The organization is not ready.
A new study from Cisco Systems reveals an alarming gap between the growing cybersecurity threat landscape and organizations' preparedness to defend against it. According to the networking giant's 2024 Cybersecurity Readiness Index, only 3% of businesses worldwide have reached the level of “maturity” needed to be truly resilient in today's threat environment. Not too much.
Cisco has also addressed key challenges facing enterprises. The study also discusses the pivotal role of AI in shaping cybersecurity strategies.
The findings highlight how underprepared and overconfident companies are grappling with increasingly sophisticated cyber-attacks amid severe skills shortages. Almost three-quarters of respondents expect a devastating cybersecurity incident to occur within the next 12 to 24 months, yet a surprising 80% still lack confidence in their ability to defend against attacks. Feeling somewhat or very confident.
Credit: Cisco
The traditional approach of deploying multiple cybersecurity point solutions has proven ineffective, with 80% of businesses admitting that fragmented solutions slow incident response times. Despite this, 67% still use 10 or more separate tools in their security stack.
To further complicate matters, 85% of companies allow employees to access the network from unmanaged devices such as personal laptops and phones. On average, employees move between six different networks every week, exposing new vulnerabilities.
The lack of cybersecurity talent also remains a significant hurdle. The study found that 87% of organizations cited it as an issue, and 46% had 10 or more open security roles.
“Enterprises are aware of this challenge, but they are not doing enough to address it,” said Raymond Janse van Rensburg, specialist and vice president of solutions engineering at Cisco APJC. “The dynamic threat landscape requires accelerated adoption of innovations such as AI cybersecurity assistants and the ability to correlate and analyze threats at machine scale and speed,” he added.
To close the readiness gap, 97% of companies plan to increase spending on cybersecurity over the next 12 months, and 86% have increased their budgets by 10% or more. Approximately 66% will upgrade existing solutions, 57% will introduce new solutions, and 55% will invest in AI technology.
But experts warn that simply throwing money at the problem without addressing its strategic flaws is unlikely to move the needle. “The first step is to create a clear plan for the desired cybersecurity end state. Without that roadmap, your organization will fall behind and remain behind forever.” Rensdberg he said.
Rensburg emphasized the need for a platform-centric security approach that reduces complexity and enables unified threat intelligence across the environment. “When you have 30 or 50 different vendors, there's no unified view. A platform approach allows you to align your security data to identify and respond to threats faster.”
It was emphasized that it is essential for organizations to develop a comprehensive cybersecurity strategy and invest in a platform that enables comprehensive security management. Planning was recognized as an essential foundational step to aligning security efforts with broader digital transformation goals.
Peter Molloy, managing director of global security sales operations at Cisco APJC, emphasized the importance of flexibility in an environment characterized by a variety of existing solutions. He advocated enhancements to existing tools rather than outright replacements.
Despite recognition of the escalating threat, the Readiness Index reveals that businesses are failing to adequately assess and address the scale of the cybersecurity challenges they face. As trends such as remote work, IoT devices, and AI adoption expand the attack surface, organizations must quickly implement more proactive and integrated defenses before the inevitable fallout.
Raymond pointed out the multifaceted role of AI in cybersecurity. He said both human and machine capabilities are needed to effectively deal with evolving threats.
He said AI must be leveraged to assist in policy creation, validation and threat intelligence analysis. This approach is in conjunction with Cisco's Talos threat intelligence service, he added.
The cybersecurity readiness crisis is the defining business risk of our time. Without accelerating the cyber transition from reactive to proactive, a significant number of businesses remain at risk in today's challenging digital environment.
As AI emerges as a critical tool in cybersecurity defense, a collaborative effort by businesses and their partners is essential to address the evolving threat landscape and ensure a robust security posture. Through strategic planning, investments in advanced technology, and collaborative partnerships, organizations can strengthen their cybersecurity resilience and adaptability in the face of evolving threats.
