73% brace for cybersecurity impact on business in the next year or two
Only 3% of organizations across the globe have the ‘mature’ level of readiness needed to be resilient against modern cybersecurity risks, according to Cisco.
The 2024 Cisco Cybersecurity Readiness Index highlights that readiness is down significantly from one year ago, when 15% of companies were ranked mature.
Low cybersecurity risks readiness levels
Companies today continue to be targeted with a variety of techniques that range from phishing and ransomware to supply chain and social engineering attacks. And while they are building defenses against these attacks, they still struggle to defend against them, slowed down by their own overly complex security postures that are dominated by multiple point solutions.
80% of companies still feel moderately to very confident in their ability to defend against a cyberattack with their current infrastructure – this disparity between confidence and readiness suggests that companies may have misplaced confidence in their ability to navigate the threat landscape and may not be properly assessing the true scale of the challenges they face.
“We cannot underestimate the threat posed by our own overconfidence,” said Jeetu Patel, EVP and GM of Security and Collaboration at Cisco. “Today’s organizations need to prioritize investments in integrated platforms and lean into AI in order to operate at machine scale and finally tip the scales in the favor of defenders.”
73% of respondents said they expect a cybersecurity incident to disrupt their business in the next 12 to 24 months. The cost of being unprepared can be substantial, as 54% of respondents said they experienced a cybersecurity incident in the last 12 months, and 52% of those affected said it cost them at least $300,000.
The traditional approach of adopting multiple cybersecurity point solutions has not delivered effective results, as 80% of respondents admitted that having multiple point solutions slowed down their team’s ability to detect, respond and recover from incidents. This raises significant concerns as 67% of organizations said they have deployed ten or more point solutions in their security stacks, while 25% said they have 30 or more.
Talent shortages impact productivity
85% of companies said their employees access company platforms from unmanaged devices, and 43% of those spend 20% of their time logged onto company networks from unmanaged devices. Additionally, 29% reported that their employees hop between at least six networks over a week.
Progress is being further hampered by critical talent shortages, with 87% of companies highlighting it as an issue. In fact, 46% of companies said they had more than ten roles related to cybersecurity unfilled in their organization at the time of the survey.
Companies are aware of the challenge and are ramping up their defenses with 52% planning to significantly upgrade their IT infrastructure in the next 12 to 24 months. This is a marked increase from 33% who planned to do so last year.
Most prominently, organizations plan to upgrade existing solutions (66%), deploy new solutions (57%), and invest in AI-driven technologies (55%). Further, 97% of companies plan to increase their cybersecurity budget in the next 12 months, and 86% respondents say their budgets will increase by 10% or more.
To overcome the challenges, companies must accelerate meaningful investments in security, including adoption of innovative security measures and a security platform approach, strengthen their network resilience, establish meaningful use of generative AI, and ramp up recruitment to bridge the cybersecurity skills gap.