A mere 11% of organisations in Australia have a ‘Mature’ level of readiness to tackle the cybersecurity risks of a hybrid world, according to Cisco’s first-ever Cybersecurity Readiness Index released today.
The index has been developed against the backdrop of a post-COVID world, where users and data must be secured wherever work gets done. The report highlights where businesses are doing well and where cybersecurity readiness gaps will widen if global business and security leaders don’t take action.
Cisco Cybersecurity Readiness Index: Resilience in a Hybrid World
Organisations have moved from an operating model that was largely static – where people operated from single devices from one location, connecting to a static network – to a hybrid world in which they increasingly operate from multiple devices in multiple locations, connect to multiple networks, access applications in the cloud and on the go, and generate enormous amount of data. This presents new and unique cybersecurity challenges for companies.
Titled Cisco Cybersecurity Readiness Index: Resilience in a Hybrid World, the report measures the readiness of companies across five core pillars that determine the cybersecurity resilience of businesses facing modern threats: identity, devices, network, application workloads, and data, and 19 different solutions across these pillars.
The independent double-blind survey asked 6,700 cybersecurity leaders across 27 markets to indicate which of these solutions they had deployed, and the stage of deployment. Companies were then classified in four stages of increasing readiness: Beginner, Formative, Progressive and Mature.
- Beginner (Overall score of less than 10): At initial stages of deployment of solutions
- Formative (Score of between 11 – 44): Have some level of deployment, but performing below average on cybersecurity readiness
- Progressive (Score of between 45 – 75): Considerable level of deployment and performing above average on cybersecurity readiness
- Mature (Score of 76 and higher): Have achieved advanced stages of deployment and are most ready to address security risks
Findings
Alongside the stark finding that only 11% of companies in Australia are at the Mature stage, more than half (54%) of companies fall into the Beginner (5%) or Formative (49%) stages – meaning they are performing below average on cybersecurity readiness. Globally, 15% of companies are at a Mature stage.
This readiness gap is telling, not least because 92% respondents said they expect a cybersecurity incident to disrupt their business in the next 12 to 24 months. The cost of being unprepared can be substantial as 70% of respondents said they had a cybersecurity incident in the last 12 months, and 69% of those affected said it cost them at least AUD $740,000+.
Cisco Australia & New Zealand’s Head of Cybersecurity, Corien Vermaak, said:
“It is evident that there are things we can do better in cybersecurity as Australian organisations can do more when it comes to their cybersecurity hygiene. While the report shows the shortfalls, it also highlights the areas in which we are progressing relative to maturity, with less organisations in the ‘beginner’ space, and more organisations in the ‘progressive’ stage – it highlights our industry is maturing in the right direction.
“Security is clearly top of mind for Australian organisations, and it’s no surprise given the challenges and threats in this space. We can see that organisations in the industry are expecting these incidents now, with 92% of respondents saying they expect a cybersecurity incident.
“The move to hybrid working has fundamentally shifted the landscape of security readiness, and we are moving towards a progressive style of maturity – that’s good news. There is more to do together, as organisations, partners and communities to continue the upwards trajectory.
“There is an opportunity for the public and private sectors to work more closely in order to continue to improve in cybersecurity readiness, such as educating multiple areas of the business and not just the immediate team and users. The cybersecurity skills gap also needs addressing and is key to our response to improving cybersecurity maturity and ensuring it is sustainable.”
Business leaders must establish a baseline of ‘readiness’ across the five security pillars to build secure and resilient organisations. This need is especially critical given that 91% of the respondents plan to increase their security budgets by at least 10 percent over the next 12 months. By establishing a base, organisations can build on their strengths and prioritise the areas where they need more maturity and improve their resilience.
Other key findings of the index include:
Readiness across the five key pillars
- Identity: Only 23% of organisations are ranked Mature
- Devices: This has the highest percentage of companies in the Mature stage at 26%
- Network Security: Companies are lagging on this front with 56% of organisations in the Beginner or Formative stages
- Application Workloads: This is the pillar where companies are the least prepared, with 67% of organisations in the Beginner or Formative stages
- Data: Progress is needed here, as only 17% companies are in the Mature stage
*$500,000 USD