Report highlights 'mismatch… in the wake of a rapidly evolving cybersecurity landscape'
Organisations believe they can handle the emerging threats in the cybersecurity landscape, but a new report from Cisco is warning that they're being overconfident and unprepared for what's about to come.
Cisco's study found that 80% of organisations feel "moderately to very confident" in their ability to remain resilient in an evolving cybersecurity landscape.
However, when assessed based on five key pillars, only three per cent of organisations reached the "Mature" level of readiness needed to be resilient against cybersecurity risks.
"It highlights a mismatch in what companies think they can handle versus what they may be able to handle in the wake of a rapidly evolving cybersecurity landscape," the report reads.
Source: 2024 Cisco Cybersecurity Readiness Index
According to the report, the gap indicates that companies may have "misplaced confidence" in their ability to navigate threats and are not properly assessing the true scale of the challenges they face.
"We cannot underestimate the threat posed by our own overconfidence," said Jeetu Patel, Executive Vice President and General Manager of Security and Collaboration at Cisco, in a statement.
"Today's organisations need to prioritise investments in integrated platforms and lean into AI in order to operate at machine scale and finally tip the scales in the favour of defenders."
The good news, according to the report, is organisations appear to be aware that they have more work to do in terms of cybersecurity.
"In response to the heightened risk, 91% have increased their cybersecurity budgets over the past one to two years, and the majority expect their budgets to increase further in the coming one to two years," the report reads.
With higher budgets, more than half (52%) of the respondents said they are planning to significantly upgrade their IT infrastructure in the next 12 to 24 months. Others plan to:
The findings come as 54% of organisations said they experienced a cybersecurity incident in the past year, according to the report, with another 73% anticipating an incident that will disrupt their business in the next 12 to 24 months.
Current challenges faced by organisations in terms of cybersecurity include having multiple point solutions (80%), which respondents said slowed down their ability to detect, respond, and recover from incidents.
Another 85% said their employees are accessing company platforms from unmanaged devices, including 43% who spend one-fifth of their time logged onto company networks from unmanaged devices.
There are also critical cyber talent shortages across organisations, with 87% of organisations citing it as an issue.
According to the report, 46% of organisations said they had more than 10 unfilled cybersecurity roles on their teams at the time of the survey, with larger organisations feeling the crunch.
Source: 2024 Cisco Cybersecurity Readiness Index
The report made several recommendations to boost cybersecurity preparedness for organisations, including the continuous investment in cybersecurity measures across the board.
It also suggested ramping up recruitment and upskilling of in-house talent to close cybersecurity talent gaps.
"Where possible, leverage the advancements in AI to augment and automate tasks while leaning on external cybersecurity expertise to help close key gaps in building and operating cybersecurity infrastructure," the report read.
It also recommended the establishment of a company baseline to gauge how ready the organisation is in terms of cybersecurity threat, and to keep up and utilised latest developments in Generative AI to enhance security programmes.
Cisco's study was based on a double-blind survey of more than 8,000 private sector security and business leaders across 30 global markets conducted by an independent third party.