Despite many of us hopefully being aware of just how expensive a cybersecurity incident can be, most businesses are still woefully unprepared for such an event, according to the Cisco Cybersecurity Readiness Index, which has revealed just 17% of firms are ready to tackle a cyberattack.
Cisco surveyed 6,700 private sector cybersecurity leaders across 27 markets to see how many firms have set up solutions to protect endpoints (opens in new tab) across five areas: identity, devices, network, application workloads, and data.
Based on this data, Cisco sorted out the businesses in four categories: Beginner, Formative, Progressive and Mature. Formative is the largest of the four groups, with 40% of all firms falling into this category, Cisco said. Progressive is the second-largest with 39%, followed by Mature at 17%. Finally, 4% of all firms fall into the Beginner category.
Expecting an attack
For the researchers, the findings are relatively surprising, given that most organizations expect to be attacked and understand the risks and potential damages.
In fact, 80% expect a cybersecurity incident in the next 12 to 24 months, while 59% experienced one such event over the last year. For almost half (47%) – the incident had cost them north of $500,000.
“The move to a hybrid world has fundamentally changed the landscape for companies and created even greater cybersecurity complexity,” said Jeetu Patel, executive vice president and general manager of security and collaboration at Cisco.
“Organizations must stop approaching defense with a mix of point tools and instead, consider integrated platforms to achieve security resilience while reducing complexity,” Patel added. “Only then will businesses be able to close the cybersecurity readiness gap.”
Cisco believes businesses should establish a “baseline of ‘readiness’ across the five security pillars”, to protect against future attacks. It doesn’t help much knowing that 85% of the respondents plan on increasing their security budgets by at least 10% this year.