Only 3% of organisations across the globe have the ‘Mature’ level of readiness for modern cybersecurity risks, with two-thirds of organisations falling into the 'Beginner' or 'Formative' stages of readiness, according to Cisco’s 2024 Cybersecurity Readiness Index.
The index showed that readiness has reduced significantly from one year ago, when 15% of companies were ranked 'Mature'.
Companies today continue to be targeted with a variety of techniques, ranging from phishing and ransomware to supply chain and social engineering attacks. While organisations are building defences against such attacks, they are struggling and slowed down by their complex security postures that have multiple point solutions, the report noted.
These challenges are compounded in distributed working environments where data can be spread across services, devices, applications and users. However, 80% of companies still feel moderately to very confident in their ability to defend against a cyberattack with their current infrastructure.
This disparity between confidence and readiness indicates that companies may have misplaced confidence in their ability to navigate the threat landscape and may not be properly assessing the true scale of challenges.
The index assessed the readiness of companies on five pillars: identity intelligence, network resilience, machine trustworthiness, cloud reinforcement and AI-fortified. It was based on a survey of more than 8,000 private sector security and business leaders. Companies were classified into four stages of increasing readiness: Beginner, Formative, Progressive and Mature.
“We cannot underestimate the threat posed by our own overconfidence,” said Jeetu Patel, executive vice president and general manager, security and collaboration, Cisco. “Today’s organisations need to prioritise investments in integrated platforms and lean into AI in order to operate at machine scale and finally tip the scales in the favour of defenders.”
Key Insights
Below are some key findings from the index:
Future Cyber Incidents Expected: Of the respondents, 73% said they expect a cybersecurity incident to disrupt their business in the next 12 to 24 months. The cost of being unprepared can be substantial, as 54% of respondents said they experienced a cybersecurity incident in the last 12 months, and 52% of those affected said it cost them at least $3,00,000.
Point Solution Overload: Adopting multiple cybersecurity point solutions has not delivered effective results, as 80% of respondents said that having multiple point solutions slowed down their team’s ability to detect, respond and recover from incidents. This raises concerns as 67% of organisations said they have deployed 10 or more point solutions in their security stacks, while 25% said they have 30 or more.
Unsecure And Unmanaged Devices Add Complexity: Of the companies surveyed, 85% said their employees access company platforms from unmanaged devices, and 43% of those spend one-fifth (20%) of their time logged onto company networks from unmanaged devices. Additionally, 29% said their employees hop between at least six networks over a week.
Cyber Talent Gap Persists: Progress is hampered by talent shortages, with 87% of companies highlighting it as an issue. Also, 46% of companies said they had more than 10 roles related to cybersecurity unfilled in their organisation at the time of the survey.
Future Cyber Investments Ramping Up: Over half (52%) of the companies are planning to upgrade their IT infrastructure in the next 12 to 24 months. Organisations plan to upgrade existing solutions (66%), deploy new solutions (57%) and invest in AI-driven technologies (55%). Also, 97% of companies plan to increase their cybersecurity budget in the next 12 months, and 86% respondents said their budgets will increase by 10% or more.