Cisco: How Unprepared Are Organizations to Defend Against Security Threats?

Only 3% of organizations globally have a “Mature” level of cyber security preparedness to withstand today's security risks.

Only 3% of organizations globally have a “Mature” readiness level

According to Cisco's latest report, the 2024 Cybersecurity Readiness Index, the level of preparedness of organizations has fallen significantly from a year ago, when 15% of companies were rated as having a mature level of readiness.

The Cisco Cybersecurity Readiness Index 2024 was developed during a time defined by hyper-connectivity and an ever-evolving cyber threat landscape. Today, businesses continue to be targeted by various attack methods, ranging from phishing and ransomware to supply chain attacks and social engineering attacks. Although they are building defenses against these attacks, organizations continue to struggle, being slowed down by their own security structures, which are far too complex and dominated by multiple point solutions.

These challenges are magnified in today's distributed work environments, where data can be spread across an unlimited number of services, devices, applications and users. However, 80% of companies have moderate or very high confidence in their abilities to defend against a cyber attack with their current infrastructure – this discrepancy between confidence and preparedness suggests that organizations have the wrong level of confidence in their own ability to navigate the security threat landscape and that they may not adequately assess the true scale of the challenges they face.

The index assesses companies' readiness according to five key pillars: Identity Intelligence, Network Resilience, Machine Trustworthiness, Cloud Reinforcement and AI Fortified, which encompasses 31 solutions and related capabilities. The index is based on a double-blind, independent third-party survey of more than 8,000 security and private sector leaders in 30 global markets. Respondents were asked to indicate what solutions and capabilities they have installed and what stage of implementation they are at. The companies were then classified into four stages of readiness development: Novice, In-Training, Progressive and Mature.

The main results of the global study

Overall, the study found that only 3% of organizations are prepared to deal with today's threats, with two-thirds of those at the Novice or In-Training stages of readiness.

• Future cyber incidents are expected: 73% of respondents believe their business is likely to be disrupted by a cyber security incident in the next 12-24 months. The cost of not being prepared can be substantial, as 54% of respondents said they experienced a cybersecurity incident in the past 12 months, and 52% of those affected said it cost them at least $300,000.

• Point solution overload: The traditional approach of adopting multiple cybersecurity point solutions has not yielded effective results, as 80% of respondents acknowledged that having multiple point solutions has slowed teams' ability to detect, react, and recover from incidents. This raises significant concerns, as 67% of organizations said they have implemented ten or more point solutions in their security architecture, while 25% said they have 30 or more point solutions.

• Unsecured and unmanaged devices add to the complexity: 85% of companies said their employees access company platforms from unmanaged devices, and 43% of them spend a fifth (20%) of their time connected to company networks from unmanaged devices. Additionally, 29% reported that their employees switch between at least six networks during the course of a week.

• Cyber ​​Talent Gap Persists: Progress is hampered by critical talent shortages, with 87% of companies citing this as a problem. In fact, 46% of companies said they had more than ten open cybersecurity positions in their organization at the time of the survey.

• Future cyber investments on the rise: Companies are aware of this challenge and are stepping up their defenses, with over half (52%) planning to significantly modernize their IT infrastructure in the next 12-24 months. That's a significant increase from just a third (33%) who planned to do so last year. Organizations plan to update existing solutions (66%), implement new solutions (57%) and invest in AI-based technologies (55%). Additionally, 97% of companies plan to increase their cybersecurity budget in the next 12 months, and 86% of respondents say their budgets will increase by 10% or more.

Harnessing artificial intelligence:

• 52% of organizations have not yet substantially integrated artificial intelligence into their network security solutions.

• 56% have not yet significantly implemented AI in identity verification and security.

• 52% have yet to leverage AI in cloud security applications.

Results in Europe

• Only 2% of organizations in Europe are ready to face today's threats, being rated as mature. Overall, a decrease in training level was observed compared to 2023. 19% are in the Progressive stage, 66% are in the Training stage, and 13% are in the Beginner stage

• Preparedness is key: 69% of respondents said a cyber security incident is likely to disrupt their business in the next 12-24 months

• Few organizations are prepared to defend against rapidly evolving security threats – 49% of organizations say they have experienced a cyber attack in the past year and that their responses are slowed by complex security structures

• Businesses are taking steps to address this issue – 81% of businesses expect to increase their cyber security budgets in the next 12 months

• The security threat landscape is more complicated than ever – 82% of companies report that their employees access company platforms from unmanaged devices

To overcome today's challenges posed by security threats, companies must accelerate security investments, including adopting innovative security measures and a security platform-based approach, strengthen their network resilience, establish a way appropriate use of generative artificial intelligence and accelerate recruitment to reduce the cybersecurity skills gap.