Limited readiness in Thailand against current threats

The 2024 Cisco Cybersecurity Readiness Index was developed during an era characterized by hyperconnectivity and a rapidly evolving threat landscape. In today's digital landscape, companies are facing a barrage of cyber threats ranging from phishing and ransomware to supply chain and social engineering attacks. Despite implementing multiple-point defences, they struggle to effectively protect themselves due to overly complex security postures dominated by disparate solutions.

These challenges are exacerbated in distributed working environments where data is scattered across numerous services, devices, applications, and users. Surprisingly, 89% of companies express moderate to high confidence in their ability to defend against cyberattacks using their current infrastructure. However, this confidence- readiness gap implies that organizations may overestimate their cyber resilience and fail to grasp the full extent of the threats they confront.

The 2024 Cisco Cybersecurity Readiness Index sheds light on the challenges faced by companies as they confront an evolving threat landscape while balancing their confidence levels. This comprehensive assessment evaluates companies' preparedness across five critical pillars: Identity Intelligence, Network Resilience, Machine Trustworthiness, Cloud Reinforcement, and AI Fortification, encompassing a total of 31 solutions and capabilities. The Index draws on insights from a double-blind survey involving over 8,000 private sector security and business leaders across 30 global markets, conducted by an independent third party. Respondents were asked to detail their deployment of these solutions and capabilities, categorizing companies into four readiness stages: Beginner, Formative, Progressive, and Mature.

Jeetu Patel, Executive Vice President and General Manager of Security and Collaboration at Cisco, emphasized the significance of addressing the dual challenge of underpreparedness and overconfidence: "We cannot underestimate the threat posed by our overconfidence. Today's organizations must prioritize investments in integrated platforms and leverage AI to operate at machine scale, ultimately shifting the advantage in favour of defenders."

Findings

Overall, the study found that only nine percent of companies in Thailand are ready to tackle today’s threats, with more than half (54%) of organizations falling into the Beginner or Formative stages of readiness. Globally, 3% of companies are at a Mature stage. Further:

•    Future Cyber Incidents Expected: 65% of respondents said they expect a cybersecurity incident to disrupt their business in the next 12 to 24 months. The cost of being unprepared can be substantial, as 51% of respondents said they experienced a cybersecurity incident in the last 12 months, and 69% of those affected said it cost them at least US$300,000. 

•    Point Solution Overload: The traditional approach of adopting multiple cybersecurity point solutions has not delivered effective results, as 92% of respondents admitted that having multiple point solutions slowed down their team’s ability to detect, respond and recover from incidents. This raises significant concerns as 75% of organizations said they have deployed ten or more point solutions in their security stacks, while 35% said they have 30 or more. 

•    Unsecure and Unmanaged Devices Add Complexity: 94% of companies said their employees access company platforms from unmanaged devices, and 42% of those spend one-fifth (20%) of their time logged onto company networks from unmanaged devices. Additionally, 26% reported that their employees hop between at least six networks over a week.

•    The Cyber Talent Gap Persists: Progress is being further hampered by critical talent shortages, with 91% of companies highlighting it as an issue. of defences43% of companies said they had more than ten roles related to cybersecurity unfilled in their organization at the time of the survey.

•    Future Cyber Investments Ramping Up: Companies are aware of the challenge and are ramping up their defenses with 65% planning to significantly upgrade their IT infrastructure in the next 12 to 24 months. This is a marked increase from 47% who planned to do so last year. Most prominently, organizations plan to upgrade existing solutions (70%), deploy new solutions (53%), and invest in AI-driven technologies (61%). Further, almost all (99%) companies surveyed expect to increase their cybersecurity budget in the next 12 months, and 94% respondents say their budgets will increase by 10% or more.

To overcome the challenges of today’s threat landscape, companies must accelerate meaningful investments in security, including adoption of innovative security measures and a security platform approach, strengthen their network resilience, establish meaningful use of generative AI, and ramp up recruitment to bridge the cybersecurity skills gap.

"Today's threat landscape is more complicated and companies globally including those in Thailand are underprepared, with our latest Cybersecurity Readiness Index revealing that just 9% of Thai companies are fully prepared to address modern cybersecurity risks, a steep decline from 27% last year," said Weera Areeratanasak, Managing Director, Cisco Thailand and Myanmar. "Businesses in Thailand need to adopt a multi-pronged platform approach to their cyber resilience, from investing in protective cybersecurity measures to leveraging Generative AI to enhance their security programs and bridging the cybersecurity talent gap to establish a baseline of readiness across their organization."