A mere 5% of companies in South Africa rank at the ‘Mature’ level of readiness which is needed to be resilient against modern cybersecurity risks – down by 19% year-on-year.

This is one of the alarming findings from Cisco’s 2024 Cybersecurity Readiness Index, which assesses a company’s readiness across five key pillars: Identity Intelligence, Network Resilience, Machine Trustworthiness, Cloud Reinforcement, and AI Fortification. These areas are comprised of 31 corresponding solutions and capabilities.

The survey is based on a double-blind survey of over 8,000 private sector security and business leaders across 30 global markets conducted by an independent third party. The respondents were asked to indicate which of these solutions and capabilities they had deployed and the deployment stage. Companies were then classified into four stages of increasing readiness: Beginner, Formative, Progressive, and Mature.

“Today’s cybersecurity threats demand companies be prepared for potential breaches. The Index assesses preparedness, empowering them to adapt their cybersecurity infrastructure,” says Kabelo Letsoalo, cybersecurity specialist at Cisco. “Organisations need to prioritise investments in integrated platforms and lean into AI to operate at machine scale and finally tip the scales in favour of defenders.”

The second edition of the annual Index was developed to measure companies’ level of preparedness against cyber-attacks in an era of hyperconnectivity and a rapidly evolving threat landscape, as a variety of techniques ranging from phishing and ransomware to supply chain and social engineering attacks continue to threaten businesses. It is for this reason that building adequate is essential.

Overall, the study considers key measurements such as anticipation of cybersecurity in, effectiveness of multipoint solutions, device management issues, skills shortages and others. All of these elements have a key impact on how responsive companies can be in the face of cyber attacks.

Notably, in the South African edition of the survey, nearly 73% of companies indicated that they anticipate a cybersecurity incident could disrupt their business in the next 12 to 24 months.

The challenges are compounded in distributed working environments where data is spread across limitless services, devices, applications, and users. Adding to this, only 31% companies feel very confident in their ability to defend against a cyberattack with their current infrastructure.

“We can’t underestimate the threat posed by overconfidence,” points out Letsoalo, who outlines key steps business should take to protect themselves from cybersecurity threats in the South African context:

* Identify and assess vulnerabilities;

* Invest in adequate cybersecurity infrastructure;

* Stay in the know;

* Upskill teams for greater resilience; and

* Continuously re-evaluate readiness.