Only 23% of COmpanies are Ready to Defend Against Cybersecurity Threats

Readiness is critical: 90% of respondents said they expect a cybersecurity incident to disrupt their business in the next 12 to 24 months

• The cost of being unprepared can be substantial: 64% of respondents said they had a cybersecurity incident in the last 12 months, which cost at least US $500,000​​for 45%of organizations affected 
• Companies are gearing up to be better prepared: 89% of respondents said their organizations plan to increase their cybersecurity budget by at least 10% over the next 12 months

Only 23% of organizations in Southeast Asia have the ‘Mature’ level of readiness needed to be resilient against today’s modern cybersecurity risks, according to Cisco’s (NASDAQ: CSCO) first-ever Cybersecurity Readiness Index released today. The index has been developed against the backdrop of a post-COVID, hybrid world, where users and data must be secured wherever work gets done. The report highlights where businesses are doing well and where cybersecurity readiness gaps will widen if global business and security leaders don’t take action.

Organizations have moved from an operating model that was largely static – where people operated from single devices from one location, connecting to a static network – to a hybrid world in which they increasingly operate from multiple devices in multiple locations, connect to multiple networks, access applications in the cloud and on the go, and generate an enormous amount of data. This presents new and unique cybersecurity challenges for companies.

Cisco Cybersecurity Readiness Index: Resilience in a Hybrid World

Titled, Cisco Cybersecurity Readiness Index: Resilience in a Hybrid World, the report measures the readiness of companies to maintain cybersecurity resilience against modern threats. These measures cover five core pillars that form the baseline of required defenses: identity, devices, network, application workloads, and data, and encompasses 19 different solutions within the pillars.

Conducted by an independent third-party, the double-blind survey asked 6,700 private sector cybersecurity leaders across 27 markets including 6 markets in Southeast Asia – Indonesia, Malaysia, the Philippines, Singapore, Thailand and Vietnam – to indicate which of these solutions they had deployed and the stage of deployment. Companies were then classified into four stages of increasing readiness: Beginner, Formative, Progressive and Mature.

• Beginner (Overall score of less than 10): At initial stages of deployment of solutions
• Formative (Score of between 11 – 44): Have some level of deployment, but performing below average on cybersecurity readiness
• Progressive (Score of between 45 – 75): Considerable level of deployment and performing above average on cybersecurity readiness
• Mature (Score of 76 and higher): Have achieved advanced stages of deployment and are most ready to address security risks

Alongside the stark finding that only 23% of companies in Southeast Asia are at the Mature stage, almost half (44%) of companies fall into the Beginner (5%) or Formative (39%) stages – meaning they are performing below average on cybersecurity readiness. Globally, 15% of companies are at a Mature stage.   

This readiness gap is telling, not least because 90% of respondents said they expect a cybersecurity incident to disrupt their business in the next 12 to 24 months. The cost of being unprepared can be substantial, as 64% of respondents said they had a cybersecurity incident in the last 12 months, and 45% of those affected said it cost them at least US $500,000.

“Security resilience is non-negotiable today as organizations operate in a hybrid, always-on world. Organizations must take notable steps to close the security readiness gap as the threat landscape evolves and expands. While companies in ASEAN are doing better than their global counterparts on their levels of security preparedness, more needs to be done,” said Bee Kheng Tay, President, ASEAN, Cisco. “As the ASEAN region gears up to become the fourth largest economy by 2030, the index is a reality check for organizations to ensure that cybersecurity is foundational to any digitalization effort to bolster growth and innovation.”

Business leaders must establish a baseline of ‘readiness’ across the five security pillars to build secure and resilient organizations. This need is especially critical given that 90% of the respondents plan to increase their security budgets by at least 10 percent over the next 12 months. By establishing a base, organizations can build on their strengths and prioritize the areas where they need more maturity and improve their resilience.

“Organizations today operate in an app-driven, interconnected world that has created even greater cybersecurity complexity. With companies in ASEAN being least mature in the protection of identity and application workloads, business leaders need to make a conscious effort to protect critical data and their range of platforms and services, or risk enormous losses for the business and consumers. Taking an integrated platform approach to security which entails a zero-trust strategy, full-stack observability, and end-to-end visibility can help organizations achieve security resilience while reducing complexity in a hybrid world,” said Juan Huat Koo, Cybersecurity Lead, ASEAN, Cisco.

Other key findings of the index include:

Readiness across the five key pillars

• Identity: Only 25% of organizations are ranked Mature
• Devices: While this has the highest percentage of companies in the Mature stage at 39%, close to half (47%) are in the Beginner or Formative stages  
• Network Security: Companies are lagging on this front with 45% of organizations in the Beginner or Formative stages  
• Application Workloads: This is the pillar where companies are the least prepared, with 54% of organizations in the Beginner or Formative stages  
• Data: Although more than half (57%) of companies are in the Mature or Progressive stage, progress is needed as 16% are in the Beginner category