5 Cybersecurity Pillars Where 85% of Companies Are LaggingOnly 15% of Global Orgs Rank as 'Mature' on Cisco’s Cybersecurity Readiness Index
The global shift to a post-COVID hybrid work environment has presented new and unique cybersecurity challenges for businesses. In response, Cisco launched the Cybersecurity Readiness Index, which measures the preparedness of companies to safeguard against cyberthreats. A double-blind survey of 6,700 private sector cybersecurity leaders in 27 markets classified companies within four stages of increasing security readiness: beginner, formative, progressive and mature.
See Also: Buyer's Guide to Securing Privileged Access
The findings reveal an alarming cybersecurity readiness gap: A mere 15% of organizations worldwide consider themselves mature.
The survey examines organizations across five core pillars of system security: identity, devices, network, application workloads, and data. The findings make it clear that cybersecurity is high in awareness but low in practice. There is a worldwide need for business leaders to increase resilience and preparedness in each area.
New cybersecurity strategies are needed to protect against the risks of identity theft in hybrid working models. Twenty-four percent of respondents ranked identity management as the biggest risk for cyberattacks within their organizations.
Companies are responding with integrated identity and access management solutions, such as multifactor authentication, and some are adding a privileged access management layer. Ninety-five percent of respondents have implemented an identity management solution, and IAM is the most popular. Across the globe, most companies rate in the beginner or formative stage of addressing identity verification.
Improving device security needs higher prioritization. As remote working and the use of multiple devices increase, devices become soft spots within cybersecurity strategies. Having multiple devices per user ranks third among the biggest cybersecurity risks, yet over half of companies are only at the start of their device security journey.
Two-thirds of companies have no device security plans at all. Geographically, Indonesia leads the world in device security readiness, while Japan, New Zealand and South Korea lag behind.
The survey revealed that network protection ranks second on the list of top priorities, and many companies are deploying firewalls with built-in intrusion prevention systems, or IPS. But only 56% of companies that have deployed these systems have fully deployed them. The issue is most acute in Japan, where 82% of businesses fall into the least prepared categories.
On the other hand, Indonesia tops the readiness rankings with 69% falling into the top two categories. To keep up with the shift to hybrid work, companies need to consider novel approaches such as Secure Access Service Edge, or SASE.
Ninety-seven percent of respondents have deployed some solution to protect application workloads, and host software firewalls are the most popular choice. But only 67% had fully deployed the solution. Meanwhile, 78% of IT professionals globally feel their organization is vulnerable to a security attack that would affect the full application stack over the next 12 months.
Although 88% of respondents plan to deploy application protection solutions within 24 months, two-thirds of respondents fell into the formative or beginner categories of readiness. Japan was found to be the least prepared, with 47% in the formative category and 39% in the beginner grouping.
The impact of data leaks can be serious for businesses, resulting in significant time and money spent on resolving the breach, enacting disaster recovery plans, facing regulatory fines, and enduring reputation damage. Ninety-eight percent of respondents claim their organizations have solutions in place to protect data properly.
Most organizations have chosen to encrypt data or backup and recover lost data. Despite this, teams at many organizations still believe they need to do more to protect data.
Bonus: Industry and Size
The report also highlights which industries and company sizes are most prepared for cybersecurity threats. Retail ranks at the top with 21% of organizations in the mature category, followed closely by healthcare and financial services. Travel services are the most advanced in protecting data and have 26% of organizations in the mature category, while restaurant services are highly prepared in identity management.
The report reveals that midsized companies with between 250 and 1,000 employees are best prepared and have more organizations in the mature category - 19% - than their larger counterparts, but smaller organizations are lagging in their cybersecurity readiness.
The survey is evidence that leaders need to rethink, reassess and address cybersecurity threats as they grow in an increasingly connected digital world.
It is crucial for business leaders to take action to address these challenges and improve their cybersecurity readiness to safeguard against cyberthreats and protect their organizations.
Read more about Cisco's Cybersecurity Readiness Index.