Only 1% of organizations ready for cybersecurity risks

Only one percent of organizations in the Philippines have a “mature” level of cybersecurity risk readiness, according to Cisco’s 2024 Cybersecurity Readiness Index. In addition, 67 percent of respondents who participated in the report said a cybersecurity incident would likely disrupt their business in the next 12 to 24 months.

The 2024 Cisco Cybersecurity Readiness Index was developed in an era of hyperconnectivity and a rapidly evolving threat landscape. Companies today continue to be targeted with a variety of techniques, ranging from phishing and ransomware to supply chain and social engineering attacks. While building defenses against these attacks, they still need help to defend against them, slowed down by their overly complex security postures, which are dominated by multiple-point solutions.

These challenges are compounded in today’s distributed working environments, where data can be spread across limitless services, devices, applications, and users. However, 78 percent of companies still feel moderately confident in their ability to defend against a cyberattack with their current infrastructure. This disparity between confidence and readiness suggests that companies may have misplaced confidence in their ability to navigate the threat landscape and may need to assess the scale of their challenges appropriately.

“We cannot underestimate the threat posed by our overconfidence,” said Jeetu Patel, executive vice president and general manager of Security and Collaboration at Cisco. Today’s organizations need to prioritize investments in integrated platforms, lean into AI to operate at machine scale, and finally tip the scales in favor of defenders.”

The Index assesses the readiness of companies on five key pillars: Identity Intelligence, Network Resilience, Machine Trustworthiness, Cloud Reinforcement, and AI Fortification, comprising 31 corresponding solutions and capabilities. It is based on a double-masked survey of over 8,000 private sector security and business leaders across 30 global markets by an independent third party. The respondents were asked to indicate which solutions and capabilities they had deployed and the deployment stage. Companies were then classified into four stages of increasing readiness: Beginner, Formative, Progressive and Mature.

Findings

Overall, the study found that only one percent of companies in the Philippines are ready to tackle today’s threats, with 64 percent of organizations falling into the Beginner or Formative stages of readiness. Globally, 3 percent of companies are at a Mature stage. Further:

Future Cyber Incidents Expected: 67 percent of respondents expect a cybersecurity incident to disrupt their business in the next 12 to 24 months. The cost of being unprepared can be substantial, as 59 percent of respondents said they experienced a cybersecurity incident in the last 12 months, and 36 percent of those affected said it cost them at least $300,000.

Point Solution Overload: The traditional approach of adopting multiple cybersecurity point solutions has yet to deliver effective results, as 76 percent of respondents admitted that having numerous point solutions slowed down their team’s ability to detect, respond, and recover from incidents. This raises significant concerns as 66 percent of organizations said they have deployed ten or more point solutions in their security stacks, while 24 percent said they have 30 or more.

Unsecure and Unmanaged Devices Add Complexity: Eighty-five companies said their employees access company platforms from unmanaged devices, and 38 percent of those spend one-fifth (20%) of their time logged onto company networks from unmanaged devices. Additionally, 34 percent reported that their employees hop between at least six networks weekly.