Cybersecurity threats are becoming more diverse and most organizations are not ready, according to cybersecurity readiness research commissioned by Cisco. Cisco’s Cybersecurity Readiness Index found that 15% of organizations globally have a “mature” level of readiness.

Beyond the mature companies are 47% in the formative stage and 8% in the beginner stage. This means that 55% are below average in terms of cybersecurity readiness.

That finding is juxtaposed against dire expectations: 82% of respondents expect a cybersecurity disruption in the next 12 to 24 months and most have experienced one during the past year. The cost to 41% of those companies that had incidents was at least $500,000.

There is recognition of the need to close the gap: 86% of respondents plan to increase their cybersecurity budgets by 10% or more during the next year.

The context of the findings is that the world of cybersecurity is changing from a world in which the predominant employment model was an individual operating from a single location and a single device to one in which people work on a variety of devices in many places.

The report measures five “core pillars” that Cisco says form the bedrock of cyber defense: identity, devices, network, application workloads and data. Researchers looked at 19 solutions that fall into those five categories.

Companies were assigned to one of the four cybersecurity readiness categories — Beginner, Formative, Progressive and Mature — based on how extensively they had deployed the 19 solutions.

“The move to a hybrid world has fundamentally changed the landscape for companies and created even greater cybersecurity complexity. Organizations must stop approaching defense with a mix of point tools and instead, consider integrated platforms to achieve security resilience while reducing complexity,” Jeetu Patel, the executive vice president and general manager of security and collaboration at Cisco, said in a press release. “Only then will businesses be able to close the cybersecurity readiness gap.”

The double-blind survey addressed 6,700 “cybersecurity leaders” at private sector organizations spanning 27 markets. The survey was conducted by an unnamed independent third party.