Only 15% organizations have a cybersecurity posture to defend against threats of hybrid world
Cisco’s first-ever Cybersecurity Readiness Index revealed that 15% of organizations globally have the ‘Mature’ level of readiness needed to be resilient against today’s modern cybersecurity risks. The index has been developed against the backdrop of a post COVID, hybrid world, where users and data must be secured wherever work gets done. The report highlights where businesses are doing well and also the cybersecurity readiness gaps that will widen if global business and security leaders don’t take action.
Organizations have moved from an operating model that was largely static – where people operated from single devices from one location, connecting to a static network – to a hybrid world in which they increasingly operate from multiple devices in multiple locations, connect to multiple networks, access applications in the cloud and on the go, and generate enormous amount of data. This presents new and unique cybersecurity challenges for companies.
Titled, Cisco Cybersecurity Readiness Index: Resilience in a Hybrid World, the report measures the readiness of companies across five core pillars that determine the cybersecurity resilience of businesses facing modern threats: identity, devices, network, application workloads, and data, and 19 different solutions across these pillars.
The independent double-blind survey asked 6,700 cybersecurity leaders across 27 markets to indicate which of these solutions they had deployed, and the stage of deployment. Companies were then classified in four stages of increasing readiness: Beginner, Formative, Progressive and Mature.
Alongside the finding that only 15% of companies are at the Mature stage, more than half (55%) of companies globally fall into the Beginner (8%) or Formative (47%) stages – meaning they are performing below average on cybersecurity readiness.
This readiness gap is telling, not least because 82% of respondents said they expect a cybersecurity incident to disrupt their business in the next 12 to 24 months. The cost of being unprepared can be substantial, as 60% of respondents said they had a cybersecurity incident in the last 12 months and 41% of those affected said it cost them at least US$500,000.
Commenting on the report’s findings, Fady Younes, Cybersecurity Director, EMEA Service Providers and MEA, Cisco, said: “As the Middle East is poised to take its position amongst the world’s top digital economies, there is one reality we can’t ignore with the significant reliance on digital technologies – both public and private organizations are increasingly being targeted by cyberattacks.
“With the move to multi-cloud architectures and amid the rise of hybrid work, there is a critical need to focus on cybersecurity measures to fix the readiness gap. What organizations need is security resilience, where security is foundational to business strategy and is collectively prioritized throughout the organization, allowing companies to better anticipate threats and bounce back faster when a threat becomes real,” he added.
While the readiness gap may be alarmingly large, businesses are not standing still. Security leaders are aware of the risks and are keen to invest in their cybersecurity readiness: 86% of organizations have plans to increase their cybersecurity budget by at least 10% over the next 12 months. It is crucial that these budget increases are delivered sooner rather than later.
As these companies invest in their cybersecurity readiness, confidence in their ability to stay resilient will also improve. Currently, of the companies that are ranked Mature, 53% said they are ‘Very Confident’ in their ability to tackle the risks. On the other hand, only 30% of companies in the Beginner stage, and 34% in the Formative stage feel the same.
Other key findings of the index include:
Readiness across the five key pillars
- Identity: Progress is needed here as only 20% of organizations are ranked Mature
- Devices: This has the highest percentage of companies in the Mature stage at 31%
- Network Security: Companies are lagging on this front with 56% of organizations in the Beginner or Formative stages
- Application Workloads: This is the pillar where companies are the least prepared, with 65% of organizations in the Beginner or Formative stages
- Data: This has the second-highest number of companies in Mature stage (22%)
Readiness varies across company sizes
- Mid-sized firms of between 250 and 1,000 employees are best prepared, with over 19% of such firms at a Mature stage of overall readiness
- Only 17% of larger businesses (1,000+ employees) are in a Mature stage
- Smaller organizations are the least well-prepared with only 10% companies in the Mature category, and more than 50% dropping into the underperforming, Formative category
Readiness varies across type of industry
- Healthcare, financial services and retail are the most prepared industries in their cybersecurity readiness, with an average of 20% in a Mature stage
- Retail, with 21% of organizations in the mature category, comes out on top. It is possible this reflects the substantial number of cyberattacks this industry has faced over the years, as bad actors target the personal and financial data held by these organizations