According to Cisco’s 2024 Cybersecurity Readiness Index, only 3% of organizations worldwide have reached the ‘Mature’ level of readiness for modern cybersecurity risks. The majority of organizations, two-thirds in fact, are still in the ‘Beginner’ or ‘Formative’ stages of readiness.
The index highlights a significant decrease in readiness compared to the previous year when 15% of companies were classified as ‘Mature’.
Despite facing various cyber threats such as phishing, ransomware, supply chain attacks, and more, organizations are struggling to defend themselves due to their complex security infrastructure with multiple point solutions.
This challenge is exacerbated in distributed work environments where data is spread across different services, devices, applications, and users. However, even with these obstacles, 80% of companies feel moderately to very confident in their ability to defend against cyberattacks with their current setup.
This overconfidence and disparity between confidence and readiness suggest that organizations may not fully grasp the true extent of the risks they face in the cyber threat landscape.
The index evaluates companies’ readiness across five pillars: identity intelligence, network resilience, machine trustworthiness, cloud reinforcement, and AI-fortified. It is based on a survey of over 8,000 private sector security and business leaders who were categorized into four stages of readiness: Beginner, Formative, Progressive, and Mature.
Jeetu Patel, Executive Vice President and General Manager of Security and Collaboration at Cisco, emphasized the importance of prioritizing investments in integrated platforms and leveraging AI to operate at scale to better defend against cyber threats.
Key Insights
Here are some notable findings from the index:
- Future Cyber Incidents Expected: 73% of respondents anticipate a cybersecurity incident disrupting their business in the next 12 to 24 months. The costs of being unprepared can be steep, as demonstrated by the 54% who experienced an incident in the last year, with 52% reporting costs of at least $300,000.
- Point Solution Overload: Having multiple cybersecurity point solutions has not proven effective, with 80% of respondents noting a slowdown in incident detection, response, and recovery. Despite this, 67% have deployed 10 or more point solutions, and 25% have 30 or more.
- Unsecure And Unmanaged Devices Add Complexity: 85% of surveyed companies have employees accessing company platforms from unmanaged devices, further complicating security efforts. Additionally, 43% of these employees spend a significant portion of their time logged onto company networks from such devices.
- Cyber Talent Gap Persists: Talent shortages continue to impede progress, with 87% of companies citing it as an issue. Furthermore, 46% of organizations reported having more than 10 unfilled cybersecurity-related roles at the time of the survey.
- Future Cyber Investments Ramping Up: Over 50% of companies plan to upgrade their IT infrastructure in the next 12 to 24 months, with a focus on deploying new solutions, upgrading existing ones, and investing in AI-driven technologies. Additionally, 97% intend to increase their cybersecurity budget in the coming year, with 86% expecting a budget increase of 10% or more.