Today’s cyber threat landscape is more complicated than ever, and organizations are struggling to maintain a foothold. Billions of users, devices and IoT devices are connecting to enterprise networks, cloud applications and data at a scale unlike ever before. Advancements in AI and the mainstream availability of capabilities like generative AI are empowering malicious actors to deploy more sophisticated, targeted attacks. Companies are struggling to respond.

Cisco’s second annual Cybersecurity Readiness Index surveyed over 8,000 business and cybersecurity leaders across 30 global markets from a broad range of industries, including financial services, retail, technology services and manufacturing. The Index showed that staggeringly few organizations have a ‘Mature’ level of readiness needed to be resilient against modern cybersecurity risks.

In an era defined by hyperconnectivity and a rapidly evolving threat landscape, companies today are targeted with a variety of techniques that range from phishing and ransomware to supply chain and social engineering attacks. And while they are building defenses, their efforts are slowed by their own overly complex security postures that are dominated by multiple point solutions.

These challenges are compounded in today’s distributed working environments where data can be spread across limitless services, devices, applications and users. However, 80 percent of companies still feel moderately to very confident in their ability to defend against a cyberattack with their current infrastructure. This disparity between confidence and readiness suggests that companies may have misplaced confidence in their ability to navigate the threat landscape and may not be properly assessing the true scale of the challenges they face.

Auditing the Threat Landscape

The Index assesses the readiness of companies on five key pillars: Identity Intelligence, Network Resilience, Machine Trustworthiness, Cloud Reinforcement and AI Fortified, which comprise of 31 corresponding solutions and capabilities. It is based on a double-blind survey of more than 8,000 private sector security and business leaders across 30 global markets conducted by an independent third party.

The respondents were asked to indicate which of these solutions and capabilities they had deployed and what the stage of deployment it was at. Companies were then classified into four stages of increasing readiness: Beginner, Formative, Progressive and Mature.

Overall, the study found that only three percent of companies are ready to tackle today’s threats, with two-thirds of organizations falling into the Beginner or Formative stages of readiness. Peeling back the layers of respondent feedback shows just how much work business and country leaders alike have to do to get security levels to an appropriate level.

Key Challenges in the Middle East and Africa

Future cyber incidents expected: 75 percent of respondents said they expect a cybersecurity incident to disrupt their business in the next 12 to 24 months. The cost of being unprepared can be substantial, as 64 percent of respondents said they experienced a cybersecurity incident in the last 12 months, and 55 percent of those affected said it cost them at least US$300,000.

Point solution overload: The traditional approach of adopting multiple cybersecurity point solutions has not delivered effective results, as 79 percent of respondents admitted that having multiple point solutions slowed down their team’s ability to detect, respond and recover from incidents. This raises significant concerns as 78 percent of organizations said they have deployed ten or more point solutions in their security stacks, while 28 percent said they have 30 or more.​

Unsecure and unmanaged devices add complexity: 85 percent of companies said their employees access company platforms from unmanaged devices​, and 43 percent of those spend one-fifth (20%) of their time logged onto company networks from unmanaged devices. ​Additionally, 30 percent reported that their employees hop between at least six networks over a week.

The cyber talent gap persists: Progress is being further hampered by critical talent shortages, with 89 percent of companies highlighting it as an issue. In fact, 51 percent of companies said they had more than ten roles related to cybersecurity unfilled in their organization at the time of the survey.

Future cyber investments ramping up: Companies are aware of the challenge and are ramping up their defenses with almost half planning to significantly upgrade their IT infrastructure in the next 12 to 24 months. This is a marked increase from just one-third who planned to do so last year. Most prominently, organizations plan to upgrade existing solutions (66%), deploy new solutions (52%) and invest in AI-driven technologies (55%). Further, 91 percent of companies plan to increase their cybersecurity budget in the next 12 months, and 71 percent of respondents say their budgets will increase by 20 percent or more.

In an era where digital threats are evolving at an unprecedented pace, resilience in cybersecurity is no longer optional – it is a necessity for safeguarding your business’s future.