/vnd/media/agency_attachments/bGjnvN2ncYDdhj74yP9p.png)
/vnd/media/media_files/2025/05/08/6rnB1tNTZ64zI9kKWTic.png)
The cybersecurity preparedness of global enterprises has shown only marginal improvement in the past year, despite the surge in the adoption of Artificial Intelligence (AI) across industries. According to Cisco’s latest Cybersecurity Readiness Index 2025, only 4% of companies worldwide have reached a ‘Mature’ stage of readiness, marginally up from 3% in 2024.
The index, based on insights from over 8,000 business and security leaders across 30 countries, benchmarks organisations against five critical pillars: identity intelligence, machine trustworthiness, network resilience, cloud reinforcement, and AI fortification. It indicates that 70% of organisations fall within the bottom two categories: Formative (61%) and Beginner (9%), with minimal year-on-year improvement.
AI Adoption Outpaces Security Understanding
The Cybersecurity Readiness Index highlights that while AI continues to emerge as a double-edged sword, which is being widely adopted but poorly understood. The index highlights that 86% of leaders with cybersecurity responsibilities experienced at least one AI-related incident in the past year. However, less than half (48%) believe their employees understand the risks associated with AI misuse, such as model theft, data poisoning, or prompt injection attacks.
Nearly one in four companies allow unrestricted access to Generative AI (GenAI) tools that could lead to sensitive data leaks. The report further notes that the pace at which companies are embracing AI has not been matched by their preparedness to secure it, resulting in a disconnect that would make organisations vulnerable to more frequent and severe attacks.
Limited Visibility and Mounting Tool Overload
A majority of IT teams (60%) admit they cannot track the prompts employees input into GenAI tools, and an equal percentage say they are unsure whether unapproved AI or “shadow AI” is being used.
Besides, the hybrid work culture adds to the challenge, with a staggering 84% of organisations reporting that their employees access company networks from unmanaged devices. On average, workers connect through six different networks each week, further widening the threat surface.
The report also highlights the growing threat of tool sprawl, which has started taking a toll. According to Cisco, over 70% of organisations deploy more than 10 security tools, and 26% use more than 30 tools. This creates an integration challenge that can slow down incident detection, response, and recovery efforts, undermining security operations.
Mixed Results Across the Readiness Pillars
When broken down by readiness pillars, machine trustworthiness showed the greatest improvement, with 12% of companies reaching maturity, up from 7% last year. The report, however, indicates that progress across the other pillars is sluggish, with just 7% achieving maturity in network resilience and AI fortification. Identity intelligence and cloud reinforcement fared even worse, at 6% and 4%, respectively.
Despite 98% of organisations planning to upgrade their cybersecurity infrastructure, actual budget allocation tells another story. Only 45% now dedicate more than 10% of their IT spend to cybersecurity, down from 53% in 2024. This indicates that while most firms have increased their security spend, overall IT budgets are growing faster, diluting the impact.
“This year’s report continues to reveal alarming gaps in security readiness and a lack of urgency to address them. Organisations must rethink their strategies now or risk becoming irrelevant in the AI era,” said Jeetu Patel, Executive Vice President and General Manager of Security and Collaboration at Cisco.
The report also pointed out that the employee skill gap continues to be one of the key challenges. Around 86% of respondents cited it as a challenge, with 53% reporting that they have more than 10 cybersecurity positions open. Furthermore, 88% stated that these vacancies account for more than 10% of their security team size.
Patel further said that the organisations were caught between the need to adopt cutting-edge technologies and defending an ever-expanding threat landscape. “They must prioritise integrated, AI-enabled defences—not just stack more tools,” he urged.
Overall, the technology services, media and communications, and natural resources sectors reported the highest levels of maturity. In contrast, the healthcare and wholesaling sectors lagged, raising concerns due to the sensitive nature of the data they handle.
The report indicates that larger enterprises (1,000+ employees) were better equipped compared with over 6% achieving the Mature level, compared to 2% of small businesses. Globally, the mid-sized organisation (250–999 employees) showed better agility, with 5% reaching Maturity status, while many are investing actively in AI-driven security and automation.