Only 15 per cent of organisations globally have the ‘mature’ level of readiness needed to be resilient against today’s modern cybersecurity risks.
This finding forms the primary consensus brought to light through Cisco’s first-ever Cybersecurity Readiness Index; the results of which have been officially published this week.
Organisations have shifted from a largely static operating model, where people operated from single devices from one location, connecting to a static network, to a hybrid world in which they increasingly operate from multiple devices in multiple locations, connect to multiple networks, access applications in the cloud and on the go, and generate an enormous amount of data.
For this reason, the Index has been developed against the backdrop of a post-covid, hybrid world, where users and data must be secured wherever work gets done.
Cisco highlights where businesses are doing well and also the cybersecurity readiness gaps that will widen if global business and security leaders don’t take action.
The Index measures the readiness of companies across five core pillars that determine the cybersecurity resilience of businesses facing modern threats: identity, devices, network, application workloads and data, and 19 different solutions across these pillars.
The independent double-blind survey asked 6,700 cybersecurity leaders across 27 markets to indicate which of these solutions they had deployed, and the stage of deployment. Companies were then classified into four stages of increasing readiness: beginner, formative, progressive and mature.
The spectrum of readiness
As previously stated, only 15 per cent of the surveyed companies are at the mature stage of cybersecurity readiness. Elsewhere, eight per cent are identified as being in the beginner stage, while 47 per cent are at the formative stage. Together, this means that 55 per cent are currently performing below average on cybersecurity readiness.
This majority lack of readiness is certainly telling, not least because 82 per cent of respondents said they expect a cybersecurity incident to disrupt their business in the next 12 to 24 months. The cost of being unprepared can be substantial, as 60 per cent also said that they had a cybersecurity incident in the last 12 months and 41 per cent of those affected said it cost them at least $500,000.
Commenting on the report’s findings, Fady Younes, cybersecurity director, EMEA service providers and MEA, Cisco, explains how “there is one reality we can’t ignore with the significant reliance on digital technologies; both public and private organisations are increasingly being targeted by cyberattacks.”
Younes continues by saying that with the move to multi-cloud architectures and amid the rise of hybrid work, “there is a critical need to focus on cybersecurity measures to fix the readiness gap.”
He identifies security reliance as a major necessity for an organisation, where “security is foundational to business strategy and is collectively prioritised throughout the organisation, allowing companies to better anticipate threats and bounce back faster when a threat becomes real.”
The industry reaction
While the readiness gap may be alarmingly large, businesses are anything but standing still. Security leaders are aware of the risks and are keen to invest in their cybersecurity readiness. In this way, 86 per cent of organisations intend to increase their cybersecurity budget by at least 10 per cent over the next 12 months. In light of the most recent findings, these budget increases must be delivered sooner rather than later.
As these companies invest in their cybersecurity readiness, confidence in their ability to stay resilient will also improve. Currently, of the companies that are ranked mature, 53 per cent said they are ‘very confident’ in their ability to tackle the risks. On the other hand, only 30 per cent of companies in the beginner stage, and 34 per cent in the formative stage feel the same.