2024 Cisco Cybersecurity Readiness Index - Evolving Threat Landscape

According to Cisco's 2024 Cybersecurity Readiness Index, just 4% of organizations in India possess the required "Mature" level of readiness to withstand contemporary cybersecurity threats.

The 2024 Cisco Cybersecurity Readiness Index was crafted during a time marked by extensive interconnectivity and a swiftly changing threat environment. Presently, businesses face an array of tactics, spanning from phishing and ransomware to supply chain and social engineering attacks.

Despite efforts to fortify defenses against these threats, organizations encounter difficulties in effectively safeguarding themselves. This challenge is compounded by intricate security frameworks reliant on numerous individual solutions.

These difficulties are exacerbated in contemporary distributed work settings where data spans across a plethora of services, devices, applications, and users. Nonetheless, 88% of companies express moderate to high confidence in their capacity to fend off cyberattacks using their existing infrastructure.

This dissonance between confidence levels and actual readiness implies a potential misjudgment among companies regarding their capability to navigate the threat landscape, possibly leading to an inadequate assessment of the true magnitude of the challenges they confront.

2024 Cisco Cybersecurity Readiness Index: Underprepared and Overconfident Companies Tackle an Evolving Threat Landscape

The Index evaluates companies' preparedness across five essential pillars: Identity Intelligence, Network Resilience, Machine Trustworthiness, Cloud Reinforcement, and AI Fortification, each encompassing 31 corresponding solutions and capabilities. It relies on a double-blind survey conducted by an independent third party, encompassing over 8,000 private sector security and business leaders across 30 global markets. Respondents were queried about their deployment status and stage of deployment concerning these solutions and capabilities. Subsequently, companies were categorized into four readiness stages: Beginner, Formative, Progressive, and Mature.

“We cannot underestimate the threat posed by our overconfidence,” said Jeetu Patel, Executive Vice President and General Manager of Security and Collaboration at Cisco. “Today's organizations need to prioritize investments in integrated platforms and lean into AI to operate at machine scale and finally tip the scales in the favor of defenders.”

“In an era witnessing unprecedented proliferation of devices and rising AI-powered cyberattacks, it's critical that organizations not only increase their investment in cybersecurity but also embrace an integrated platform approach to protect the five key pillars and take steps to reduce their security readiness gap. They must also ensure that AI is integrated into frontline defenses as part of their overall cybersecurity strategy to fortify their defenses against evolving threats, futureproof their operations, and strengthen security resilience in a digital-first world,” Samir Kumar Mishra, Director of Security Business, Cisco India & SAARC.

Findings of the 2024 Cisco Cybersecurity Readiness Index

In summary, the research revealed that merely 4% of Indian companies possess the readiness to effectively confront present-day threats, while 59% of organizations are categorized in the Beginner or Formative stages of readiness. On a global scale, only 3% of companies have reached the Mature stage. Additionally:

• Future Cyber Incidents Expected: 82% of survey participants anticipate a cybersecurity incident disrupting their business within the next 12 to 24 months. The repercussions of being ill-prepared can be significant, as 74% of respondents reported encountering a cybersecurity incident in the preceding 12 months. Among those impacted, 55% stated incurring costs of at least US$300,000.
• Point Solution Overload: The conventional strategy of integrating numerous cybersecurity point solutions has proven ineffective, with 88% of participants acknowledging that this approach impeded their team's efficiency in detecting, responding to, and recovering from incidents. This poses notable concerns, given that 78% of organizations reported deploying ten or more point solutions within their security frameworks, while 38% stated having 30 or more.
• Unsecure and Unmanaged Devices Add Complexity: 92% of companies disclosed that their employees access company platforms using unmanaged devices, with 48% of those individuals spending approximately one-fifth (20%) of their time logged onto company networks via such devices. Moreover, 39% of respondents indicated that their employees switch between a minimum of six networks within a week.
• The Cyber Talent Gap Persists: Further advancement is hindered by significant shortages in critical talent, as noted by 91% of companies. Remarkably, 59% of organizations reported having more than ten vacant positions related to cybersecurity within their ranks at the time of the survey.
• Future Cyber Investments Ramping Up: Companies are aware of the challenge and are ramping up their defenses with 71% planning to significantly upgrade their IT infrastructure in the next 12 to 24 months. This is a marked increase from 51% who planned to do so last year. Most prominently, organizations plan to upgrade existing solutions (70%), deploy new solutions (58%), and invest in AI-driven technologies (60%). Further, 99% of companies expect to increase their cybersecurity budget in the next 12 months, and 95% of respondents say their budgets will increase by 10% or more.

To surmount the obstacles posed by the current threat landscape, companies must expedite substantial investments in security. This involves embracing innovative security measures and adopting a security platform approach, enhancing network resilience, leveraging generative AI effectively, and intensifying recruitment efforts to address the cybersecurity skills deficit.

With DQ Channels, Cisco representatives shared their views on how partners can leverage GenAI in the cybersecurity domain, and how Cisco is offering training and enablement to the channel partners to keep pace with the ever-changing AI space.

Peter Molloy – Managing Director, Security, APJC answered, “The partner committee is key to the various segments of the market where they are small scale, medium, and large enterprises. In the large enterprise, every single customer we speak to has their own project, learning, and skills, they are getting briefing board level and all the rest of the ad developers. They’re going to lean on consultancies, some of them actually deliver the outcome. But, then you’ve got the community, the scale market, that really needs to leverage the customer."

He added, "We can’t community just in the way they do in terms of delivery of the general IT solution because they simply don’t have skill sets to dedicate to those types of resources. We have discussed the skill shortages. That is also why you’re sending a significant transition to consuming IT as a service and that is again an area that we rely on our partners to step up to. I look at them as delivering successful outcomes. They need knowledge, skill, and attitude. In knowledge, we need to provide the skills to exercise that knowledge and translate that interaction.” 

Raymond Janse van Rensburg – VP, of Specialists and Solutions Engineering, APJC, also shared, “I think a lot of the value and the benefits are there already in some of the areas in Southern. There is an AI assistant for the security operations center. There’s a system firewall, and There’s an AI assistant for secure access so using those capabilities is probably the first step that I’ll go to, then we have our own implementations, I think that links to what you are saying is how do we look at providing that support and capability, How do we secure the life cycle within the organization, Instead of purely using for security.”