2023 Cybersecurity Readiness Index - Cisco
2023 Cybersecurity Readiness Index
The world has become an ever-moving, hybrid environment where people, devices, applications, and data can be in multiple, changing locations. So what does that mean for an evolving cybersecurity posture?
In Cisco’s Cybersecurity Readiness Index, 6,700 respondents in 27 countries representing more than 18 industries shared how they measured up in solutions across the five core pillars of cybersecurity protection: identity, devices, network, application workloads, and data. The index categorizes companies into four stages of readiness: from Beginner, to Formative, Progressive, and Mature, based on the state of deployment of security solutions.
Resilience in a hybrid world
The five pillars of cybersecurity
Identity
Verify the identity of everyone who tries to access network resources and information.
- Traditional data stores like AD
- Integrated IAM solution
- Privileged Access Management
Devices
Verify all employee and infrastructure devices and protect them from being accessed by bad actors.
- Built-in protections in the OS such as AV and host controls
- Anti-virus with some enhanced features
- End-point protection platform (firewall, malware, USB controls, process viability)
Network
Safeguard people, devices, applications, and data on the network as they are critical to the viability of the company.
- Network segmentation policies based on identity
- Network behavior anomaly detection tools
- Privileged Access Management
- Packet capture and sensor tools
Application Workloads
Protect against application workload attacks that could lead to sensitive data breaches, productivity loss, and irreparable reputation damage.
- Host software firewall
- Endpoint protection capabilities
- DLP
- Application centric protection tools
- Visibility and forensic tools
Data
Protect data from unauthorized access, use, disclosure, disruption, modification, or destruction using robust security measures.
- Encryption tools
- Identification and classification with DLP
- Backup and recovery
- Host IPS & protection tools
Cybersecurity readiness across the world
Global
Global Readiness
???
The four states of maturity
Beginner (Less than 10)
Organizations at the initial stages of deployment of solutions.
Formative (11 – 44)
Some level of deployment but performing below average on cybersecurity readiness.
Progressive (45 – 75)
Considerable level of deployment and performing above average on cybersecurity readiness.
Mature (76 and higher)
Advanced stages of deployment and are most ready to address security risks.
Respondents confirmed whether their companies had solutions in place to meet the challenges of each pillar, and how advanced their deployment plans are.
Readiness scores are derived through the combination of:
- Weighted solution based on its importance to safeguarding its pillar
- Level of advancement for deployment of those solutions
Size and industry matters
“The move to a hybrid world has fundamentally changed the landscape for companies and created even greater cybersecurity complexity. Organizations must stop approaching defense with a mix of point tools and instead, consider integrated platforms to achieve security resilience while reducing complexity. Only then will businesses be able to close the cybersecurity readiness gap.”
Jeetu Patel
EVP and GM, Security and Collaboration
What’s next for companies?
Closing the readiness gap must become a global imperative and a top priority for business leaders.
Organizations need security resilience, focusing on what matters most and anticipating what is coming down the road. Resilience is already under consideration within financial, operational, organizational, and supply chain functions. Security resilience cuts across all of them and should be prioritized.
For business leaders to build secure and resilient organizations, they must establish a baseline of how “ready” they are across the five major security solution pillars. The maturity of security infrastructure, particularly in relation to local and global peers, will ensure that organizations know what they’re strong at and where they can best prioritize resources to improve their ability to be resilient.
About the Survey
Cisco Cybersecurity Readiness Index is based on a double-blind survey of 6700 private sector cybersecurity leaders in 27 global markets.
The research was carried out by an independent research company between August to September 2022.
The respondents are drawn from over 18 industries: business services, construction, education, engineering, design, architecture, financial services, healthcare, manufacturing, media & communications, natural resources, personal care & services, real estate, restaurant services, retail, technology services, transportation, travel services, wholesale, and ‘others’.
Methodology
The scores for each company were derived from the scale of deployment of various capabilities in each of the five pillars.
The scale of deployment was highlighted by respondents in a double-blind survey conducted by an independent third-party. The scores for each pillar were then put together - based on weighted importance of each pillar - to arrive on an overall score for each company in individual markets.
The companies are placed in four stages of readiness based on their overall score:
- Beginner: These are companies that have a score of less than 10 (out of a maximum of 100) for overall readiness.
- Formative: Those that have a score of between 11 and 44.
- Progressive: Those with a score of between 45 and 75.
- Mature: Those with a score higher than 76.
Related resources
