[Espoo, Finland] – Nixu unveils the results of the second consecutive Nixu Cybersecurity Index. Based on an extensive survey of over 370 northern European organizations, the report underlines business resilience as a key driver for cybersecurity investments. The Index reveals both encouraging progress and increasing concerns. Alarmingly, 50% of organizations reach only a poor or deficient level in cybersecurity.
Nixu Cybersecurity Index 2023 report offers a comprehensive view of the cybersecurity landscape in northern Europe and provides essential insights for cybersecurity decision makers.
The key findings are:
- Maintaining business resilience is the main driver for cybersecurity investments
- AI causes unprecedented concern by enabling refined attacks, but it also bolsters defense
- Security monitoring, awareness, and identity & access management are top priorities in the region
- A huge performance gap between the best and the rest: Top performers prioritize risk management
- Most organizations aim at a modest increase in their cybersecurity headcount
Over 80% of organizations emphasize that the need to ensure business resilience is the top driver for their cybersecurity investments.
“The prominence of business resilience as a driver for cybersecurity investments highlights the increasing awareness of the need to protect operations and ensure continuity. Overall, the Nixu Cybersecurity Index 2023 reflects our dedication to providing valuable insights that help organizations tailor their cybersecurity strategies,” says Teemu Salmi, CEO of Nixu.
The Index exposes a significant gap between the best performers and all others
The Nixu Cybersecurity Index 2023 is based on self-assessment by 372 cybersecurity and business leaders from various industries and countries. Moreover, the survey was conducted in June–August 2023. The Index measures cybersecurity maturity by evaluating four performance factors: current state, management, investments, and future development plans.
This year’s average score of 64,9 is deficient on the 10–100 Index scale. The best-performing Nordic countries were Denmark and Norway, which reached a satisfactory level. The average scores for Sweden and Finland dropped from last year, and both are now on a deficient level.
Organizations with a Cybersecurity Index of 75 or higher significantly outperform their counterparts. These top performers prioritize risk management, include cybersecurity in executive management discussions, and allocate a substantial portion of their ICT budget to cybersecurity.
Security monitoring and incident response are the most important cybersecurity capabilities
Security monitoring and incident response is clearly seen as a top cybersecurity capability now and during the next 12 months. Compared to last year, the current value of this area increased clearly, from 44% to 49%.
“This indicates that organizations are widely concerned about maintaining their business resilience in an evolving cybersecurity threat landscape. Through better security monitoring, organizations are able to detect early indications of attacks, and with more sophisticated response capabilities, organizations can limit the impact of any incident,” says Jan Mickos, Nixu’s SVP and Service Area Lead of Managed Services.
Raising security awareness, refining identity and access management (IAM), and early threat detection are also among the primary development objectives.
AI surfaced as a central trend affecting cybersecurity
A new theme that surfaced in the 2023 study was artificial intelligence (AI). Respondents said that it is currently the most prominent topic for cybersecurity.
“AI’s emergence as a central cybersecurity topic presents both challenges and opportunities. As organizations harness AI’s power in their business solutions, they must remain vigilant to the potential security risks. However, AI also holds the key to enhanced defense solutions reducing the risks of human error,” Jan Mickos points out.
Demand for cybersecurity experts massively exceeds supply – more outsourcing necessary
Already now, a substantial 59% of the surveyed organizations admit they face serious challenges in hiring necessary cybersecurity expertise. Despite this, most intend to expand their internal cybersecurity teams. Although the planned increase in headcounts is modest, the total demand for experts in the region is huge compared to the availability of talent.
To solve the serious issues of managing competences and ensuring resilience, the Index report recommends consistent cybersecurity management, investing in risk management, and complementing internal operations with an external service delivery capabilities partner.
“Organizations must be proactive and strategic in their approach. These recommendations provide a roadmap for enhancing cybersecurity maturity and business resilience,” states CEO Teemu Salmi.
For a detailed analysis and access to the full Nixu Cybersecurity Index 2023 report, click here.