A new report by technology firm Cisco reveals that just 11% of companies in Australia are at a “mature” level of readiness to defend against cybersecurity threats. The Cisco Cybersecurity Readiness Index, which surveyed 6,700 cybersecurity leaders across 27 markets, found that more than half of Australian companies fall into the “beginner” or “formative” stages of deployment, meaning they are performing below average on cybersecurity readiness.
The report, titled “Cisco Cybersecurity Readiness Index: Resilience in a Hybrid World”, measures the readiness of companies across five core pillars that determine cybersecurity resilience: identity, devices, network, application workloads, and data, and 19 different solutions across these pillars.
According to the report, the move to a hybrid working model, where people operate from multiple devices in multiple locations and access applications in the cloud and on the go, presents new and unique cybersecurity challenges for companies. This is particularly concerning given that 92% of respondents said they expect a cybersecurity incident to disrupt their business in the next 12 to 24 months.
“The move to hybrid working has fundamentally shifted the landscape of security readiness, and we are moving towards a progressive style of maturity – that’s good news. There is more to do together, as organisations, partners, and communities to continue the upwards trajectory,” said Corien Vermaak, Cisco Australia & New Zealand’s Head of Cybersecurity.
The cost of being unprepared can be substantial, as 70% of respondents said they had a cybersecurity incident in the last 12 months, and 69% of those affected said it cost them at least AUD $740,000+. However, the report also found that 91% of respondents plan to increase their security budgets by at least 10% over the next 12 months.
“Business leaders must establish a baseline of ‘readiness’ across the five security pillars to build secure and resilient organisations. This need is especially critical given that 91% of the respondents plan to increase their security budgets by at least 10 percent over the next 12 months,” said the report.
The report also highlighted the areas where Australian companies are progressing relative to maturity, with fewer organisations in the “beginner” space and more in the “progressive” stage. However, there is still more to be done to improve cybersecurity hygiene and ensure sustainability.
“There is an opportunity for the public and private sectors to work more closely in order to continue to improve in cybersecurity readiness, such as educating multiple areas of the business and not just the immediate team and users. The cybersecurity skills gap also needs addressing and is key to our response to improving cybersecurity maturity and ensuring it is sustainable,” said Vermaak.
The report also found that readiness varied across the five key pillars. Devices had the highest percentage of companies in the mature stage at 26%, while application workloads had the lowest percentage, with 67% of organisations in the beginner or formative stages. Only 23% of organisations were ranked mature in the identity pillar, while progress was needed in the data pillar, with only 17% of companies in the mature stage.
In summary, the Cisco Cybersecurity Readiness Index highlights the cybersecurity readiness gap in Australia and the need for companies to establish a baseline of readiness across the five security pillars to build secure and resilient organisations. It also highlights the importance of addressing the cybersecurity skills gap and working together to improve cybersecurity readiness.