Unpacking the Cisco Cybersecurity Readiness Report: Implications for Third-Party Risk Management and Supply Chain Resilience

Dr Magda Chelly
Managing Director at Responsible Cyber

The Cisco Cybersecurity Readiness Report reveals areas of improvement and opportunities for organizations to strengthen their cybersecurity posture and mitigate third-party risks.

The Cisco Cybersecurity Readiness Report, based on a survey of 6,700 private sector cybersecurity leaders across 27 territories, provides a comprehensive overview of the current state of cybersecurity readiness within organizations. The report evaluates readiness across five key pillars: Identity, Devices, Network, Application Workloads, and Data. Understanding these findings is essential for organizations to strengthen their cybersecurity posture, address third-party risk management (TPRM) challenges, and enhance supply chain resilience. This article will analyze the report's findings and discuss their implications for TPRM and supply chain risk.

Key Findings:

  1. Identity Management: With 58% of respondents in the Formative or Beginner category, Identity Management remains a critical area for improvement. However, 95% of respondents have deployed a solution, indicating awareness of its importance.
  2. Network Protection: 56% of respondents are at the lower end of readiness, highlighting the need for further investment in network security. However, 50% of respondents plan to finalize deployments within the next 12 months, demonstrating a commitment to strengthening this pillar.
  3. Device Protection: Although 31% of organizations fall into the highest performing category of readiness, 56% remain in the Formative or Beginner stage. Encouragingly, 88% of organizations plan to deploy solutions within the next two years.
  4. Application Workloads: This pillar is the least well-advanced, with 64% of respondents in the Formative or Beginner stage. Despite this, 97% of respondents have deployed some kind of solution, primarily utilizing host software firewalls.
  5. Data Protection: With 98% of respondents having solutions in place and 50% in the Mature and Progressive categories, data protection is a strong area for many organizations.

Implications for Third-Party Risk Management:

The Cisco report's findings have significant implications for TPRM, particularly in addressing the risks associated with supply chain partners:

  1. Enhancing Identity Management: Organizations must ensure that their third-party vendors and partners prioritize strong identity management practices, as this is a key area for improvement. Implementing multi-factor authentication, access controls, and regular access reviews can help mitigate identity-related risks.
  2. Strengthening Network Security: The report highlights the need for better network security within organizations and their third parties. Ensuring that partners have robust network security measures in place, such as firewalls, intrusion detection systems, and secure network configurations, can minimize risks to the supply chain.
  3. Prioritizing Device Security: Organizations must work closely with third parties to establish and maintain strong device security practices, including regular patching, endpoint protection, and device management policies.
  4. Addressing Application Security: The relatively low readiness in application workloads suggests that organizations should assess their third parties' application security measures, including secure software development practices, vulnerability management, and application monitoring.
  5. Maintaining Data Protection Standards: Although data protection is a strong area for many organizations, it is crucial to ensure that third-party vendors adhere to the same high standards. This includes implementing encryption, secure data storage, and robust backup and recovery procedures.

The Cisco Cybersecurity Readiness Report offers valuable insights into the current state of cybersecurity readiness across organizations, with important implications for third-party risk management and supply chain resilience. By addressing the identified weaknesses and opportunities for improvement, organizations can better protect themselves from cybersecurity threats, strengthen their relationships with third parties, and enhance the resilience of their supply chains.

Download the Report Here.

Dr Magda Chelly
Managing Director
Co-Founder of Responsible Cyber | Author | TEDx Speaker | Featured on Forbes 🇵🇱 | World Economic Forum Expert Network Cybersecurity | PhD, S-CISO, CISSP, Cert SCI Dr. Magda Lilia Chelly is an accomplished cybersecurity expert, entrepreneur, and thought leader, known for her extensive knowledge and passion for protecting businesses from cyber threats. Holding a Ph.D. in Telecommunication Engineering and an Executive MBA, she has built a stellar reputation as a trusted advisor in the field of information security. Dr. Chelly has served in various leadership roles, including as a CISO and a Managing Director for a global cybersecurity consultancy. Her expertise spans multiple domains, such as risk management, cybersecurity strategy, and governance. With numerous industry certifications and recognition as a CISSP, Dr. Chelly is a sought-after speaker and contributor to international conferences, webinars, and publications. As an advocate for diversity and inclusion in the technology sector, Dr. Chelly actively supports initiatives to encourage more women to pursue careers in cybersecurity. Her dedication to empowering and mentoring the next generation of cybersecurity professionals has made her a respected figure within the industry. In addition to her professional accomplishments, Dr. Chelly is an avid writer, sharing her insights and experiences through articles, blogs, and social media platforms. Her engaging and educational content has helped raise awareness about the critical importance of cybersecurity in an increasingly interconnected world.

Say Hello to Responsible Risk Management

IMMUNE is the super straightforward way to confidently and effectively manage Nth-parties and all interdependencies within your ecosystem.