A new report released today by Cisco Systems Inc. disturbingly finds that only 3% of organizations globally have a “mature” level of readiness needed to be resilient against today’s cybersecurity risks.

The 2024 Cisco Cybersecurity Readiness Index, based on a double-blind survey of more than 8,000 private sector security and business leaders across 30 global markets, found that companies today are continuing to be targeted with techniques ranging from phishing and ransomware to supply chain and social engineering attacks. But though they are building defenses against these attacks, most are still struggling to defend against them, often slowed down by overly complex security postures that are dominated by multiple point solutions.

The report also highlights the challenges that organizations face in today’s distributed working environments where data can be spread across limitless services, devices, applications and users.

Of those surveyed, 80% of companies feel moderately to very confident in their ability to defend against a cyberattack with their current infrastructure. That’s despite the results finding that they are often lacking in readiness. The report suggests that the disparity between confidence and readiness may be due to misplaced confidence in their ability to navigate the threat landscape and not properly assessing the true scale of the challenges being faced.

While companies may not be completely ready, they are mostly aware of the risks. Nearly three-quarters of respondents said they expect a cybersecurity incident to disrupt their business in the next 12 to 24 months. That expectation, in many cases, comes from past experience, with more than half of respondents saying that they had experienced a cybersecurity incident in the last 12 months. More than half of those affected also said it cost them at least $300,000.

In terms of what companies are doing to combat threats, 80% said that they had point solution overload — multiple point solutions that have slowed down their team’s ability to detect, respond and recover from incidents. Two-thirds of respondents said that they have deployed t10n or more point solutions in their security stacks, while a quarter said they have 30 or more.

The adoption of unmanaged devices was also highlighted, with 85% saying their employees access company platforms from unmanaged devices and 43% of those spend 20% of their time logged onto company networks from unmanaged devices. Additionally, 29% reported that their employees hop among at least six networks over a week.

Progress in trying to address security gaps was also found to be being hampered due to critical talent shortages. Some 87% said it was an issue and 46% said they had more than 10 roles related to cybersecurity unfilled in their organization at the time of the survey.

Despite the challenges, just over half said that they were planning to significantly upgrade their IT infrastructure in the next 12 to 24 months, up from a third that planned to do so last year. Organizations plan to upgrade existing solutions (66%), deploy new solutions (57%) and invest in artificial intelligence-driven technologies (55%).  Nearly all companies said they plan to increase their cybersecurity budget in the next 12 months, and 86% of respondents say their budgets will increase by 10% or more.

“To overcome the challenges of today’s threat landscape, companies must accelerate meaningful investments in security,” the report concludes. Recommendations include the adoption of innovative security measures and a security platform approach, strengthening network resilience, establishing meaningful use of generative AI and ramping up recruitment to bridge the cybersecurity skills gap.

Photo: Cisco