Organizations are not ready.
A new study by Cisco Systems has uncovered an alarming gap between the growing cybersecurity threat landscape and the readiness of organizations to defend against it. The networking giant's 2024 Cybersecurity Readiness Index shows that only 3% of companies globally have reached the "Mature" level needed to be truly resilient in today's threat environment.
Cisco also addressed key challenges faced by companies. The study also discussed the pivotal role of AI in shaping cybersecurity strategies.
The findings paint a picture of underprepared and overconfident companies grappling with increasingly sophisticated cyberattacks amidst severe skills shortages. Despite nearly three-quarters of respondents expecting a disruptive cybersecurity incident in the next 12-24 months, a surprising 80% still feel moderately or very confident in their ability to defend against attacks.
Credit: Cisco
The traditional approach of deploying multiple cybersecurity point solutions has proven ineffective, with 80% of companies admitting their fragmented solutions slow incident response times. Despite this 67% still have 10 or more separate tools in their security stack.
Complicating matters further, 85% of companies allow employees to access networks from unmanaged devices like personal laptops and phones. On average, employees bounce between six different networks weekly, exposing new vulnerabilities.
The cybersecurity talent shortage also remains a critical impediment. The study shows that 87% of organizations cite it as an issue and 46% have more than 10 open security roles.
"Companies are aware of the challenge but their response still falls short," said Raymond Janse van Rensburg, VP Specialists and Solutions Engineering at Cisco APJC. "The dynamic threat landscape requires accelerating adoption of innovations like AI cybersecurity assistants and capabilities to correlate and analyze threats at machine scale and speed," he added.
To bridge the readiness gap, 97% of companies plan to increase cybersecurity spending over the next 12 months, with 86% hiking budgets by over 10%. Some 66% will upgrade existing solutions while 57% deploy new ones and 55% invest in AI technologies.
However, simply throwing money at the problem without addressing strategic deficiencies is unlikely to move the needle, experts warn. "The first step is creating a clear plan for the desired cybersecurity end-state. Without that roadmap, organizations remain reactive and perpetually behind the curve," Rensdberg said.
Rensburg emphasized the need for a platform-centric security approach to reduce complexity and enable integrated threat intelligence across the entire environment. "If you have 30 or 50 different vendors, there's no unified view. A platform approach allows coordinating security data to identify and respond to threats faster."
The imperative for organizations to develop comprehensive cybersecurity strategies and invest in platforms that enable holistic security management was emphasized. Planning was identified as a foundational step, essential for aligning security initiatives with broader digital transformation objectives.
Peter Molloy, Managing Director of Global Security Sales Operations at Cisco APJC, highlighted the importance of flexibility in an environment characterized by diverse existing solutions. He advocated for enhancement rather than wholesale replacement of existing tools.
Despite the awareness of escalating threats, the Readiness Index reveals companies have yet to properly assess and address the scale of the cybersecurity challenges they face. As attack surfaces expand with trends like remote work, IoT devices, and AI adoption, organizations must move rapidly to implement more proactive, integrated defenses before they inevitably fall victim.
Raymond noted the multifaceted role of AI in cybersecurity. He said there is a need for both human and machine capabilities to address evolving threats effectively.
He said it is necessary to leverage AI for assistance in policy creation, validation, and threat intelligence analysis. This approach aligns with Cisco's Talos threat intelligence service, he added.
The cybersecurity readiness crisis is a defining business risk of the current era. Without accelerating their cyber transition from a reactive to a proactive posture, a significant number of companies remain at risk in today's hostile digital environment.
With AI emerging as a crucial tool in cybersecurity defense, the collaborative efforts of companies and their partners are vital in navigating the evolving threat landscape and ensuring robust security postures. Through strategic planning, investment in advanced technologies, and collaborative partnerships, organizations can strengthen their cybersecurity resilience and adaptability in the face of evolving threats.