Threat Preparedness: Not Ready for Prime Time

Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• IT security preparedness may not be where it should be, but organizations are keenly aware of the threat. Some 82% of those surveyed in Cisco Cybersecurity Readiness Index said cybersecurity incidents are likely to disrupt their businesses over the next 12 to 24 months.

• Nearly 60% had been hit by a security breach in the last 12 months.

Enterprise cybersecurity awareness is at an all-time high as challenges associated with protecting IT resources and organizations across most industries building out end user security training. However, even with increasing education, a surprisingly high percentage of organizations are still underprepared to mount a strong defense against cyber threats. In Cisco’s first ever Cybersecurity Readiness Index, based on metrics across five pillars of IT security (identity, devices, network, application workloads, and data) and the implementation stage of 19 security solutions with those, only 15% of the 6,700 were met the requirements to be considered as “mature” in their cyber readiness. Thirty percent were rated “progressive” in their preparedness. Forty-seven percent were categorized as formative in their security implementations. And eight percent are very early in their security journeys, with a beginner ranking.

This is all the more surprising given that 60% of the surveyed enterprises suffered a cybersecurity incident in the last 12 months. And these were often costly with 71% saying the incident cost them at least $100,000 and 41% pegging the expense at $500,000 or more.

Preparedness is linked to a degree to the organization’s industry, and how much is at stake in the event of a breach. Twenty-one percent of retail organizations were rated as mature in cyber readiness while 19% of institutions in financial services and 18% of healthcare organizations achieved that designation.

There is also a variance in the maturity of readiness by individual pillar that maps to level of risk associated with it. The lack of effective identity management was cited the most often as the top risk. To that end, 95% of organizations have deployed an identity management solution.

There is a silver lining in that corporate awareness of the underwhelming level of readiness in most enterprises is making future security investments a priority. Eighty-six percent of enterprises say they are raising their cybersecurity budgets by more than 10% in the next year.

What do you think?

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.