It is a regular problem that newer versions of OS X result in Cisco Anyconnect breaking. Cisco are admittedly fairly good at releasing new versions but this relies on your network administrator having a valid subscription, paying attention and updating your Cisco equipment to match.
In theory your Cisco equipment might be able to upgrade your client devices including Macs but of course if you have upgraded your OS X and broken the previous version you might not be able to connect for this to happen. In theory you are also supposed to be able to go to a website and login and this will then cause a full-blown download and re-install of the Cisco Anyconnect client. This install process often requires using Java and that can also get broken.
As a result of all this I personally prefer using Apple's built-in VPN client since in theory that is always going to be compatible with the versions of OS X it comes with. Sierra has L2TP, Cisco IPSec and IKEv2 VPN clients built-in. I have not tried the IKEv2 built-in client so I don't know how reliable it is.
Arguably your IT department should not be letting you upgrade to a newer version of OS X until they have tested and as necessary upgraded their stuff to support this. Equally they should not be simply ignoring newer versions and refusing to upgrade their systems to match.