 NotPetya cyberattack cost the Internet’s inherent flaws, more complex. Maersk more than US$300 million, and the vulnerabilities from the Internet damages to all other companies affected totaled of Things (IoT), identity and data more than US$10 billion.4 veracity and increasing digital In 2007, there were 1.2 billion Against this backdrop, with computers and networks fragmentation—have fallen Internet users. In 2017, there were so deeply embedded in critical infrastructure such short. Through their decisions 4.2 billion—more than half of the as water supply and public health systems, the risks above ground on industry-wide global population.1 to both the economy and public safety are high. governance and their business architecture and technology Consider the impact of the 2017 WannaCry infrastructure below ground, The number of IoT-connected cyberattack on the United Kingdom National Health however, CEOs can have the devices will likely reach 25 billion Service (NHS). It led to the cancellation of 19,000 influence necessary to by 2021.2 appointments and the diversion of ambulances, and collaboratively address these ultimately cost almost £100 million.5 overarching issues. Yet 79 percent of our respondents reported that By 2024, Long-Term Evolution Many of the issues affecting their organization is adopting new and emerging (LTE) networks (also called 4G) today’s Internet are due in part technologies faster than they can address related will cover an estimated to its rapid growth in both users security issues. 90 percent of the population, and applications. The entire with 5G networks covering about digital economy is now 40 percent.3

9 SECURING THE DIGITAL ECONOMY Even as 68 percent of CEOs report that their 100% 100% businesses’ dependence on the Internet is 100% increasing, they acknowledge that their confidence 90% in Internet security, already low at 30 percent, will 80% 76% drop even lower if nothing changes to improve it. In 70% the next five years, the confidence level in the 60% 100% Internet is forecast to drop to 25 percent, while 50% dependence on it is assumed to remain at

40% 100 percent. (See Exhibit 1). 30% 30% Nearly 80 percent of the S&P 500 companies in our 23% 20% 25% analysis have also mentioned cybersecurity 6 10% 19% initiatives during recent earnings calls. 10% 0% Five years ago, that figure was just slightly more 2008 2013 2018 2023 than 50 percent. Confidence in Internet Dependence on Internet As the Internet’s fault lines are becoming more apparent, companies are trying to build trust equity and are publicly discussing ways to do so. Exhibit 1: Dependence on the Internet is Growing While Confidence in However, only a relatively small percentage of Internet Security is Low and Forecast to Drop to 25 percent Over the Next companies are willing to openly discuss breaches— Five Years. an above-ground issue that CEOs need to address. (See Exhibit 2).

Source: Accenture Research

10 SECURING THE DIGITAL ECONOMY Exhibit 2: S&P 500 CEO Sentiment Toward Cybersecurity (Based on Transcripts from 11,418 Earnings Calls)

125 490 117 113 115 106 440 103 100 101 105 383 390 368 378 95 358 25 26 345 24 85 340 25 28

Number of companies 75 294 357

353 = 100) (2013 Change Sentiment 290 333 344 18 317 65 276 240 55 2013 2014 2015 2016 2017 2018

Company mentions of cybersecurity Company mentions of security breaches Positive sentiment toward cybersecurity

Note: Each year is computed as trailing 12 months from September of the previous year to August of the current year. For example, 2018 includes data from September 2017 to August 2018. Source: Accenture Research

11 SECURING THE DIGITAL ECONOMY The Internet Just Can’t Keep Up

How did today’s problems of Internet security As the Internet evolved from a connections among services originate? The Internet was not initially designed to military asset to an open providers, countries and address issues like perpetually increasing levels of infrastructure, security continents. But BGP traffic is complexity and connectivity. It was developed to considerations, such as they vulnerable in transit. In 2017, enable high levels of data sharing, which requires trust. were, focused on preventing traffic to and from 80 Internet physical failures. service providers (ISPs) was Researchers during the Cold War aimed to build a briefly routed to an unknown trusted communications network underground that Today, many of the base Internet Russian operator, showing how could withstand a nuclear attack. Their concerns protocols—the set of rules easy it is to reroute information, did not include preventing cyberattacks, largely embedded in code so all whether intentionally or because modern forms of cyberattack did not exist machines on a network or series accidentally.7 at the time. of interconnected networks “speak” the same language—are Other systems widely utilized on unfit for current demands and are the Internet, such as the Domain insecure. This has led to Name System (DNS) and the increasing challenges below Public Key Infrastructure (PKI), ground that CEOs should which underpins much of the address. encryption utilized on the Internet today, are similarly vulnerable to Consider the Border Gateway potential attacks. Protocol (BGP), a protocol that has been in use since 1994. BGP routes traffic through cables and

12 SECURING THE DIGITAL ECONOMY The IoT Effect

More recently, the rise of the IoT has expanded The casino had an Internet- While the IoT has increased the surface area of attack for enterprise networks connected fish tank that fed the digital capabilities, improved from thousands of end points—including remote fish automatically and efficiencies and unleashed devices, such as mobile phones and laptops—to monitored their environment. growth opportunities for a wide several million for the largest companies. variety of industries, it has also Hackers managed to use the suddenly created complexity for At the same time, the IoT compels all companies fish tank’s connection to break all businesses, leaving them to suddenly manage what are often unfamiliar into the fish tank monitor and more vulnerable. technology processes, where every connected then use this as an entry point device is a potential vulnerability. into the company’s systems. Take the case of an attack suffered by a North The data was then sent to American casino. hackers in Finland.8

13 SECURING THE DIGITAL ECONOMY Identities in Crisis

The “most fundamental challenge” might want to provide, or risk have not invested in the capabilities needed to facing business and society is providing services to someone verify that data. around identity, according to Amit who has stolen another’s identity.” Mital, founder of Kernel Labs and Most individuals who use the former chief technology officer Internet have multiple online (CTO) at Symantec. But the identities; the average Internet challenge of authenticating user today manages 27 identities and confirming the passwords, up from six in 2006.9 integrity of data on the Internet None of us really know what’s happening also presents a key opportunity for In this environment of content out there. We have no idea how our data is the C-suite to renew trust in the over context, Internet users have digital economy. less ability to ascertain the origin being used. I think that’s the key issue and of material they access and we’re [only] seeing the tip of the iceberg Mital comments: “No individual whether it is valid. Facebook, for with recent data breaches being has a single identity that they use example, closed nearly 300 in the digital world. This announced.” million accounts, or 14 percent of fragmentation requires too much all accounts, in 2018 after Norman Frankel, chairman of the UK-based effort for the individual to ensure determining that they were fake.10 iCyber-Security Group consistency, reliability and security. As a service provider, if I And although 79 percent of the cannot trust in the digital identity executives we surveyed believe of a person, then that precludes companies are basing their most me from providing services that I critical strategies on data, many

14 SECURING THE DIGITAL ECONOMY No Flow Versus Free Flow The Problem of Digital Fragmentation

Another key challenge that demands the attention of CEOs is the increasing fragmentation of the Internet. This trend, fueled in part by security concerns, could by itself stunt future global 80 economic growth. Walled gardens— isolated, secured information systems—are 70 64 proliferating as countries and regions limit the free flow of data across borders 60 through regulations. 48 50 Already 13 countries, accounting for 37 58 percent of the global GDP, have some 40 34 version of these regulations.11 Heightened 30 concerns about borderless cyberattacks, 30 coupled with geopolitical tensions, 17 20 13 13 threaten to result in even greater Article counts (’000) 9 4 6 restrictions. (See Exhibit 3). 10

Business leaders are already dealing with 0 this reality as they tailor global operating 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 models to countries with more restrictions. Exhibit 3: Digital Fragmentation Media Coverage Source: Factiva and Accenture Research Analysis. Factiva search based only on “digital fragmentation”, “splInternet”, “balkanization”, “Internet balkanization”, “cyber war”, “cyber attack”, “data breach”, “data leak”, “cyber threat”, “cyberthreat” as keywords among major global business publications.

15 SECURING THE DIGITAL ECONOMY The Cost of Insecurity

For CEOs, one of the most glaring Exhibit 4: Value at Risk* by Industry—Direct and Indirect Attacks challenges of an insecure Internet (Cumulative 2019 to 2023, US$ Billion) is the economic cost. In the private sector, over the next five years companies risk 23% 753 Data in losing an estimated US$5.2 US$B trillion in value creation Indirect attacks 642 opportunities from the digital economy—almost the size of the 505 economies of France, Italy and 385 Spain combined—to $5.2Tr 347 347 340 cybersecurity attacks. (See 305 283 Exhibit 4). 257 223 219 206 This translates to 2.8 percent in 147 77% 110 lost revenue growth for the next Direct attacks 70 47 five years for a large global company. High-tech industries s s e face the highest risk, with more n Retai l

* Expected foregone revenue cumulative over the next Travel Health Energy Utilitie s Banking than US$753 billion hanging in five years. Calculations over a sample of 4,700 global & Medi a Insurance High Tech public companies. Chemical the balance. Automotiv and Services Life Sciences Transportatio Capital Market Communications Source: Accenture Research Consumer Goods Natural Resources Industrial Equipment

16 SECURING THE DIGITAL ECONOMY Keeping Tabs on Cybersecurity Investments

CEOs are stepping up their 59 percent of organizations say Exhibit 5: Venture Capital Investments in Cybersecurity spending on cybersecurity to the Internet is becoming (Cumulative Data) protect their businesses. In its increasingly unstable from a latest security forecast, Gartner cybersecurity standpoint and they 70 5,000 projects that such spending was are not sure how to react. While more than US$123 billion for some companies aren’t spending 60 4,123 4,000 3,491 2018 and will grow by enough, others may be spending 50

10.8 percent per year to nearly excessively in response to their 2,731 3,000 12 40 US$170.5 billion by 2022. low tolerance for cybersecurity 33.1 2,148 27.2 risk. Others spend in the wrong 30 1,641 The rising Internet security market 2,000 areas, including projects that do 1,155 18.9 is also a hot area for venture capital 20 not deliver effective risk reduction. 800 14.8 investors, attracting almost US$33 499 10.5 1,000 287 10 109 7.1 billion to 2,479 security startups Increasing a company’s 3.2 5.0 1.7 0.7 since 2009, exceeding cybersecurity budget may not be 0 0 investments in blockchain, which the answer, according to 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018* have surged with the interest in 61 percent of CEOs who believe business applications and that the security issues of the Number of deals Investment amount (US$B) cryptocurrencies. (See Exhibit 5).13 digital economy are far too big for their organization to handle alone. Will spending more on * As of November 2018 And 86 percent believe that taking cybersecurity lead to a secure Note: CB Insights defines cybersecurity as tech-enabled companies that offer products and services for which the business resiliency to the next primary use case is the protection of digital and physical assets from unauthorized access and malicious use by digital economy? In our survey, cybercriminals. level requires an ambitious new vision for the Internet. Source: Accenture Research Analysis on CB Insights Data

17 SECURING THE DIGITAL ECONOMY STEPPING UP TO MAKE A STAND How CEOs Can Help Create Digitally Secure Business Models

18 SECURING THE DIGITAL ECONOMY The oil and gas industry analogy helps reveal the types of actions CEOs can take to ABOVE GROUND address security issues. In the same way that Leaders can do their part to build a secure Internet through industry- oil executives divide their focus between wide standards and best practices. CEOs can step up their governance engineering and technological innovations efforts, forging collaborative relationships with peers, government representatives, regulators and industry association leads. Leaders can below ground to advance oil and gas drilling, also embed the idea of a trustworthy digital economy in the vision for and above ground to develop appropriate their company’s business architecture, ensuring that security is business strategies, CEOs need a two- prioritized within the boundaries of their company and throughout its pronged view of the Internet security issue. ecosystem of partners, suppliers and end users.

To secure a trustworthy digital economy, above ground is where CEOs can own and BELOW GROUND drive the issue through business initiatives, Technology investments—in everything from devices to cables and including decisions affecting business networks—present decision-makers both inside and outside companies models and ecosystems. that control Internet functionality with the opportunity to build a more trustworthy digital economy. CEOs can influence and inspire technology investments that improve Internet infrastructure, but CEOs of some technology companies are in the position to apply specific technological solutions. CEOs that pay to use the Internet as a utility can understand the vulnerabilities from new technologies and influence how the Internet service is delivered securely to them. For example, they can influence investments to update the Internet’s basic protocols and networks. Meanwhile, CEOs leading companies that build and own the infrastructure and equipment can ensure their products and services are equipped to handle digital business growth and can address the vulnerabilities that new technologies introduce.

19 SECURING THE DIGITAL ECONOMY ABOVE GROUND: BUSINESS INITIATIVES Governance Join Forces with Other Companies and Govern Globally

First, CEOs can take the lead above ground in One venue already dedicated to likely to join or lead efforts to Internet governance. Of our C-level respondents, this goal is the World Economic ensure the trustworthiness of the 90 percent agree that more secure transactions Forum’s Centre for Cybersecurity. Internet economy. (See Exhibit 6). will not only benefit businesses, but also Launched in 2018, the Centre But no organization should need consumers, government and other stakeholders. seeks to bring partners from a “wake-up call” to join an effort “business, government, It’s in the enlightened self-interest of large that results in effective guidelines international organizations, businesses to extend themselves to help build a and standards and influences the academia and civil society to secure Internet. development of smart enhance and consolidate regulations. When leaders realize To do so, CEOs should collaborate with other top international security.”14 that prioritizing a trustworthy executives and also, where possible, with Many companies are discovering digital economy is a win-win governments and regulators. firsthand that they can’t address situation, businesses, consumers Internet security alone. Our and governments will all benefit survey found companies that through collaboration. have experienced 50 percent or more of their breaches from indirect attacks—targeted at their organization but initiated through partner organizations—are more

21 SECURING THE DIGITAL ECONOMY Exhibit 6: Likelihood to Join or Lead an Organized Effort to Govern a Create an Internet Security Code of Trustworthy Internet Economy Ethical Conduct for Each Industry

A vulnerability in a pacemaker or As a first step to that end above in an avionic system can have ground, CEOs should promote X2 serious consequences. Yet the the need for ethical codes of X2 software professionals who conduct for software develop them are not required to professionals for their industry. attain professionally recognized accreditations similar, for example, to those required of surgeons or pilots. Code safety, 45% 48% ethics standards and 29% certifications are overdue. 86% 27% 21% 24% The creation and maintenance of of our respondents believe that in a trustworthy Internet will require the next three years Less than 24% breaches 24%-49% breaches More than 49% breaches a formal educational system, organizations in the same from indirect attacks from indirect attacks from indirect attacks through which software industry will work together more designers, solution architects, to improve resilience for their computer engineers and code sector. developers can stay abreast of Definitely Extremely would join likely to lead their evolving responsibilities.

Source: Accenture Research

22 SECURING THE DIGITAL ECONOMY Be Proactive with Principle-based Standards

CEOs should not wait for another source to produce an ethical guide or related, principle- Devices to ensure product Networks to help ensure secure based standards. Choosing to proactively propose transparency, the ability to make connection to consumers, help their own business-relevant, principle-based software updates and successful them in device configuration and standards is a more expeditious path. pre-release testing and basic inform them about infrastructure CEO guidance can, in fact, influence regulators to offline functionalities. infections. put in place standards that can apply to existing and future technologies instead of myriad detailed Data to limit unnecessary data Protocols to provide authentic rules specific to each new technology 15 development. For example, two-factor collection or usage, anonymize routing information and reduce authentication to access banking services was data, enable users to control their domain name hijacking. already the industry standard in several markets data and make it clear to before European regulators required it. customers that their data is being stored and used responsibly.16 CEOs—especially those of device manufacturers, digital platforms and software and telecommunication providers—are uniquely Algorithms to ensure positioned for this more business-friendly approach transparency, auditability and and have a responsibility to discuss design security fairness.17 standards for the following:

23 SECURING THE DIGITAL ECONOMY Promote Consumer Control of Digital Identities

Advocating for individual control of data is more centralized system, a single challenging unless clear rules are than a good public relations move. Of our C-level organization establishes and in place and identity can be respondents, 86 percent say that their manages the identity system. For ascertained—for example, by organization’s access to digital identities is example, with Estonia’s e-identity using blockchain technology. important to its ability to offer innovative customer system, citizens are able to As the World Economic Forum solutions. And 87 percent of C-level respondents provide digital signatures and noted in a September 2018 recognize that customers should have the right to access a range of services using study,18 whatever model prevails, decide how to help secure their digital identities. their ID cards (which have digital identities are deeply Maintaining the trust of customers and protecting encrypted chips), Mobile-IDs (in embedded in daily activities, their digital identities is paramount to the growth of which people use a phone) or leading to greater complexity and the digital economy. Smart-IDs (which require only an responsibility. One thing is clear: Internet connection, no SIM CEOs can’t afford to stay out of above-ground There will be mounting pressure card). As the Estonia example debates that are already starting to take place. for control over personal identity demonstrates, centralized Regulators are discussing how countries and data to gravitate toward individual systems can be built with specific regions must protect people’s digital identities and users. Educating customers and purposes in mind to give users themselves are becoming increasingly the general public about how to controlling organizations such as concerned about their online privacy. In the United protect and use personal governments the ability to vet States and Europe, lawmakers have already information shouldn’t be identity data. proposed or enacted regulations over consumer overlooked. Being a champion of data privacy and Internet security. The alternative model is privacy and responsible decentralized and requires the management of digital identity There are two models of digital identity that CEOs contribution of multiple entities. combines sound business and should consider as influential in the discussion. In a Its governance is more corporate citizenship practices.

24 SECURING THE DIGITAL ECONOMY Commit to Sharing Information About Cyberattacks; Help Reduce the Stigma

With the heightened scrutiny on When a company is willing to the response to cyberattacks— acknowledge an attack, it paves whether they are far-reaching or the way for more transparent not—in the long run, transparency work with other organizations Of our survey respondents, will build trust with everyone from and experts, improving their suppliers to customers. ability to resist new attacks and boosting data reliability. Otherwise, businesses run the risk of encountering “trust Consider this: 85% incidents,” which the Accenture In 2018, UK-based BT created an already keep a careful eye on the latest security Strategy Competitive Agility Index online portal, the Malware issues emerging in the Internet economy. shows can have a negative effect Information Sharing Platform Increased transparency will make those efforts 19 on the bottom line. (MISP), to share information more valuable. To reduce the stigma from about malicious websites and encountering these trust software with other Internet incidents, leaders can commit to service providers—a pioneering sharing information about move for a telecommunications successful attacks and breaches. major. It went on to sign a deal with Europol to share knowledge about cyberthreats and attacks.20

25 SECURING THE DIGITAL ECONOMY Business Architecture Connect and Protect with a Business Model That Runs on Digital Trust

To decrease the likelihood that security measures As Michael Hermus, founder and They should be considered can be compromised, CEOs can make the concept CEO of Revolution Four Group and essential, as internal staff—either of a trusted digital economy an explicit part of their former CTO of the United States by mistake or with malicious organization’s business model. That commitment to Department of Homeland Security, intent—account for a sizable make security a foundational requirement should told us regarding the vigilance that share of breaches. But they’re also reach through the company’s entire value CEOs should embed throughout a also insufficient on their own. chain—to every partner, supplier and customer. It company, “You don’t necessarily Alone, they are not nearly an takes just one click to court disaster, and that click trust something because it looks adequate defense in the age of can occur inside or outside the company’s walls. friendly, but you really need to mobility and cloud technologies. That’s why companies need multiple layers of control know exactly what it is, who it is That’s why it is also important to to create a system that runs on digital trust, where and where it’s coming from.” take additional measures, access is given only to people who need it, wherever including articulating a security The first steps toward a model that they are. by design vision, holding line of ensures this trust occur within the business leaders accountable for To ensure a trustworthy digital economy, CEOs can boundaries of the organization. security, bringing CISOs to the embed security into their business architecture—their These steps cover the basics— board and closing off areas of company’s business model and value chain, including security’s low-hanging fruit (as exposure throughout the their leadership structure. detailed in the appendix, Become company’s value chain. Brilliant at the Basics).

26 SECURING THE DIGITAL ECONOMY Prioritize Make Line of Business Security By Design Leaders Accountable for Security Security can’t be an “add-on” Although it may seem like a Adjusting a company’s remuneration system can feature for products and services. drastic step, CEOs who take this underscore the urgency of cybersecurity concerns to Instead, CEOs should articulate a path probably won’t be alone. leaders who are frequently rewarded for short-term vision of “security by design” financial results. In fact, 83 percent of our survey from the earliest stages of respondents agreed that Companies can align the individual, short-term development, even in the face of organizations must recognize the incentives of business line managers to the longer- pressure for short-term trade-off between time to market term cybersecurity interests of the company. performance. and ensuring secure, sustainable One major multinational bank has strengthened This requires additional growth through technology—and cybersecurity by including the company’s long-term investment at each stage of always choose secure growth. cybersecurity interest as a factor for calculating the development, but these costs bonuses of the leaders of all lines of business. often pale in comparison next to the cost of fines, recalls, lawsuits and loss of consumer confidence that companies will eventually face if they don’t embrace security by design.

27 SECURING THE DIGITAL ECONOMY Bring a CISO to the Board

About two decades ago, as the IT Their area of responsibility has Recruiting a CISO or former CISO to department left the back office to become too important to be the board provides the opportunity establish itself as the nervous confined to a single department to educate fellow board members, system of a business, chief or buried deep in the CIO helping them become more cyber- information officers (CIOs) started organization. savvy and better risk managers. to appear on corporate boards. One United States bank has The CISO would gain a deeper Likewise, chief information already elevated a retired CISO to perspective on the organization. As a security officers (CISOs) today can the board, forging a path for result, the CISO could increasingly follow a similar evolutionary path. others to follow. articulate how cyber risks intertwine with other risks and inform leaders’ Managing cybersecurity doesn’t strategic decisions. mean simply avoiding software problems. It means ensuring the resilience of the entire business.

28 SECURING THE DIGITAL ECONOMY Protect the Entire Value Chain

Based on our analysis, we estimate that if all Of the corporate leaders surveyed, companies collaborate to impose high standards on partner organizations, businesses can expect to save up to US$2.6 trillion. This means that CEOs should ensure that their vision is taken into account in each interaction their company has with suppliers, clients and all other 82% 62% parties in their value chain. In practice, this should agree that it is the responsibility note that it is difficult to control translate into a constant vigilance with the of large organizations to foster a indirect cyberattacks that are trustworthiness of each of the company’s digital ecosystem that includes targeted at their organization but connections. small and medium businesses to initiated through partner John Clark, professor of computer and information help them operate in a organizations. systems at the University of York, explained the trustworthy digital environment domino effect of a lack of trust in one sector on in the interests of all. another. “It just contributes to the denigration of trust overall rather than just in a specific application or location,” Clark said. Just as CEOs can take tangible measures to limit the far-reaching effects of cyberattacks in their ecosystem, they have other key opportunities to protect trust for the digital economy as a whole.

29 SECURING THE DIGITAL ECONOMY BELOW GROUND: INTERNET INFRASTRUCTURE Technology

Advance Businesses and Enhance Safety Through Technology

Inside and outside the technology sector, all CEOs have a role to play when it comes to the technology for a secure Internet.

The CEOs who oversee technologies powering As tech leaders, we have to step up and get and protecting the Internet can deliver solutions securely below ground—for the Internet’s basic in the middle of these issues. We cannot protocols, devices, advanced networking and wait for governments to solve them. computing. Companies who compete with each other But all CEOs can ensure the growth of the digital need to put that aside to bring our economy by demanding a safer, more crime- experience together to help us get at this resistant Internet for their business. problem.”

Chuck Robbins, CEO of Cisco, addressed this Chuck Robbins, CEO, Cisco21 opportunity in his remarks at a recent World Economic Forum event.

31 SECURING THE DIGITAL ECONOMY Resolve Vulnerabilities in Basic Internet Protocols

Realizing long ago that the main line of defense Because this is a highly technical Investments in new protocols against cybersecurity doesn’t take place at the issue, the biggest impact of the produce benefits only if enough end points (personal computers, mobile phones majority of CEOs will be to networks choose to invest. and IoT devices), the technology community has influence Internet service CEOs are in a position to proposed solutions to add security to the base providers—and others who influence Internet service Internet protocols. manage hardware—to upgrade providers as a first action to make systems against vulnerabilities. For example, to solve the vulnerabilities of the the Internet more secure and to Domain Name System (DNS), a technology called As the IoT age continues to invest in implementing better DNS Security Extensions (DNSSEC) digitally “signs” proliferate end points, the base Internet protocols. The data so a user knows it’s valid. Internet will require an alternative leverage of a CEO to influence to Transmission Control Protocol below-ground activities should (TCP)—a system that sends data not be underestimated. packets over networks on the Internet—to support offline sessions and provide a secure alternative for multiple devices that were previously sharing an IP address.

32 SECURING THE DIGITAL ECONOMY Heighten Security at the Edge

The edge computing universe—including servers, Software development life cycles, As the example of Tesla mobile phones, IoT devices—represents a including those developed by the demonstrates, technology CEOs revolutionary stage of the Internet to analyze data National Institute of Standards can make greater use of network in real time. and Technology (NIST), are being architectures to more quickly modified to ensure that software detect and mitigate edge- Instead of sending data across long routes and security and update functions are related threats. processing it in a centralized data center or the embedded from the beginning. Cloud, it’s processed near the edge of a computer Through collaborative work with network where data is generated. Following a 2016 vulnerability in cross-industry coalitions, they Tesla’s WiFi and onboard can develop standards for edge But the variety of devices computing at the edge entertainment system, Tesla not devices, establish certification means security practices are inconsistent across only patched the bug via over-the- frameworks similar to technologies. Indeed, 86 percent of our air updates but also implemented international mobile phone respondents agree that security needs to be a code-signing policy under which standards and incentivize the embedded into technology, particularly with regard all firmware in cars needs to be ongoing adoption and evolution to the IoT and Industrial IoT (IIoT). validated and verified. of security innovation. Today, Tesla implements dozens of safety and security measures annually; its cars do not carry model years, reflecting the idea that cars are evolving into devices that can be improved regularly.22

33 SECURING THE DIGITAL ECONOMY Embrace the Advantages Tackle the Question of Software-Defined of Quantum Networking Software-Defined Networking (SDN) is a maturing No longer science fiction, quantum These points generate much architecture that creates dynamic network computing exploits the laws of uncertainty about the future of environments that exist for the limited time quantum mechanics to process cybersecurity. The most productive required to complete specific tasks. information with quantum bits, or course for CEOs is to move ahead qubits, instead of manipulating long with current security activities and Its short-lived nature makes network end points strings of bits encoded as a zero or stay informed of the evolution of difficult to identify and the network pathways one. Opportunity areas for quantum quantum computing. In practice, harder to find and attack than those of traditional computing could be in fraud leaders can position themselves for fixed network solutions. detection for financial services, quantum-resistant encryption by SDN improves network control by enabling Internet supply chain and purchasing, appointing a working team of service providers and other businesses to respond advertising scheduling and “quantum monitors” to identify quickly and cost-effectively to high-bandwidth advertising revenue maximization where the technology is most likely demands. It also automatically enables “ring- for the media industry.23 to impact their business security. fenced” data centers if it detects malicious Accessing emerging application There is no agreement about when activities, limiting the chance of contagion. programming interfaces (APIs) will a quantum computer that surpasses enable businesses to develop pilots While some CEOs may be deterred by the cost of the capacity of a traditional for quantum-based optimization, deploying SDN, those of large companies could computer will be available, but two sampling and machine learning. have the resources to contribute to this technology. things are clear. First, quantum Through such pilots companies can Others can “inspire and influence” its development computers will provide a significant test, learn, iterate and stand ready. for the benefit of all. boost to the world’s computing power. Second, they will be able to more easily break most current encryption methods.

34 SECURING THE DIGITAL ECONOMY PAVING THE WAY FOR A TRUSTWORTHY DIGITAL ECONOMY Today’s security strategies are, in large part, The actions of CEOs— By embracing and still responding to yesterday’s challenges. driving above ground and developing technologies that From reports of exposed personal influencing below ground— can advance their businesses information to data misuse, trust incidents matter. and enhance digital safety, are becoming increasingly visible to the CEO engagement can drive a By joining forces with other public. Regaining lost trust is an uphill trust turnaround for the CEOs, public sector leaders battle. And many CEOs aren’t aware of its Internet and secure the and regulators, they can value until it’s too late. future of the digital economy. develop much-needed Our research shows businesses can guidelines and oversight quantify the impact of a trusted digital mechanisms. economy on the bottom line, and By protecting their own 90 percent of our respondents say a organization and extending trustworthy digital economy is very or protection through its value extremely critical to their organization’s chain, they will safeguard future growth. the business ecosystem.

36 SECURING THE DIGITAL ECONOMY APPENDIX Become Brilliant at the Basics Adopting Best-in-Practice “Cyber Hygiene” Techniques Means Becoming Brilliant at the Basics, Including:

Training people Protecting against phishing Patching When a company starts using technology that Hackers often use social Unfortunately, when a company many or even most of its relevant employees don’t engineering tactics, such as detects a vulnerability, the fix is understand, the firm is bound to suffer from lost phishing, to attack companies, so often put off until security opportunities or higher cyber vulnerabilities—or training to avoid falling in this trap managers and staff “have time.” both. Security will be determined by the company’s is especially important. Now is the time to prioritize fixing weakest link; often that is an employee who any detected weaknesses. inadvertently presents the opportunity for a breach. Yet systematic training is, in general, still Passwords not accepted as a basic practice, even with attacks increasing in frequency, size and scope. Incentives Though it sounds obvious, many are also important: Some companies are linking companies still struggle with the executives’ remunerations to security. implementation of cybersecurity basics, such as sound password policy. Multifactor authentication should be the default option for every business.

38 SECURING THE DIGITAL ECONOMY The Value of The Expected Cost of Cybercrime Cybersecurity for Businesses and Society We began by estimating the expected cost of cybercrime in terms of revenue for a company of a The industry average number of days it takes to fix given size in a range of industries. We measured the damage caused by an attack and the average number Many have talked about the costs value exposed, considering the risk of small (less of attacks in a year, sourced from the survey report of cyberattacks, but what about than 90,000 records impacted) and big (more than “Gaining ground on the cyberattacker: 2018 State of the other side of the coin? How 90,000 records impacted) attacks and the Cyber Resilience.”24 might better cybersecurity probability of their occurrence. Revenues by practices create value for company size and industry were sourced from We drew the estimated cost of a big attack from our businesses and society? Capital IQ. Calculating the cost of small attacks event study, described below in the section entitled “The impact on revenue of a big, public event.” We Driven by understanding both required the following elements: sourced the probability of a big event from Ponemon the cost of crime and the Institute data for the Accenture 2018 Cost of potential of a trustworthy digital Cybercrime study. The findings of our survey economy, we conducted our Annual costs of cybercrime by company size and (conducted for this study) provided the portion of analysis in three steps. industry, sourced from Ponemon Institute data for the Accenture 2018 Cost of Cybercrime study. attacks coming through third parties.

Probability of Cost of Probability of Cost of big Expected cost x + x = facing small small facing big attacks of cybercrime attacks attacks attacks

Expected cost of Expected cost small attacks of big attacks

39 SECURING THE DIGITAL ECONOMY The Value at Risk for Businesses The Economic Picture for a Trustworthy Internet

Next, we estimated the expected Company revenues were sourced Finally, we analyzed how an increase in companies’ cyber resilience and value at risk by industry. We from Capital IQ. Revenue the trustworthiness of the Internet could translate into less value at risk calculated the total industry forecasts for the 2018 to 2023 for business and society. We modeled econometrically how companies’ revenues and multiplied those period were obtained by lower vulnerability, measured by the number of attacks suffered and the figures by the expected cost of extrapolating current revenues number of days it takes to solve an incident, reduces the cost of cybercrime. forward, according to the 2011 to cybercrime after the introduction of better cybersecurity practices. We 2017 CAGR from Capital IQ data. then estimated how this gain translates into value for society. The sample consisted of 4,700 companies. These were publicly We estimated an econometric model to calculate the probability for a listed companies with more than company of (a) receiving a certain amount of attacks and (b) solving a 250 employees, operating in the data breach within a certain period of time. industries under scope and The data set comprised 4,500 companies in the Accenture 2018 State headquartered in the countries of Cyber Resilience survey.25 The explanatory variables included: 1) the under scope. percentage of spend in cybersecurity over total IT spend; 2) whether companies impose high standards on business partners, and; 3) whether companies had made significant cybersecurity investments in Company Number of the prior six months. average x companies in our Value at risk Expected revenue sample We used the estimated coefficients to recalibrate the Value at Risk for = cost of x Model and formulate an alternative scenario in which every company: businesses cybercrime 1) regularly (every six months) makes significant investments in Total industry revenue pool cybersecurity; 2) invests as much as the top 20 percent of performers in cybersecurity; and 3) imposes high standards on business partners.

40 SECURING THE DIGITAL ECONOMY The Impact on Revenue of a Big, Public Event

We identified unique cyberattacks In the event of negative Exhibit 7: Big and Public Cyberattack Impact on Revenue that were publicly announced by cybersecurity events, revenues the companies attacked using experienced a decline. To identify

Breachlevelindex.com by Gemalto. a causal effect, we created a 120 Breachlevelindex.com collects control group composed of the information of all public attacks top 10 peers (as defined by S&P 115 since 2013. Each attack is assigned Capital IQ) of each breached a risk level from 1 to 10, where company. Under the assumption 110 events above a risk score of 5 are that the control group was not Companies not suffering an attack classified as critical to severe. breached, we used an event study 105 methodology (diff-in-diff We collected all the events that 100 estimation) to compare the two had a risk score above 5, then we sets of companies and calculate excluded events related to 95 the percentage change in government agencies and revenues, comparing eight Revenues (Event quarter = 100) Companies suffering an attack universities. Our final sample 90 quarters before and after the included 460 unique events and event. 436 unique companies. Among 85 them, approximately 80 are publicly traded. For these 80 -8Q- 7Q -6Q- 5Q -4Q- 3Q -2Q -1Q Event 1Q 2Q 3Q 4Q 5Q 6Q 7Q 8Q companies, we collected revenues information from S&P Capital IQ. Source: Accenture Research

41 SECURING THE DIGITAL ECONOMY Transcript Analysis

We identified cybersecurity Our model uses a long short-term memory Our transcript analysis was based mentions by checking for certain neural network (a deep learning NLP model that on transcripts of earnings calls of keywords (and possible accounts for word order and context) to identify combinations of those keywords) a company’s strategic orientation and long-term companies present in the S&P 500 in each sentence in the focus, and the clarity of its strategic vision. as of October 1, 2018. transcripts. When we found a To develop our AI, 900,000 sentences were match, we marked the sentence We collected 11,418 unique randomly selected. This set was further split as being cybersecurity related. into three subsets: transcripts from S&P global, We used the following keywords: covering a time frame from cybersecurity, cyberattack, September 1, 2012, to cyberthreat, cybercrime, cyber a training dataset (80 percent), August 31, 2018. incidents, cyber intrusions, cyber theft, cyber fraud, Text data was analyzed using two malicious cyber activity, adverse a testing dataset (15 percent) and different algorithms: one to cyber event, data leak, data identify mentions and discussion breach, malware, ransomware, spyware, IP theft, DDoS attack. about cybersecurity; and another a cross-validation dataset (5 percent). to calculate the intended strategy Using a proprietary neural Subsequently we applied the estimated model network algorithm that captures toward cybersecurity. to all the sentences from our transcript dataset. a company’s attitude toward cybersecurity, we then calculated an intended strategy.

42 SECURING THE DIGITAL ECONOMY Acknowledgments

Authors Project Team We would like to thank the following business leaders, experts and practitioners for their valuable insights during our interviews and Omar Abbosh Edward Blomquist conversations: Kelly Bissell Tomas Castagnino Jay Best Per Gustavson Francis Hintermann Crypto Strategy Advisor, Itsa Ltd. Information Security Expert, Lynn LaFiandra GDPR, Göteborgs Stad Research Lead Elaine Bucknor Ryan LaSalle Jeff Hancock CISO, Sky TV Luca Gagliardi Co-Founder and Chief Regina Maruca John Clark Operations Officer, getFIFO Vincenzo Palermo Professor, Computer and Information Muhittin Hasancioglu Systems University of York Tom Parker Former VP and CISO, Royal Dutch Eduardo Plastino Afonso Ferreira Shell plc Professor, Director of Research, CNRS - Michael Hermus Virginia Ziegler Toulouse Institute of Computer Science CEO & Managing Partner, Research Revolution Four Group, LLC Norman Frankel Naoki Kamimaeda Chairman, iCyber-Security Investor, Mad Street Den

43 SECURING THE DIGITAL ECONOMY Arthur Keleti Adam Segal IT Securities Strategist, T-Systems Director of the Digital and Cyberspace Policy Program; Council on Foreign JJ Markee Relations CISO, KraftKeinz PW Singer Amit Mital Senior Strategist; New America CEO at Kernel Labs Holding Llc, Former CTO Symantec Corporation George Smirnoff CISO, Synchrony Peter Morgan Founder and CEO at Deep Learning John Valente Partnership CISO, The 3M Company Tony Sager Uwe Wirtz Senior Vice President and Chief Evangelist, CISO, Henkel CIS (Center for Internet Security)

44 SECURING THE DIGITAL ECONOMY Sources

1 https://www.Internetworldstats.com/emarketing.htm 11 Accenture Research analysis on ITI and Oxford Economics data 2 Gartner, Forecast Analysis: Internet of Things—Endpoints, 12 Gartner, Information Security, Worldwide, 2018 Update, October 5, Worldwide, 2017 Update 2018 3 https://www.ericsson.com/en/mobility-report/reports/ 13 Accenture Research analysis on CB Insights data november-2018/network-coverage 14 https://www.weforum.org/centre-for-cybersecurity 4 https://www.wired.com/story/notpetya-cyberattack-ukraine-russia- 15 Fjord Trends 2019, a report that examines seven trends shaping code-crashed-the-world/ business, technology, and design. One of the seven: Data 5 https://www.zdnet.com/article/this-is-how-much-the-wannacry- Minimalism. For more information, see: https://www.fjordnet.com/ ransomware-attack-cost-the-nhs/ conversations/fjord-launches-2019-trends-report/ https://www.bbc.com/news/health-39899646 6 Dow Jones Factiva and Accenture Research analyses 7 https://bgpmon.net/popular-destinations-rerouted-to-russia/ 8 https://www.washingtonpost.com/news/innovations/ wp/2017/07/21/how-a-fish-tank-helped-hack-a- casino/?noredirect=on 9 https://www.avatier.com/blog/how-single-sign-on-works/ 10 Accenture Research analysis on Facebook Annual Reports

45 SECURING THE DIGITAL ECONOMY 16 Note: Europe is at the forefront of the change toward more secure, 20 https://securitybrief.eu/story/bt-and-europol-join-forces-stem- trustworthy digital ecosystems. Its General Data Protection global-cybercrime-epidemic/ Regulation (GDPR), which came into force last year, gives 21 WEF: Creating a Shared Future in a Digital World, https://www. organizations 72 hours after identifying a data breach that could youtube.com/watch?v=C7mfNNfDpec “result in risk for the rights and freedoms of individuals” to report it to their supervisory authority. Moreover, organizations in breach of 22 https://www.wired.com/2016/09/tesla-responds-chinese-hack- GDPR—for example, not having strong enough customer consent major-security-upgrade/ to process their data—can be fined 20 million euros or up to 23 Accenture, 2018 State of Cyber Resilience, April 2018 4 percent of their annual global turnover, whichever is greater. https://www.accenture.com/us-en/insights/security/2018-state-of- Pressure on businesses is mounting. The UK Information cyber-resilience-index Commissioner’s Office (ICO), for example, received 6,281 data protection complaints between May 25, 2018 (when the new 24 “Quantum Computing: From Theoretical to Tangible”, Accenture regulation came into force) and July 3, up from 2,417 in the same 2018. https://www.wired.com/2016/09/tesla-responds-chinese- period the previous year. (https://eugdpr.org/ and https://edexec. hack-major-security-upgrade/ co.uk/gdpr-compliance-is-a-journey-not-a-destination) 25 Accenture “Gaining ground on the cyber attacker 2018 State of 17 “Auditing Algorithms for Bias”, Rumman Chowdhury and Narendra Cyber Resilience” 2018 https://www.accenture.com/us-en/insights/ Mulani, HBR October 2018 security/2018-state-of-cyber-resilience-index 18 World Economic Forum, “Identity in a Digital World – A new chapter in the social contract”, September 2018. 19 Accenture, The Bottom Line on Trust, November 2018 https://www.accenture.com/us-en/insight-competitive-agility-index

46 SECURING THE DIGITAL ECONOMY About the Authors

Omar is responsible for the company’s September 2018, he served as Accenture US$8 billion business serving the digital Chief Strategy Officer for more than three platforms, media, telecommunications, years, with responsibility for overseeing all semiconductor and consumer electronics aspects of the company’s strategy, strategy industries. implementation, innovation programs and investments. This included ventures and Before being appointed to his current acquisitions, The Dock—the Accenture position, Omar served as Accenture Chief flagship innovation facility—industry Strategy Officer where he orchestrated programs and Accenture security business. the organization’s digital transformation, pivoting the company’s core business to Omar brings three decades of experience Digital, Cloud and Security services, which to his role. Previously, he held several Omar Abbosh now account for 60 percent of revenues. management roles including senior Group Chief Executive, Accenture He successfully launched and scaled new managing director, Growth & Strategy for Communications, Media & businesses such as Accenture Security, the Resources operating group. He has Technology and built Accenture Innovation served as the global client lead for leading Architecture, including its flagship multinational companies where he advised [email protected] Innovation Hub in Dublin. His experience client executives on major strategic issues and deep connections in Silicon Valley for their businesses. allow him to stay ahead of key shifts across Omar holds a degree in Electronic multiple technologies. Engineering from Cambridge University Omar is a member of the Accenture and a Master’s Degree in Business Global Management Committee. Before Administration from INSEAD. being appointed to his current position in

47 SECURING THE DIGITAL ECONOMY Kelly leads the company’s US$2 billion Previously, Kelly held various leadership security business across all industries. In positions with Arthur Andersen, BellSouth this role, he spearheads the organization’s (AT&T), Deloitte & Touche LLP, Medaphis, commitment to help clients build cyber and McKesson. During his career, he has resilience and grow with confidence in a served in almost every IT capacity from landscape of increasing range of threats. developer, network engineer, data center director, CISO, CTO and CIO. Kelly has spent more than 30 years bringing innovative, strategic solutions to Kelly received a Bachelor of Science in help global organizations address a range Computer Information Systems and of complex security challenges. As a earned a Master of Business recognized cybersecurity expert, Kelly Administration from Emory University. Kelly Bissell specializes in incident response, identity Senior Managing Director, management, privacy and data protection, Accenture Security secure software development, and cyber risk management. With a commitment to [email protected] help clients innovate—safely and securely —Kelly has a vision to help businesses embed security in everything they do.

48 SECURING THE DIGITAL ECONOMY About Accenture About Accenture Strategy About Accenture Research

Accenture is a leading global professional services Accenture Strategy combines deep industry expertise, Accenture Research shapes trends and creates data driven company, providing a broad range of services and advanced analytics capabilities and human-led design insights about the most pressing issues global solutions in strategy, consulting, digital, technology and methodologies that enable clients to act with speed and organizations face. Combining the power of innovative operations. Combining unmatched experience and confidence. By identifying clear, actionable paths to research techniques with a deep understanding of our specialized skills across more than 40 industries and all accelerate competitive agility, Accenture Strategy helps clients’ industries, our team of 300 researchers and business functions—underpinned by the world’s largest leaders in the C-suite envision and execute strategies that analysts spans 20 countries and publishes hundreds of delivery network—Accenture works at the intersection drive growth in the face of digital transformation. reports, articles and points of view every year. Our of business and technology to help clients improve thought-provoking research—supported by proprietary For more information, follow their performance and create sustainable value for their data and partnerships with leading organizations, such as stakeholders. With 469,000 people serving clients in @AccentureStrat MIT and Harvard—guides our innovations and allows us to more than 120 countries, Accenture drives innovation transform theories and fresh ideas into real-world solutions to improve the way the world works and lives. or visit for our clients. www.accenture.com/strategy For more information, visit Visit us at www.accenture.com www.accenture.com/research

Copyright © 2019 Accenture. All rights reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture.