UK plc going backwards on cyber maturity, Cisco report claims


UK organisations appear to be going backwards when it comes to their levels of cyber security maturity, with just 2% of organisations attaining the levels of expertise and resilience to stand up to today’s risk landscape, down from 17% in 2023, according to a Cisco study – even though 70% of respondents said a cyber incident was likely to disrupt their business in the next 12 to 24 months.

In the second annual Cisco cybersecurity readiness index, the network and security supplier revealed that although there is appetite to spend – 96% of respondents expect to increase their security budgets in the next 12 months – the rapid evolution of the cyber landscape means they are struggling to defend their systems from online threats.

Furthermore, said Cisco, 78% said they were confident their current setup was capable of defending against a cyber attack – a massive disparity against overall maturity which suggests many have a misplaced sense of their own abilities, and may be failing to properly assess the challenges and risks they face.

Worse still, many are being slowed down by their existing, overly complex security postures, which are still dominated by a plethora of point solutions. This complexity is further compounded by the post-Covid hybrid working landscape.

“We cannot underestimate the threat posed by our own overconfidence,” said Jeetu Patel, Cisco executive vice president and general manager of security and collaboration.

“Today’s organisations need to prioritise investments in integrated platforms and lean into AI to operate at machine scale and finally tip the scales in the favour of defenders.”

Five pillars

Cisco’s study ranks companies against five pillars – identity intelligence, network resilience, machine trustworthiness, cloud reinforcement, and artificial intelligence (AI) fortification, which together encompasses solutions and capabilities drawn from its portfolio. Respondents, who comprised 8,000 cyber and business leaders in 30 markets, were asked to indicate which of said solutions and capabilities they had deployed, and what stage they were at. Based on this double-blind survey, Cisco classified them into four stages of readiness: beginner, formative, progressive and mature.

The data shows that 72% of UK organisations fall into the first two stages of readiness – a cause of concern given a similar number expect to fall victim to a cyber attack, and 54% had experienced one in the past year, costing upwards of £237,000 on average.

Cisco said it was clear that traditional approaches to adopting multiple cyber security point solutions was no longer effective, with the majority of respondents admitting that their set-ups slowed them down when it came to detecting, responding to and recovering from incidents. Worldwide, almost 70% of respondents had deployed more than 10 point solutions in their cyber stacks, and almost 30% had over 30.

Other areas of concern highlighted in the report included a tendency to be lax when it came to letting employees access company platforms from unmanaged devices, and a now-critical cyber talent shortage making it harder to recruit people who can help manage security effectively. This is a global issue that does not just affect the UK – 41% of the total sample said they had over 10 vacant security roles.

Time to buy

But as noted, the report did identify the potential for investment, and respondents did seem to be aware of the problems that they were facing, with 96% saying they would up their cyber budgets this year, 82% by a factor of over 10%.

A total of 47% of the global sample said they would significantly upgrade their IT infrastructure over the next two years, up from 31% who said this in 2023, and 55% were looking to AI to help manage cyber challenges.

Cisco concluded that to overcome the challenges they face more effectively, organisations should be accelerating more meaningful security investments, including innovative measures such as AI, taking a more platform-based approach, paying more attention to network resilience, and attempting to bridge the skills gap.


Leave a Reply

Your email address will not be published. Required fields are marked *