Large organizations have significantly strengthened their cyber workforce in 2024, according to cyber consultancy Wavestone.
In its Cyber Benchmark 2024 report, Wavestone found that, on average, companies with over $1bn in revenues have one expert dedicated to cybersecurity for 1086 employees.
In 2023, the same organizations had one cyber professional for 1285 employees – a 15% increase.
The best in class are financial businesses, which boast an average of one cyber expert per 267 employees, while industrial groups have an average of one cyber expert for 1390 employees.
Speaking to Infosecurity, Gerome Billois, a Wavestone partner in charge of cybersecurity and digital trust, attributed the rise to efforts conducted by large groups over several years to bolster their cyber defenses.
“This is a very positive sign that large enterprises have acknowledged the need for a strong cyber workforce. More and more companies have launched initiatives to ensure talent retention,” he said.
In the report, a person who dedicates half of their time to conducting cybersecurity missions is considered a cybersecurity expert and the number of employees considered is limited to staff members with regular access to the organization’s IT systems.
“We didn’t include profiles like network administrators who would only rarely perform cyber tasks, for instance,” Billois added.
Cyber Maturity Stabilizes at 53%
The report, published on June 26, also found that the overall maturity level of surveyed organizations has reached 53%, a one percentage point increase from 2023.
“After years when organizations initiated significant cybersecurity programs to enhance their defenses, we’ve now entered a stabilization phase during which progress is marginal,” Billois noted.
He said that, in previous years, large groups’ leadership teams were mobilized to implement basic cybersecurity measures, generalizing adoption of endpoint detection and response (EDR) solutions and multifactor authentication (MFA) and securing identity access systems like Microsoft Active Directory (AD).
Read more: Is MFA Enough to Protect You Against Cyber-Attacks?
“The main motivation was to become more resilient against ransomware attacks, and it worked. These groups’ average maturity level against ransomware is at 56.9%, from 49.8% in 2023. We see fewer large groups’ IT systems being compromised by ransomware groups,” Billois said.
He also noted that, while 53% can still appear as a low maturity level, some analyzed companies have reached record-high 80-90% of cyber maturity levels.
“This shows that it is possible to achieve,” Billois added.
Budgets have also stabilized, representing an average of 6.6% of the IT budget across all sectors.
Large Companies Emphasize Cloud and Data Security
Two areas made particular progress this year:
- Cloud security, with a 48.3% maturity level in this field (+5%)
- Data security, which rose by 4% compared to 2023
“Now that they mostly get the basic security measures right regarding their on-premises networks, large organizations have started implementing them with their cloud services. To do so, they can leverage advances in platform administration security with measures like just-in-time administration,” said Billois.
The emphasis on improving their data security posture, on the other hand, is mainly driven by the growing challenges of artificial intelligence, the report noted.
The analyzed companies are still struggling in some areas. These include third-party security, where organizations show average maturity levels of 48.9%, and industrial system (ICS) security, at 39.9%.
Wavestone’s Cyber Benchmark is an annual report based on a continuous assessment of over 150 companies across 200 security measures divided into 16 categories.
The selected measures are based on the US National Institute of Standards and Technology’s (NIST) Cybersecurity Framework and the ISO 27001 standard.