Organisations in developed countries are not as prepared for cybersecurity incidents compared to those in developing countries, according to Cisco's Cybersecurity Readiness Index, released today.
Countries that were found to be most mature in their overall cybersecurity readiness included Asia-Pacific countries such as Indonesia, with 39% of organisations in what Cisco considers a "mature stage" of security preparedness; Philippines and Thailand, both with 27% of organisations in the mature stage; and India, with 24% of organisations in the mature stage.
On the other hand, organisations in richer countries fared much worse in the survey. For instance, only 5% of organisations in Japan were in the mature stage of cybersecurity readiness, while 7% of organisations in South Korea were in the mature stage, according to the Cisco report.
A similar trend was observed in the US, with only 13% of organisations fully ready to tackle cybersecurity incidents, according to the report. Meanwhile, only 9% of organisations in Canada, and 12% in Mexico, were found to be in the mature stage.
Tech debt causes lack of cybersecurity preparedness
The drastic difference in cybersecurity preparedness between developed and developing nations is likely because organisations in emerging markets started adopting digital technology more recently compared to their peers in developed markets. “That means many of these companies do not have legacy systems holding them back, making it relatively easier to deploy and integrate security solutions across their entire IT infrastructure,” the report said, adding that technology debt — the estimated cost or assumed impact of updating systems — continues to be a major driver of the readiness gap.
The Cisco Cybersecurity Readiness Index categorises companies in four stages of readiness — beginner, formative, progressive, and mature. The report is based on a survey of 6,700 cybersecurity leaders in 27 global markets.
The survey found that 47% of organisations fall into the formative category, where they have taken some of the basic steps to protect themselves, 30% are in the progressive stage, 8% in the beginner stage, and only 15% in the mature stage.
About 82% of security leaders globally said that cybersecurity incidents are likely to disrupt their businesses over the next 12 to 24 months.
Almost 60% of security leaders said they had experienced some kind of cybersecurity incident in the last 12 months. The incidents cost 71% of affected organisations at least $100,000, with 41% incurring an overall cost of $500,000 or more, the Cisco report said.
“We have an alarming cybersecurity readiness gap, and it’s only going to widen if global business and security leaders don’t pivot quickly,” Cisco said in its report.
Cisco's 5 pillars of cybersecurity readiness
Cisco categorised organisations based on five pillars of cybersecurity readiness: for identity, devices, network, application workloads, and data.
Identity management was recognised as the most critical area of concern. Close to three in five respondents, or 58% of organisations, were either in the formative or beginner category for identity management. However, 95% were at least at some stage of deployment with an appropriate ID management application, the report said.
For network protection, 56% of organisations were at the lower end of the readiness spectrum. “That indicates many are in the early stages of deploying solutions although the good news is that half of our respondents (50%) plan to finalise deployments within the next 12 months,” Cisco said in its report.
Almost a third of organisations, or 31%, fall into the readiness category, and about 97% of organisations have deployed a system to protect application workloads.
When it comes to protecting data, 98% of respondents had applications in place, with 67% choosing to encrypt data or ensure that they are able to back up and recover lost data. Almost 94% had either partially or fully deployed these systems.
“Deployments of some solutions, particularly those for identity, devices and networks, are not being rolled out as quickly as they could, leaving some organisations vulnerable to attack,” Cisco said in its report.
Organisations to increase cybersecurity budgets
While many global organisations were found to have low levels of preparedness for cybersecurity attacks, most of them said they were planning to increase investments in cybersecurity over the coming months.
Almost 86% of organisations said they have plans to increase their cybersecurity budgets by at least 10% over the next 12 months, the report said.
Most organisations are already thinking about resilience in their financial, operational, organisational, and supply chain functions. “What organisations need is security resilience, where security is foundational to business strategy and is collectively prioritised throughout the organisation, allowing companies to better anticipate threats and bounce back faster when a threat becomes real,” the report said.
Almost 53% of organisations categorised as mature said they were very confident in the ability to stay resilient against potential cyberattacks in the next 12 to 24 months. Only 30% of companies in the beginner stage and 34% in the formative stage felt the same.