Businesses overestimating their skills amid cybersecurity crisis, survey reveals

More than seven in ten organisations are performing below average on cybersecurity readiness, yet most – 80 per cent – feel confident that they are resilient, a report has revealed.

The latest edition of Cisco's Cybersecurity Readiness Index has concluded that the growing sophistication of cybersecurity threats is “outstripping” protective measures put in place by companies.

Gathering more than 8,000 responses from private sector business leaders, the survey found personal care and services, education and wholesale industries are those performing the worst in terms of cybersecurity readiness.

More than one in 10 of all respondents are at the beginner stage of their cybersecurity journey, and only three per cent are at an advanced stage. 

Cloud reinforcement and identity intelligence obtained the worst performance scores, with only five per cent or fewer respondents ready to address risks in these areas.

Meanwhile, cyber-security threats continue to grow, with more than half having experienced a cybersecurity incident in the past year and almost three-quarters expecting to be disrupted by one within the next two years.

This report comes after an exclusive Holyrood poll revealed similar figures for the Scottish public sector. The survey revealed almost half – 48 per cent – of public sector technology leaders had suffered a cyber-attack in their workplace, with more than two-thirds saying they worried about cyber-attacks daily.

Among those surveyed for Cisco’s index, more than 60 per cent placed external actors as the biggest threat, an increase compared to 2023’s index where both internal and external threats were seen as almost equal threats

The move to hybrid working has raised significant concerns for companies, with four in 10 employees reportingly spending 20 per cent of their time logged onto company networks from unmanaged devices.

The cyber-security crisis has also caused a financial strain for many, with more than half of those who suffered an incident in the past year, revealing it had cost them at least U$300,000. For one in 10, the figure rose to $1m or more.

In the UK, the estimated average annual cost of cybercrime for businesses stands at around £15,300 per victim, according to the latest UK Government’s Cyber Security Breaches Survey.

Despite the reported over-confidence, more than half of companies are planning to upgrade their IT infrastructure significantly within the next two years – a boost of almost 20 per cent compared to the previous year. However, most – around 90 per cent – said the current talent shortage is a significant barrier to progress.