Majority of companies unprepared for cybersecurity threats

A mere 15% of organizations globally have the ‘Mature’ level of readiness needed to be resilient against today’s modern cybersecurity risks, according to Cisco’s first-ever Cybersecurity Readiness Index released today. The index has been developed against the backdrop of a post-COVID, hybrid world, where users and data must be secured wherever work gets done. The report highlights where businesses are doing well and where cybersecurity readiness gaps will widen if global business and security leaders don’t take action.

Organizations have moved from an operating model that was largely static – where people operated from single devices from one location, connecting to a static network – to a hybrid world in which they increasingly operate from multiple devices in multiple locations, connect to multiple networks, access applications in the cloud and on the go, and generate enormous amounts of data. This presents new and unique cybersecurity challenges for companies.

Cisco Cybersecurity Readiness Index: Resilience in a Hybrid World

Titled, Cisco Cybersecurity Readiness Index: Resilience in a Hybrid World, the report measures the readiness of companies to maintain cybersecurity resilience against modern threats. These measures cover five core pillars that form the baseline of required defenses: identity, devices, network, application workloads, and data, and encompasses 19 different solutions within the pillars.

Conducted by an independent third party, the double-blind survey asked 6,700 private sector cybersecurity leaders across 27 markets to indicate which of these solutions they had deployed and the stage of deployment. Companies were then classified into four stages of increasing readiness: Beginner, Formative, Progressive, and Mature.

Findings

Alongside the stark finding that only 15% of companies are at the Mature stage, more than half (55%) of companies globally fall into the Beginner (8%) or Formative (47%) stages – meaning they are performing below average on cybersecurity readiness.

This readiness gap is telling, not least because 82% of respondents said they expect a cybersecurity incident to disrupt their business in the next 12 to 24 months. The cost of being unprepared can be substantial, as 60% of respondents said they had a cybersecurity incident in the last 12 months and 41% of those affected said it cost them at least US$500,000.

“The move to a hybrid world has fundamentally changed the landscape for companies and created even greater cybersecurity complexity. Organizations must stop approaching defense with a mix of point tools and instead, consider integrated platforms to achieve security resilience while reducing complexity,” said Jeetu Patel, executive vice president and general manager of security and collaboration at Cisco. “Only then will businesses be able to close the cybersecurity readiness gap.”

As these companies invest in their cybersecurity readiness, confidence in their ability to stay resilient will also improve. Currently, of the companies that are ranked Mature, 53% said they are ‘Very Confident’ in their ability to tackle the risks. On the other hand, only 30% of companies in the Beginner stage, and 34% in the Formative stage feel the same. 

Business leaders must establish a baseline of ‘readiness’ across the five security pillars to build secure and resilient organizations. This need is especially critical given that 86% of the respondents plan to increase their security budgets by at least 10 percent over the next 12 months. By establishing a base, organizations can build on their strengths and prioritize the areas where they need more maturity and improve their resilience.