Organisations globally are dangerously underprepared for contemporary security threats, a new report has found. Furthermore, Cisco’s 2024 Cybersecurity Readiness Index reveals that businesses are less prepared for cyber threats than they were a year ago, with organisations defined as having a ‘mature’ level  falling from 15% to 3%.

The report is the second annual report published by the digital communications tech firm. It aims to address the evolving global cybersecurity landscape to guide how organisations can tackle new and existing risks.

Cisco’s Index benchmarks organisations’ readiness against five key pillars: Identity Intelligence, Network Resilience, Machine Trustworthiness, Cloud Reinforcement and AI Fortification. These consist of 31 solutions and capabilities and are based on a survey of over 8000 security and business leaders in 30 global markets, where each was asked which of the solutions and capabilities they had implemented and by what extent. The results were then categorised into the four stages of readiness: Beginner, Formative, Progressive and Mature. Only 3% of respondent organisations qualify for the Mature category.

Risks cited in the report comprised of more sophisticated phishing and ransomware attacks used to target supply chains, and an increase in social engineering attacks, which aim to trick users into disclosing private or confidential information.

“We cannot underestimate the threat posed by our own overconfidence,” said Jeetu Patel, EVP and GM of security and collaboration at Cisco. “Today’s organisations need to prioritise investments in integrated platforms and lean into AI in order to operate at machine scale and finally tip the scales in the favour of defenders.”

A persisting cyber talent gap impacts cyber threats

The Index highlighted other findings such as an increase in future investments in cybersecurity measures alongside an expectation of increased attacks, and a persisting cyber talent gap, with 87% of companies highlighting this as an issue. Almost half (46%) of the companies also said they had more than 10 unfilled cybersecurity roles on their teams at the time of the survey, the report said.

Point solution overload was also highlighted, with 80% of respondents admitted that having multiple point solutions slowed down their team’s ability to detect unauthorised activity, as well as unsecure and unmanaged devices adding complexity. 85% of companies said their employees access company platforms from unmanaged devices, and 43% of those spend one-fifth (20%) of their time logged onto company networks from unmanaged devices.

Cyber threats are becoming increasingly complex

With hackers becoming increasingly speedy in their attacks and more difficult to detect, organisations are being bogged down by their complex security systems, which they need to be able to utilise flexibly and quickly before it is too late.

The report highlights how these challenges are increasingly difficult to tackle amid the accessibility of data in the cloud. Data can be accessed by users via multiple applications, devices and services, requiring each potential point of entry to have security procedures implemented if they are to be securely airtight.

But 80% of companies feel moderately to very confident in their ability to protect themselves against cyberattacks using existing infrastructure, the study finds. This contradiction suggests a potential oversight in organisations’ abilities to prepare for arising cyber risks as they become increasingly complex and at potentially larger scale. 97% of companies expect to increase their cybersecurity budgets in the next 12 months in efforts to improve their existing strategy.

The findings published in the report will prompt businesses to make the necessary adjustments and investments in greater layers of defence amid an evolving cyber threat landscape.

Read more: The biggest cyber attacks of 2023