Today’s digital landscape sees an increasingly connected world, which brings untold opportunities but also significant dangers.
The devastating consequences of cyber-attacks cannot be underestimated, with the potential for financial loss, data breaches, intellectual property theft and business interruption, as well as damaged reputations.
Yet, a new, double-blind survey conducted by Cisco has unveiled a startling truth: few companies around the world are fully armed against cyber-attacks. And that is even more true in Europe with only 9 per cent of organisations identifying as ‘Mature’ to be resilient against cyber risks (compared to 15 per cent globally).
The urgency to act across processes and technologies
The Cisco Cybersecurity Readiness Index (CRI) highlights where businesses are doing well and where cybersecurity gaps will widen if businesses, security, and policy leaders don’t act quickly.
European policymakers know it as they have significantly intensified actions to level up the EU’s cybersecurity across the board: from critical infrastructure, to public administration, to consumer product cybersecurity obligations to name just a few.
In recent years, businesses have moved away from a static operating model, in which information is contained to a single network or building, to a vast interconnected grid spanning multiple locations. This opens up vulnerabilities whilst cyber-attacks get increasingly sophisticated.
Cyber-attacks: not if but when
The cyber readiness gap is telling: 77 per cent of respondents in Europe said they expect a cybersecurity incident to disrupt their business in the next 12 to 24 months. Next to that, over half (52 per cent) of respondents said they had experienced a cybersecurity incident in the past 12 months.
With 81 per cent of respondents planning to increase their security budgets by at least 10 per cent, European business leaders understand they need to do more to be cyber resilient. Because not doing anything comes at a higher cost. In Europe, 32 per cent of those affected by an attack said it cost them at least US $500,000.
The primary cybersecurity risks: identity management
In the hybrid work environment, it is critical for companies to be able to verify the identity of those connecting to the network or company devices.
A quarter of respondents cited identity management as the primary cybersecurity risk. Reassuringly, almost all respondents have deployed some measures to ensure that only authorized users can access sensitive information, such as multi-factor authentication.
Yet, the data from the CRI suggests that most companies need to implement further measures, and quickly, if they are to avoid major incidents. 20 per cent of leaders globally, and only 14 per cent within Europe, displayed full preparedness to deal with cyber threats of this kind.
Far reaching risks from hybrid networks
At the root of today’s connectivity lies the concept of a global hybrid network, which generates obvious and far-reaching potential risk factors. Securing local and company digital infrastructure is a crucial element of ensuring cyber safety.
Networks are vulnerable in several ways. If not secured properly, hackers can gain access to sensitive information. Malware and viruses, which often enter a system via an email attachment, a link, or a malicious website, pose another danger and can easily self-propagate through entire networks.
Further network problems include denial of service attacks, in which a network is overwhelmed with traffic.
The CRI found that whilst most organisations were at least partly prepared, very few were completely equipped, with only 19 per cent classified as ‘mature’ globally.
Protecting data, protecting reputation, protecting trust
Another focus of Cisco’s survey is data protection. Businesses have a duty, often enshrined in law, to protect customer data. Data breaches can expose confidential information and disrupt businesses, and perhaps most importantly result in damaging a company’s reputation. Trust can be difficult to regain.
The vast majority of the companies surveyed explicitly recognize the serious implications of a failure to safeguard data, with 50 per cent showing a good level of preparedness. Around 22 per cent are still considered to be at the ‘beginner’ stage, however, showing huge scope for improvement.
The next steps
Facing the increasingly complex and frequent challenges of cybersecurity is an essential component for the smooth running of almost any organisation. Cloud security, regular testing and firewalls are examples that should feature in any company toolkit.
Like in many things, there is no silver bullet for cybersecurity readiness. Each organisation needs to invest in cybersecurity based on its own needs. Knowing where the organisation measures up or down makes it easier to see where the gaps are. Cisco’s CRI is intended as a tool to help build resilience as it identifies areas for improvement, provides pointers for potential weaknesses that need to be quickly addressed or investment priorities.
The Index is the result of a survey, which asked private sector leaders across industries and regions to evaluate the preventative cybersecurity measures in place within their companies and to identify areas for improvement.
Whilst this Cisco research acts as a wake-up call, it is not enough to shore up technology. People are another essential pillar of cybersecurity, and the cybersecurity skills gap is enormous. Leaders need to address this gap to ensure digital tools can continue to be used safely. It is critical to the long-term social inclusion and economic resilience of Europe.