Cisco study shows that few organizations in Canada are prepared to defend against cyber attacks

TORONTO — Only one per cent of organizations in Canada have the ‘Mature’ level of readiness needed to be resilient against modern cybersecurity risks, according to Cisco’s 2024 Cybersecurity Readiness Index.

The 2024 Cisco Cybersecurity Readiness Index was developed in an era defined by hyperconnectivity and a rapidly evolving threat landscape. Companies today continue to be targeted with a variety of techniques that range from phishing and ransomware to supply chain and social engineering attacks. And while they are building defenses against these attacks, they still struggle to defend against them, slowed down by their own overly complex security postures that are dominated by multiple point solutions.

“We cannot underestimate the threat posed by our own overconfidence,” said Jeetu Patel, Executive Vice President and General Manager of Security and Collaboration at Cisco. “Today’s organizations need to prioritize investments in integrated platforms and lean into AI in order to operate at machine scale and finally tip the scales in the favor of defenders.”

The Index assesses the readiness of companies on five key pillars: Identity Intelligence, Network Resilience, Machine Trustworthiness, Cloud Reinforcement, and AI Fortification, which are comprised of 31 corresponding solutions and capabilities. It is based on a double-blind survey of more than 8,000 private sector security and business leaders across 30 global markets conducted by an independent third party. The respondents were asked to indicate which of these solutions and capabilities they had deployed and the stage of deployment. Companies were then classified into four stages of increasing readiness: Beginner, Formative, Progressive and Mature.

Overall, the study found that only one per cent of companies in Canada are ready to tackle today’s threats, with 78 per cent of organizations falling into the Beginner or Formative stages of readiness. Globally, 3 per cent of companies are at a Mature stage. Further:

• Future Cyber Incidents Expected: 63 per cent of respondents said they expect a cybersecurity incident to disrupt their business in the next 12 to 24 months. The cost of being unprepared can be substantial, as 43 per cent of respondents said they experienced a cybersecurity incident in the last 12 months, and 46 per cent of those affected said it cost them at least US$300,000.
• Point Solution Overload: The traditional approach of adopting multiple cybersecurity point solutions has not delivered effective results, as 72 per cent of respondents admitted that having multiple point solutions slowed down their team’s ability to detect, respond and recover from incidents. This raises significant concerns as 62 per cent of organizations said they have deployed ten or more point solutions in their security stacks, while 17 per cent said they have 30 or more.​
• Unsecure and Unmanaged Devices Add Complexity: 78 per cent of companies said their employees access company platforms from unmanaged devices​, and 33 per cent of those spend one-fifth (20 per cent) of their time logged onto company networks from unmanaged devices. ​Additionally, 20 per cent reported that their employees hop between at least six networks over a week.
• The Cyber Talent Gap Persists: Progress is being further hampered by critical talent shortages, with 83 per cent of companies highlighting it as an issue. In fact, 35 per cent of companies said they had more than ten roles related to cybersecurity unfilled in their organization at the time of the survey.
• Future Cyber Investments Ramping Up: Companies are aware of the challenge and are ramping up their defenses with 40 per cent planning to significantly upgrade their IT infrastructure in the next 12 to 24 months. This is a marked increase from just 25 per cent who planned to do so last year. Most prominently, organizations plan to upgrade existing solutions (67 per cent), deploy new solutions (53 per cent), and invest in AI-driven technologies (50 per cent). Further, 96 per cent of companies expect to increase their cybersecurity budget in the next 12 months, and 78 per cent of respondents say their budgets will increase by 10 per cent or more.