Developed countries lag emerging markets in cybersecurity readiness

Organizations in developed countries are not as prepared for cybersecurity incidents compared to those in developing countries, according to Cisco’s Cybersecurity Readiness Index, released today.

Countries that were found to be most mature in their overall cybersecurity readiness included Asia-Pacific countries such as Indonesia, with 39% of organizations in what Cisco considers a “mature stage” of security preparedness; Philippines and Thailand, both with 27% of organizations in the mature stage; and India, with 24% of organizations in the mature stage. 

On the other hand, organizations in richer countries fared much worse in the survey. For instance, only 5% of organizations in Japan were in the mature stage of cybersecurity readiness, while 7% of organizations in South Korea were in the mature stage, according to the Cisco report.

A similar trend was observed in the US, with only 13% of organizations fully ready to tackle cybersecurity incidents, according to the report. Meanwhile, only 9% of organizations in Canada, and 12% in Mexico, were found to be in the mature stage. 

Tech debt causes lack of cybersecurity preparedness

The drastic difference in cybersecurity preparedness between developed and developing nations is likely because organizations in emerging markets started adopting digital technology more recently compared to their peers in developed markets. “That means many of these companies do not have legacy systems holding them back, making it relatively easier to deploy and integrate security solutions across their entire IT infrastructure,” the report said, adding that technology debt — the estimated cost or assumed impact of updating systems — continues to be a major driver of the readiness gap. 

The Cisco Cybersecurity Readiness Index categorizes companies in four stages of readiness — beginner, formative, progressive, and mature. The report is based on a survey of 6,700 cybersecurity leaders in 27 global markets. 

The survey found that 47% of organizations fall into the formative category, where they have taken some of the basic steps to protect themselves, 30% are in the progressive stage, 8% in the beginner stage, and only 15% in the mature stage. 

About 82% of security leaders globally said that cybersecurity incidents are likely to disrupt their businesses over the next 12 to 24 months. 

Almost 60% of security leaders said they had experienced some kind of cybersecurity incident in the last 12 months. The incidents cost 71% of affected organizations at least $100,000, with 41% incurring an overall cost of $500,000 or more, the Cisco report said. 

“We have an alarming cybersecurity readiness gap, and it’s only going to widen if global business and security leaders don’t pivot quickly,” Cisco said in its report. 

Cisco’s 5 pillars of cybersecurity readiness 

Cisco categorized organizations based on five pillars of cybersecurity readiness: for identity, devices, network, application workloads, and data.

Identity management was recognized as the most critical area of concern. Close to three in five respondents, or 58% of organizations, were either in the formative or beginner category for identity management. However, 95% were at least at some stage of deployment with an appropriate ID management application, the report said. 

For network protection, 56% of organizations were at the lower end of the readiness spectrum. “That indicates many are in the early stages of deploying solutions although the good news is that half of our respondents (50%) plan to finalize deployments within the next 12 months,” Cisco said in its report. 

Almost a third of organizations, or 31%, fall into the readiness category, and about 97% of organizations have deployed a system to protect application workloads. 

When it comes to protecting data, 98% of respondents had applications in place, with 67% choosing to encrypt data or ensure that they are able to back up and recover lost data. Almost 94% had either partially or fully deployed these systems. 

“Deployments of some solutions, particularly those for identity, devices and networks, are not being rolled out as quickly as they could, leaving some organizations vulnerable to attack,” Cisco said in its report. 

Organizations to increase cybersecurity budgets

While many global organizations were found to have low levels of preparedness for cybersecurity attacks, most of them said they were planning to increase investments in cybersecurity over the coming months. 

Almost 86% of organizations said they have plans to increase their cybersecurity budgets by at least 10% over the next 12 months, the report said.

Most organizations are already thinking about resilience in their financial, operational, organizational, and supply chain functions. “What organizations need is security resilience, where security is foundational to business strategy and is collectively prioritized throughout the organization, allowing companies to better anticipate threats and bounce back faster when a threat becomes real,” the report said. 

Almost 53% of organizations categorized as mature said they were very confident in the ability to stay resilient against potential cyberattacks in the next 12 to 24 months. Only 30% of companies in the beginner stage and 34% in the formative stage felt the same.