Only 2% of Swiss companies are optimally prepared for cyber threats

Over the last 12 months, the cyber landscape has changed significantly, particularly as a result of artificial intelligence (AI). It is now being used in both cyberattacks and protection solutions. As a result, companies need to adapt their security strategies and architectures. The Cisco Cybersecurity Readiness Index 2024 has determined the extent to which companies are up to these new challenges. Based on more than 8,000 expert surveys worldwide, companies were divided into four maturity levels: Beginner (Beginner), Formative (Formative), Advanced (Progressive) and Mature (Mature). 205 respondents also came from Switzerland. The respondents are responsible for business and cyber security in their companies and gave self-assessments on the status of their company's defense capabilities and the technology used. The survey was conducted in January and February 2024 using online interviews.

Swiss companies overestimate their defensive capabilities

The new study suggests that Swiss companies overestimate their own ability to protect themselves against current threats or underestimate the cyber threat situation. The results show that only 1.95% of Swiss companies have a sufficiently mature security structure to be optimally prepared for current threats. A year ago, the figure was 9 percent. If you cluster the two highest maturity levels "Mature" and "Progressive", Swiss companies rank third in Europe behind the UK and Germany with 24%. Nevertheless, 81% of companies in Switzerland are moderately to very confident that they can fend off a cyberattack with their current infrastructure.

Unsurprisingly, readiness also correlates with the size of an organization, as more budget and personnel can be allocated to cybersecurity. Companies with more than 1,000 employees have a higher level of maturity, while medium-sized companies (250-1,000 employees) are slightly behind. This applies worldwide and across all industries. The study found that the best-prepared sectors are financial services, technology and manufacturing - all with 30 % or more in the upper "Mature" and "Progressive" categories. The education sector, for example, still has some catching up to do.

The importance of securing IT systems is also shown by the figures from the Federal Office for Cyber Security (BACS). Reports of cyber incidents are trending upwards. "There is an urgent need for companies to rethink their security strategies and adapt to the reality of today's cyber threats," says Roman Stefanov, Head of Cyber Security Sales at Cisco Switzerland. According to the study, 45 percent of Swiss companies surveyed have experienced a cyberattack in the last 12 months.

Switzerland on the right track with AI

"An encouraging sign for Switzerland is the high use of AI for cyber defense," explains Roman Stefanov. "Almost 40 percent already use systems based on it with the highest or second-highest level of maturity." The protection of networks and machines is satisfactory at 32% and 26% respectively. However, there is a lot of catching up to do in the areas of identity and cloud. Only 18% and 14% of Swiss companies respectively have an adequate level of protection in these areas.

Swiss companies also cite the protection of corporate identities as the biggest challenge (39%), ahead of network protection (30%). "More than a third of Swiss companies have noticed a cybersecurity incident involving stolen digital identities in the last year," explains Roman Stefanov. "In this threat situation, we should no longer ask whether a user can have access, but whether they should."

Two thirds believe in a cyberattack in the next 12 to 24 months

According to the study, 66 percent of companies surveyed believe that a cyberattack will affect their business in the next 12 to 24 months. Despite these concerns, 51 percent of companies say they have more than 10 open cyber security positions, indicating an acute skills shortage. The cost of incidents is notable, with 45 percent of respondents stating that past incidents have cost more than $500,000.

The good news is that companies have increased their security budgets and want to increase them even further. This is because they recognize an increase in risks due to digitalization, more diverse types of attacks and greater financial impact: 86 percent of respondents stated that they have increased their budget in the last 1-2 years, and almost 80 percent want to increase their budget by more than 10 percent in the future. 92 percent plan to upgrade or even restructure their IT infrastructure to counter the coming challenges in cyber security.

Source: Cisco