Business resilience as a key driver for cybersecurity investments, according to the second Nixu Cybersecurity Index.
Based on a survey of over 370 northern European organisations, the Index reveals both encouraging progress and increasing concerns. Alarmingly, 50% of organisations reach only a poor or deficient level in cybersecurity.
Key findings of the Nixu Cybersecurity Index include:
* Maintaining business resilience is the main driver for cybersecurity investments.
* AI causes unprecedented concern by enabling refined attacks, but it also bolsters defense.
* Security monitoring, awareness, and identity and access management are top priorities in the region.
* A huge performance gap between the best and the rest: Top performers prioritise risk management.
* Most organisations aim at a modest increase in their cybersecurity headcount.
More than 80% of organisations emphasise that the need to ensure business resilience is the top driver for their cybersecurity investments.
“The prominence of business resilience as a driver for cybersecurity investments highlights the increasing awareness of the need to protect operations and ensure continuity,” says Teemu Salmi, CEO of Nixu.
The Nixu Cybersecurity Index 2023 is based on self-assessment by 372 cybersecurity and business leaders from various industries and countries. The survey was conducted in June-August 2023. The Index measures cybersecurity maturity by evaluating four performance factors: current state, management, investments, and future development plans.
This year’s average score of 64,9 is deficient on the 10-100 Index scale. The best-performing Nordic countries were Denmark and Norway, which reached a satisfactory level. The average scores for Sweden and Finland dropped from last year, and both are now on a deficient level.
Organisations with a Cybersecurity Index of 75 or higher significantly outperform their counterparts. These top performers prioritise risk management, include cybersecurity in executive management discussions, and allocate a substantial portion of their ICT budget to cybersecurity.
Security monitoring and incident response is clearly seen as a top cybersecurity capability now and during the next 12 months. Compared to last year, the current value of this area increased clearly, from 44% to 49%.
“This indicates that organisations are widely concerned about maintaining their business resilience in an evolving cybersecurity threat landscape. Through better security monitoring, organisations are able to detect early indications of attacks, and with more sophisticated response capabilities, organizations can limit the impact of any incident,” says Jan Mickos, Nixu’s senior vice-president and service area lead of managed services.
Raising security awareness, refining identity and access management (IAM), and early threat detection are also among the primary development objectives.
A new theme that surfaced in the 2023 study was artificial intelligence (AI). Respondents said that it is currently the most prominent topic for cybersecurity.
“AI’s emergence as a central cybersecurity topic presents both challenges and opportunities. As organisations harness AI’s power in their business solutions, they must remain vigilant to the potential security risks. However, AI also holds the key to enhanced defense solutions reducing the risks of human error,” says Mickos.
When it comes to skills, a substantial 59% of the surveyed organisations admit they face serious challenges in hiring necessary cybersecurity expertise. Despite this, most intend to expand their internal cybersecurity teams. Although the planned increase in headcounts is modest, the total demand for experts in the region is huge compared to the availability of talent.
To solve the serious issues of managing competences and ensuring resilience, the Index report recommends consistent cybersecurity management, investing in risk management, and complementing internal operations with an external service delivery capabilities partner.
“Organisations must be proactive and strategic in their approach. These recommendations provide a roadmap for enhancing cybersecurity maturity and business resilience,” says Salmi.