Editorial

Firms protecting devices – but not identities, says Cisco report

New report shows that “significant progress is needed to meet the challenge of identity verification”

Posted 8 February 2023 by Christine Horton


There is “much work to be done” to protect identities, according to new a new report from Cisco.

Cisco’s first-ever Cybersecurity Readiness Index focuses on five core pillars of security protection: identity, devices, network, applications, and data. Respondents ranked identity and device management as two of the three top cybersecurity threats. Alongside the widespread adoption of technology like multi-factor authentication (MFA), criminals are increasingly targeting the solutions protecting users and devices.  

However, the report’s initial findings show that a marked difference between the levels of protection of devices and identities.

Cisco described the levels of adoption when it comes to device protection as “impressive” with nearly half of companies placed in either the ‘mature’ (31 percent) or ‘progressive’ (13 percent) stages of adoption.

However, said Cisco, there is still much work to be done when it comes to identity. “Significant progress is needed to meet the challenge of identity verification,” it noted. Only 20 percent of organizations in the ‘mature’ category, and more than half falling into the ‘beginner’ (20 percent) or ‘formative’ (38 percent) stages.    

According to the Index, companies also urgently need to act on the security posture of their applications and related workloads. Only 12 percent are in a state of mature application-security readiness, while 65 percent are in the early or formative stages. Cisco said its application strategy aims to ensure greater resilience against the growing attack surface of the experience economy. This is where applications are no longer an adjunct, but rather they are the business itself.  

Finally, IT complexity, and the complexity of managing a highly distributed workforce has introduced risk to the organisation and increased operational costs. Most enterprise networks can’t support the change in traffic patterns driven by SaaS and hybrid work. Only 19 percent of companies are placed in the mature stage of protecting the network, while more than 50 percent are in the formative or beginner stages.