Consumer goods and services companies face significant cybersecurity threats across their value chains, with many executives unsure of how these threats will impact their organizations. The report identifies three key areas for improving cybersecurity: securing the cloud journey, building customer trust through data strategies, and managing operational technology risk. It emphasizes the importance of organizational accountability and a cultural shift towards viewing security as a business enabler.

1. ACHIEVING CYBER RESILIENCE IN
CONSUMER GOODS AND SERVICES
CONSPICUOUS
SECURITY
CONSUMPTION

2. Copyright © 2018 Accenture. All rights reserved. 2
CISOs in CG&S companies need to
address new threats from across the
value chain in:
• Product development
• Manufacturing
• Supply chain
• Customer operations
Inconsistent security maturity
Decades of M&A have taken their toll
of CG&S executives said that
“cyberattacks are a bit of a black box,
we do not quite know how or when
they will affect our organization.”
70%

3. Copyright © 2018 Accenture. All rights reserved. 3
Build a business that is secure by design
Security technologies identified had a
negative value gap where the percentage
spending level is higher than the relative
value to the business.*
5/9
CG&S companies are under
pressure because:
• Spending priorities show that
investments are misdirected toward
security capabilities that fail to deliver
efficiency and effectiveness
• Security executives do not have the
visibility into the non-IT asset landscape
or the authority to impact risk outcomes
in these areas of the business

4. Copyright © 2018 Accenture. All rights reserved. 4
Three areas that can positively impact the
CG&S risk posture include:
Secure the journey to cloud
Build trust in direct-to-customer initiatives
Manage operational technology risk

5. Copyright © 2018 Accenture. All rights reserved. 5
Secure the journey to the cloud
of CG&S companies identified “better security”
as a benefit to be gained from cloud migration.
53%
To reduce costs, many CG&S
companies are moving to the
cloud. It offers an opportunity to:
• Re-examine the business—especially
applications, infrastructure, operations
and development processes
• Prioritize security around core assets
• “Design in” a control structure to
mitigate risks

6. Copyright © 2018 Accenture. All rights reserved. 6
Build trust in direct-to-consumer initiatives
of security breaches
experienced by CG&S
organizations have been
linked with customer
data in the last 12
months.
50%
A customer facing, data-driven
strategy can better inform the
business. It offers an opportunity to:
• Introduce cybersecurity early on in the process
to proactively mitigate risk
• Influence consumers’ purchasing decisions
through improved digital trust and privacy
• Be better prepared for regulatory demands

7. Copyright © 2018 Accenture. All rights reserved. 7
Manage operational technology risk
of CG&S executives said that
they had suffered interruption of
physical operations/shutdown
of assets as a result of a breach.
43%
As OT networks become less
isolated from IT networks, so their
vulnerabilities grow. Issues include:
• A lack of security accountability
• Inconsistent security processes
• Inconsistent technical controls
• Incomplete asset visibility

8. Copyright © 2018 Accenture. All rights reserved. 8
The nature of cyberattacks is shifting
of CG&S executives think they are protecting
their physical infrastructures/assets with their
cybersecurity strategy.
ONLY
26%
Source: The untold story of NotPetya the most devastating attack in cyber history, Wired,
August 22, 2018. https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-
crashed-the-world/
In 2017, malware Petya had a
significant financial impact.
Sample losses include:
US$129M
British manufacturer
US$188M
Global Snack company

9. Copyright © 2018 Accenture. All rights reserved. 9
Security is
everyone’s business
of CG&S executives say that
cybersecurity budget
authorization is with the
CEO/Executive Committee,
more than the global average.
34%
of CG&S executives recognize
they need to improve on cyber
threat analytics and 46% on
security monitoring—the
“basics” of security programs.
50%
A cultural mind-set shift is
required so that:
• CISOs can become trusted business
partners
• Business leaders responsible for funding can
better understand security priorities
• Security can be a business and revenue
enabler as well as driving out risk

10. Copyright © 2018 Accenture Security. All rights reserved. 10
Put Security First
Actions to achieve cyber resilience
01
02
03
Organize security around business outcomes
Identify your “crown jewels”
Invest appropriately to tackle security hygiene
Introduce mandatory security checkpoints in the development or engineering,
procurement and budgeting processes to anticipate new risks.
Understand and account for existing assets across the organization and
determine risk-based priorities.
Become brilliant at the basics by tackling security hygiene and risk management
programs.
04 Institutionalize security practices
Embed security disciplines that address today’s needs and have the potential to
serve tomorrow’s demands.

11. Copyright © 2018 Accenture. All rights reserved. 11
About the research
11
410 Consumer Goods &
Services respondents
93 Companies with
revenues >US$10 bn
Survey
Respondents
• Chief Information Officer
• Chief Security Officer
• Chief Compliance Officer
• Chief Risk Officer
• Corporate Security Officer
Australia | Brazil | Canada | France
Germany | Ireland | Italy | Japan
Netherlands | Norway | Singapore
Spain | United Arab Emirates
United Kingdom | United States
15 Countries:
Survey conducted 2018

12. 12
Read the full report:
www.accenture.com/cgs-cyber-resilience
About Accenture
Accenture is a leading global professional services
company, providing a broad range of services and
solutions in strategy, consulting, digital, technology and
operations. Combining unmatched experience and
specialized skills across more than 40 industries and all
business functions—underpinned by the world’s largest
delivery network—Accenture works at the intersection of
business and technology to help clients improve their
performance and create sustainable value for their
stakeholders. With 459,000 people serving clients in
more than 120 countries, Accenture drives innovation to
improve the way the world works and lives.
Visit us at www.accenture.com.
Stay Connected
Note: Unless otherwise stated, the statistics in this point of view represent retail respondents in
the survey report “Gaining ground on the attacker: 2018 State of Cyber Resilience,” Accenture
2018.
*Source: 2017 Cost of Cybercrime Study, Accenture and the Ponemon Institute
Copyright © 2018 Accenture. All rights reserved. Accenture, its logo, and New Applied Now are
trademarks of Accenture.
/showcase/accenture-consumer-goods
/showcase/accentureconsulting
@AccentureCPG
@AccentureConslt