How resilient is your cybersecurity posture?

How prepared is your organization for today’s cyber threats? What about tomorrow’s? If you’re uncertain or leaning negative, you’re far from alone. A survey of 6,700 private sector cybersecurity leaders finds that only 15% can be classified as having a mature readiness posture.

Cisco’s first-ever Cybersecurity Readiness Index measures the readiness of companies worldwide to maintain cybersecurity resilience across the five core pillars that form the baseline of required defences:

• Identity
• Devices
• Network security
• Application workloads
• Data

With 82% of respondents saying they expect a cybersecurity incident to disrupt their business in the next 12 to 24 months, the widespread lack of maturity across these pillars is discomforting.

Organizations aiming to keep bad actors at bay must pivot from an outdated solutions-based cybersecurity posture to a more holistic approach that stresses resiliency and integration.

The growth of hybrid work and hybrid environments has accelerated the move away from static defense strategies that relied primarily on creating a perimeter around IT assets. IT organizations must be able to extend protection across multiple devices in multiple locations, connecting to multiple networks.

“For business leaders to build secure and resilient organizations, they must establish a baseline of how ‘ready’ they are across the five major security pillars,” asserts Cisco’s report on the survey results. “The maturity of security infrastructure, particularly in relation to local and global peers, will help organizations identify what areas they are strong in and where they can best prioritize resources to improve their ability to be resilient.”

What stage is your organization?

The good news from the report is that in addition to a small portion of mature companies in advanced stages of deployment across the five pillars, another 30% of organizations were classified as having considerable levels of deployment and to be performing above average on cybersecurity readiness. Still, that leaves 47% in the “formative” stage, with some level of deployment and performing below average. Another 8% were assessed in a beginner category of readiness.

There is no silver bullet for cybersecurity readiness and every organization needs to invest in cybersecurity solutions based on their needs and investment priorities. Knowing where your organization measures up in each of those five pillars makes it easier to see where your gaps are. That may enable you to figure out how to get more resiliency by adjusting what you are already doing. In other cases, it may reveal potentially serious weaknesses that need to be quickly addressed.

Almost all of those surveyed – 95% – have implemented some type of identity management solution, for example. But there is a considerable variation in the levels of maturity, with 58% in either the formative or beginner stages.

In assessing your own readiness, a good first step is to decide which of the five pillars are most important for your organization and how your state of readiness aligns with your business needs.

Next, determine where you fit on the maturity scale and develop an action plan to move from where you are today, to where you want to get to. As you begin climbing the maturity skill ladder, you’ll also be increasing your resiliency and ability to respond faster to threats and attacks. For example, detection and response solutions span all five pillars identified in the Cisco report, so every advance in that area improves your ability to detect an adverse event more quickly.

Check out the full Cybersecurity Readiness Index.