Study: 71% of companies fall into low categories of cybersecurity readiness

share on

twitter /
facebook /
linkedin /
- email
- telegram
- whatsapp
- wechat
- pinterest
- line
- snapchat
- reddit

The sophistication, scale and frequency of cybersecurity threats are currently outstripping protective measures taken by companies with only 3% of organisations being categorised in the highest or mature category for cybersecurity readiness. In fact, 71% of organisations fall in the bottom two categories formative (60%) and beginner (11%).

Despite the lack of readiness, 80% of companies feel moderately to very confident in their ability to stay resilient against cyber threats which underline a gap that suggests that companies have misplaced confidence in their ability to navigate the threat landscape.

Don't miss: Study: 84% sellers in Singapore believe AI for customer research is key to success

In fact, 54% of organisations have experienced a cybersecurity incident in the past year and 73% believe they are likely to face one in the next year or two. While malware (76%) and phishing (54%) continue to remain the top types of attacks experienced, 37% of companies were impacted by credential stuffing in the past year.

These were the results of IT and security giant Cisco’s 2024 Cybersecurity Readiness Index which surveyed 8,136 business leaders across 30 global markets. The Index assesses five weighted pillars of cybersecurity preparedness which include identity intelligence (25%), network resilience (25%), machine trustworthiness (20%), cloud reinforcement (15%) and AI fortification (15%).

Overall, financial services, technology services along with media and communications industries performed the best with 30% or more companies in the upper mature and progressive. In contrast, industries requiring the most improvement are personal care and services, education and wholesale each with between 15 to 18% in the beginner category, the lowest in the index.

Does company size matter?

In response to the heightened risk, 91% have increased their cybersecurity budgets over the past one to two years, and the majority expect their budgets to increase further in the coming one to two years. Overall, financial services, technology services along with media and communications industries performed the best with 30% or more companies in the upper mature and progressive.

Unsurprisingly, readiness also correlates to an organisation’s size, as more budget can be dedicated to cybersecurity in larger companies. Those with more than 1,000 employees exhibit higher rates of maturity, while medium-sized organizations (250-1,000 employees) are not far behind due to their agile ability to deploy without the bureaucracy of larger businesses.

Smaller organisations (below 250 employees) tend to be less ready, with large numbers dropping into the formative(64%) and beginner (16%) categories. However, the performance of small organisations has improved year-on-year as AI-enhanced cybersecurity has allowed them to plug some of the labour and expertise gaps that set them apart from larger counterparts.

Room for improvement

While cybersecurity readiness is low across the board, the lack of preparedness evidenced in the identity intelligence and cloud reinforcement pillars is particularly acute. To help close the security gap, companies should continue to keep abreast of the latest advances in AI-powered security technologies as malicious actors looking to exploit vulnerabilities will be.

Moving forward, companies must continue to accelerate investment in protective cybersecurity measures across the board, including adopting a platform approach to ensure all solutions in the security stack can be leveraged to their maximum ability.

Furthermore, they can ramp up the recruitment and upskilling of in-house talent to close cybersecurity talent gaps. Where possible, AI advancements can be leveraged to augment and automate tasks while leaning on external cybersecurity expertise.

As companies establish a baselines of how ready there are across the five security pillars, they must also urgently assess and close vulnerability gaps created by unmanaged devices and unsecured Wi-Fi networks.

share on