According to a recent Cisco study, UK organizations are regressing in their levels of cyber security maturity. The study found that only 2% of organizations have the expertise and resilience needed to combat today’s cyber risks, down from 17% in 2023. Despite this, 70% of respondents believe that a cyber incident will likely disrupt their business in the next 12 to 24 months.
The study also revealed that while organizations are willing to spend more on cybersecurity – with 96% of respondents planning to increase their security budgets in the next year – they are struggling to defend their systems against online threats due to the rapidly evolving cyber landscape. Additionally, 78% of respondents expressed confidence in their current security setup’s ability to defend against a cyber attack, despite the overall lack of maturity in their cyber security practices.
The complexity of existing security postures, which are dominated by multiple point solutions, is hindering many organizations. This complexity is further compounded by the post-Covid hybrid working environment. Cisco executive vice president Jeetu Patel warned against overconfidence and emphasized the need for investments in integrated platforms and AI to operate at scale and defend against cyber threats.
Cisco’s study evaluates companies based on five pillars: identity intelligence, network resilience, machine trustworthiness, cloud reinforcement, and AI fortification. The study classified organizations into four stages of readiness: beginner, formative, progressive, and mature. Alarmingly, 72% of UK organizations fell into the first two stages, despite expecting to become victims of cyber attacks. Over half of the organizations surveyed had already experienced a cyber attack in the past year, costing an average of £237,000.
The study highlighted concerns around traditional approaches of deploying multiple point solutions, as they proved ineffective in detecting, responding to, and recovering from cyber incidents. Globally, 70% of respondents had deployed more than 10 point solutions in their cyber stacks, and nearly 30% had over 30.
Other worrisome findings in the report include lax employee access to company platforms from unmanaged devices and the critical shortage of cyber talent, which makes it challenging to recruit individuals who can effectively manage security. This talent shortage is not limited to the UK, as 41% of the global sample reported having over 10 vacant security roles.
Despite these challenges, the report indicated potential for investment and awareness among respondents. 96% of respondents planned to increase their cyber budgets, with 82% planning a budget increase of over 10%. Additionally, 47% of the global sample intended to significantly upgrade their IT infrastructure over the next two years, and 55% were considering the use of AI to manage cyber challenges.
To address these challenges more effectively, Cisco recommended that organizations accelerate meaningful security investments, such as adopting AI and taking a platform-based approach. It also advised organizations to prioritize network resilience and bridge the skills gap in cyber security.
