Only 4 per cent of organizations in India have the ‘mature’ level of readiness needed to be resilient against modern cybersecurity risks, according to Cisco’s 2024 Cybersecurity Readiness Index.

Companies today continue to be targeted with various techniques, ranging from phishing and ransomware to supply chain and social engineering attacks. While they are building defences against these attacks, they still struggle to defend against them, slowed down by their own overly complex security postures, which are dominated by multiple-point solutions.

These challenges are compounded in today’s distributed working environments, where data can be spread across limitless services, devices, applications, and users. However, 88 per cent of companies still feel moderately to very confident in their ability to defend against a cyberattack with their current infrastructure - this disparity between confidence and readiness suggests that companies may have misplaced confidence in their ability to navigate the threat landscape and may not be properly assessing the true scale of the challenges they face.

Gap in security readiness

“In an era witnessing unprecedented proliferation of devices and rising AI-powered cyberattacks, it’s critical that organizations not only increase their investment in cybersecurity but also embrace an integrated platform approach to protect the five key pillars and take steps to reduce their security readiness gap. They must also ensure that AI is integrated into frontline defenses as part of their overall cybersecurity strategy to fortify their defenses against evolving threats, futureproof their operations, and strengthen security resilience in a digital-first world,” Samir Kumar Mishra, Director, Security Business, Cisco India & SAARC.

Overall, the study found that only 4 per cent of companies in India are ready to tackle today’s threats, with 59 per cent of organizations falling into the Beginner or Formative stages of readiness. Globally, 3 per cent of companies are at a Mature stage.

Further, 82 per cent of respondents said they expect a cybersecurity incident to disrupt their business in the next 12 to 24 months. The cost of being unprepared can be substantial, as 74 per cent of respondents said they experienced a cybersecurity incident in the last 12 months, and 55 per cent of those affected said it cost them at least $300,000.

Up to 92 per cent of companies said their employees access company platforms from unmanaged devices​, and 48 per cent of those spend one-fifth (20 per cent) of their time logged onto company networks from unmanaged devices.