2023 Cybersecurity Readiness Index - Cisco

2023 Cybersecurity Readiness Index

The world has become an ever-moving, hybrid environment where people, devices, applications, and data can be in multiple, changing locations. So what does that mean for an evolving cybersecurity posture?

In Cisco’s Cybersecurity Readiness Index, 6,700 respondents in 27 countries representing more than 18 industries shared how they measured up in solutions across the five core pillars of cybersecurity protection: identity, devices, network, application workloads, and data. The index categorizes companies into four stages of readiness: from Beginner, to Formative, Progressive, and Mature, based on the state of deployment of security solutions.

Resilience in a hybrid world

?
Only 15% of organizations globally have a cybersecurity posture ‘Mature’ enough to defend against risks of a hybrid world.
?
Readiness is critical as 82% of respondents said they expect a cybersecurity incident in the next 12 to 24 months.
?
The cost of being unprepared can be substantial costing 41% of organizations affected at least $500,000.
?
Companies are gearing up to be better prepared, as 86% of organizations plan to increase their cybersecurity budget by at least 10% over the next 12 months.

The five pillars of cybersecurity

Identity

Verify the identity of everyone who tries to access network resources and information.

  • Traditional data stores like AD
  • Integrated IAM solution
  • Privileged Access Management

Devices

Verify all employee and infrastructure devices and protect them from being accessed by bad actors.

  • Built-in protections in the OS such as AV and host controls
  • Anti-virus with some enhanced features
  • End-point protection platform (firewall, malware, USB controls, process viability)

Network

Safeguard people, devices, applications, and data on the network as they are critical to the viability of the company.

  • Network segmentation policies based on identity
  • Network behavior anomaly detection tools
  • Privileged Access Management
  • Packet capture and sensor tools

Application Workloads

Protect against application workload attacks that could lead to sensitive data breaches, productivity loss, and irreparable reputation damage.

  • Host software firewall
  • Endpoint protection capabilities
  • DLP
  • Application centric protection tools
  • Visibility and forensic tools

Data

Protect data from unauthorized access, use, disclosure, disruption, modification, or destruction using robust security measures.

  • Encryption tools
  • Identification and classification with DLP
  • Backup and recovery
  • Host IPS & protection tools

Cybersecurity readiness across the world

Global

vs.

Global Readiness

8% Beginner
47% Formative
30% Progressive
15% Mature

The four states of maturity

Beginner (Less than 10)

Organizations at the initial stages of deployment of solutions.

Formative (11 – 44)

Some level of deployment but performing below average on cybersecurity readiness.

Progressive (45 – 75)

Considerable level of deployment and performing above average on cybersecurity readiness.

Mature (76 and higher)

Advanced stages of deployment and are most ready to address security risks.

Respondents confirmed whether their companies had solutions in place to meet the challenges of each pillar, and how advanced their deployment plans are.

Readiness scores are derived through the combination of:

  • Weighted solution based on its importance to safeguarding its pillar
  • Level of advancement for deployment of those solutions

Size and industry matters

?

Healthcare, financial services, and retail are the most prepared industries in their cybersecurity readiness, with an average of 20% in a Mature state.

?

Transportation and media industries are the least ready, with a little over 16% and 15% of organizations falling into the Beginner category.

?

Only 17% of larger businesses (1,000+ employees) are at a Mature stage of overall readiness, over 55% are either in a Beginner or Formative stage.

?

Mid-sized companies (250 to 1,000 employees) are best prepared with more organizations in the Mature category (19%) than their larger competitors, and more in the Progressive category (31%) too.

?

Smaller organizations (up to 250 employees) are less ready with only 10% companies in the Mature category, and more than 50% dropping into the underperforming, Formative category.

The move to a hybrid world has fundamentally changed the landscape for companies and created even greater cybersecurity complexity. Organizations must stop approaching defense with a mix of point tools and instead, consider integrated platforms to achieve security resilience while reducing complexity. Only then will businesses be able to close the cybersecurity readiness gap.

Jeetu Patel
EVP and GM, Security and Collaboration

What’s next for companies?

Closing the readiness gap must become a global imperative and a top priority for business leaders.

Organizations need security resilience, focusing on what matters most and anticipating what is coming down the road. Resilience is already under consideration within financial, operational, organizational, and supply chain functions. Security resilience cuts across all of them and should be prioritized.

For business leaders to build secure and resilient organizations, they must establish a baseline of how “ready” they are across the five major security solution pillars. The maturity of security infrastructure, particularly in relation to local and global peers, will ensure that organizations know what they’re strong at and where they can best prioritize resources to improve their ability to be resilient.

View full report

About the Survey

Cisco Cybersecurity Readiness Index is based on a double-blind survey of 6700 private sector cybersecurity leaders in 27 global markets.

The research was carried out by an independent research company between August to September 2022.

The respondents are drawn from over 18 industries: business services, construction, education, engineering, design, architecture, financial services, healthcare, manufacturing, media & communications, natural resources, personal care & services, real estate, restaurant services, retail, technology services, transportation, travel services, wholesale, and ‘others’.

Methodology

The scores for each company were derived from the scale of deployment of various capabilities in each of the five pillars.

The scale of deployment was highlighted by respondents in a double-blind survey conducted by an independent third-party. The scores for each pillar were then put together - based on weighted importance of each pillar - to arrive on an overall score for each company in individual markets.

The companies are placed in four stages of readiness based on their overall score:

  • Beginner: These are companies that have a score of less than 10 (out of a maximum of 100) for overall readiness.
  • Formative: Those that have a score of between 11 and 44.
  • Progressive: Those with a score of between 45 and 75.
  • Mature: Those with a score higher than 76.

Related resources

Cisco’s second annual Cybersecurity Readiness Index is an updated guide that assesses how ready organizations are to face today’s cybersecurity risks.
New Cisco study finds only 15% of companies surveyed are ready to defend against cybersecurity threats.
A look at how organizations are safeguarding against complex threats in a hybrid world.
Get guidance on how to design a cybersecurity framework tailored to your specific business needs.
Discover the latest cyber threat intelligence and key security trends, security insights, and key findings.
Learn more about how Cisco empowers businesses to withstand today's unpredictable threats.
Get more information on Cisco Secure network security products.
Read about today's top threats, trends, and the leading techniques to protect against them.