UK plc going backwards on cyber maturity, Cisco report claims
Date of creation: March 31, 2024, 12:44 p.m. From SITE: https://www.computerweekly.com Original page link
Original page content UK organisations appear to be going backwards when it comes to their levels of cyber security maturity, with just 2% of organisations attaining the levels of expertise and resilience to stand up to today’s risk landscape, down from 17% in 2023, according to a Cisco study - even though 70% of respondents said a cyber incident was likely to disrupt their business in the next 12 to 24 months. In the second annual Cisco cybersecurity readiness index, the network and security supplier revealed that although there is appetite to spend – 96% of respondents expect to increase their security budgets in the next 12 months – the rapid evolution of the cyber landscape means they are struggling to defend their systems from online threats. Furthermore, said Cisco, 78% said they were confident their current setup was capable of defending against a cyber attack - a massive disparity against overall maturity which suggests many have a misplaced sense of their own abilities, and may be failing to properly assess the challenges and risks they face. Worse still, many are being slowed down by their existing, overly complex security postures, which are still dominated by a plethora of point solutions. This complexity is further compounded by the post-Covid hybrid working landscape. “We cannot underestimate the threat posed by our own overconfidence,” said Jeetu Patel, Cisco executive vice president and general manager of security and collaboration. “Today's organisations need to prioritise investments in integrated platforms and lean into AI to operate at machine scale and finally tip the scales in the favour of defenders.” Five pillars Cisco’s study ranks companies against five pillars – identity intelligence, network resilience, machine trustworthiness, cloud reinforcement, and artificial intelligence (AI) fortification, which together encompasses solutions and capabilities drawn from its portfolio. Respondents, who comprised 8,000 cyber and business leaders in 30 markets, were asked to indicate which of said solutions and capabilities they had deployed, and what stage they were at. Based on this double-blind survey, Cisco classified them into four stages of readiness: beginner, formative, progressive and mature. The data shows that 72% of UK organisations fall into the first two stages of readiness – a cause of concern given a similar number expect to fall victim to a cyber attack, and 54% had experienced one in the past year, costing upwards of £237,000 on average. Cisco said it was clear that traditional approaches to adopting multiple cyber security point solutions was no longer effective, with the majority of respondents admitting that their set-ups slowed them down when it came to detecting, responding to and recovering from incidents. Worldwide, almost 70% of respondents had deployed more than 10 point solutions in their cyber stacks, and almost 30% had over 30. Other areas of concern highlighted in the report included a tendency to be lax when it came to letting employees access company platforms from unmanaged devices, and a now-critical cyber talent shortage making it harder to recruit people who can help manage security effectively. This is a global issue that does not just affect the UK – 41% of the total sample said they had over 10 vacant security roles. Time to buy But as noted, the report did identify the potential for investment, and respondents did seem to be aware of the problems that they were facing, with 96% saying they would up their cyber budgets this year, 82% by a factor of over 10%. A total of 47% of the global sample said they would significantly upgrade their IT infrastructure over the next two years, up from 31% who said this in 2023, and 55% were looking to AI to help manage cyber challenges. Cisco concluded that to overcome the challenges they face more effectively, organisations should be accelerating more meaningful security investments, including innovative measures such as AI, taking a more platform-based approach, paying more attention to network resilience, and attempting to bridge the skills gap. Read more about security investment plans Cyber security services and technology will once again be the focus of major investment across EMEA during 2024, according to the latest Technology Spending Intentions study from TechTarget and ESG. The TechTarget and ESG spending intentions survey finds big bias towards averting risk and building organisational resilience, but on-premise storage is a significant planned outlay. | Fewer UK organisations believe their cyber security postures have reached a mature level than did so 12 months ago, as they struggle to keep up with new challenges and a fast-evolving threat landscape
Date of avatar: March 31, 2024, 6:45 p.m.
Tags: network resilience, cyber incident, online threats, security setup, complex security postures, identity intelligence, ai fortification, threat landscape, uk organisations, machine trustworthiness, platform-based approach, hybrid working landscape, ai, cloud reinforcement, security budgets, cyber talent shortage, integrated platforms, declining cyber security maturity
Content: # Part 1: Declining Cyber Security Maturity in UK Organisations According to a recent study by Cisco, UK organisations are experiencing a decline in their levels of cyber security maturity. Only 2% of organisations have achieved the expertise and resilience necessary to combat today's risk landscape, down from 17% in 2023. This is concerning considering that 70% of respondents believe a cyber incident is likely to disrupt their business in the next 12 to 24 months. # Part 2: Challenges Faced by UK Organisations While there is a willingness to invest in cyber security, with 96% of respondents planning to increase their security budgets in the next 12 months, organisations are struggling to defend their systems against online threats. The rapidly evolving cyber landscape is making it difficult for them to keep up. Surprisingly, 78% of respondents express confidence in their current security setup's ability to defend against a cyber attack. This overconfidence suggests that many organisations are not accurately assessing the challenges and risks they face. Additionally, existing complex security postures and a multitude of point solutions are slowing down organisations and hindering their ability to effectively defend against cyber threats. The hybrid working landscape post-Covid has only further compounded these challenges. # Part 3: Recommendations for Strengthening Cyber Security Cisco emphasizes the need for organisations to prioritize investments in integrated platforms and leverage AI to operate at machine scale. To address the declining cyber security maturity, organisations should focus on the five pillars identified in Cisco's study: identity intelligence, network resilience, machine trustworthiness, cloud reinforcement, and AI fortification. These pillars encompass solutions and capabilities that organizations can draw from Cisco's portfolio. It is crucial for UK organisations to move beyond traditional approaches of deploying multiple point solutions and instead adopt a more platform-based approach. Additionally, attention should be given to network resilience and bridging the cyber talent shortage through innovative measures such as AI. By taking these steps, organisations can strengthen their cyber security and better protect themselves against the evolving threat landscape.
Date of avatar: March 31, 2024, 12:56 p.m.
Tags: confidence, five pillars, study, online threats, complex security systems, expertise, artificial intelligence ai, hybrid working, ai fortification, identity intelligence, skills gap., cyber incident, cyber security efforts, resilience, investment, network resilience, cyber attack, point solutions, readiness stages, global shortage of cyber talent, machine trustworthiness, uk organizations, cloud reinforcement, integrated platforms, platform-based approach, cisco, unmanaged devices, security budgets
Content: UK organizations are falling behind in their cyber security efforts, with only 2% achieving a high level of expertise and resilience, down from 17% in 2023, according to a study by Cisco. Despite 70% of respondents acknowledging the likelihood of a cyber incident disrupting their business in the next 12 to 24 months, organizations are struggling to defend against online threats due to the rapidly evolving cyber landscape. Although 96% of respondents plan to increase their security budgets in the next year, many are hindered by complex security systems and a misplaced sense of confidence in their abilities. Additionally, the shift to hybrid working post-Covid has further complicated matters. To address these challenges, organizations need to invest in integrated platforms and leverage artificial intelligence (AI) to operate at scale. The study ranks companies based on five pillars, including identity intelligence, network resilience, machine trustworthiness, cloud reinforcement, and AI fortification. It is concerning that 72% of UK organizations fall into the beginner or formative stages of readiness, especially considering that a similar number expect to experience a cyber attack. Traditional approaches of deploying multiple point solutions are no longer effective, and organizations need to prioritize a more platform-based approach. The report also highlights concerns around employees accessing company platforms from unmanaged devices and the global shortage of cyber talent. Despite these challenges, organizations recognize the need for investment, with 96% planning to increase their cyber budgets and 55% looking to AI for help. To overcome these challenges effectively, organizations should accelerate meaningful security investments, embrace AI, prioritize network resilience, and bridge the skills gap.
Date of avatar: March 31, 2024, 12:55 p.m.
Tags: security systems, business disruption, online threats, covid, cyber incident, cyber security, cyber landscape, hybrid working, defense capabilities, ai, cisco study, uk organizations, investments, integrated platforms
Content: A recent Cisco study has found that only 2% of UK organizations have achieved a high level of cyber security maturity, down from 17% in 2023. Despite this, 70% of respondents believe that a cyber incident is likely to disrupt their business within the next 12 to 24 months. The study also revealed that while organizations are willing to invest in cyber security, they are struggling to defend against online threats due to the rapid evolution of the cyber landscape. Many organizations have a misplaced sense of their own abilities and are failing to properly assess the challenges and risks they face. The complexity of existing security systems and the shift to hybrid working post-Covid are further complicating the situation. Cisco recommends that organizations prioritize investments in integrated platforms and leverage AI to operate at machine scale and improve their defense capabilities.