Cisco has released an alarming study that highlights only 4 percent of organizations worldwide can effectively withstand today’s cybersecurity threats.
The 2025 Cybersecurity Readiness Index showed a slight increase from the 3 percent reported in last year’s Index; however, the snail’s pace of growth shows a lack of engagement in cybersecurity and an increase in complexity as AI dominates.
“This year’s report continues to reveal alarming gaps in security readiness and a lack of urgency to address them. Organizations must rethink their strategies now or risk becoming irrelevant in the AI era,”
Cisco Chief Product Officer Jeetu Patel said.
The Index evaluates companies’ readiness across five pillars: Identity Intelligence, Network Resilience, Machine Trustworthiness, Cloud Reinforcement, and AI Fortification. Organizations are then placed into one of four readiness stages: Beginner, Formative, Progressive, or Mature.
AI’s Effect on Cyber Readiness
AI is creating intense interest across sectors for the benefits it can bring to businesses.
However, the Cisco report reveals bad actors are equally racing to adopt the efficiencies of AI.
The report showed 86 percent of organizations faced AI-related security incidents last year.
In addition to increased social engineering capabilities, the growth in AI has enabled hackers to automate tasks such as scanning for vulnerabilities and launching coordinated attacks, allowing them to target thousands of systems simultaneously with minimal effort.
The study showed that only 49 percent of respondents are confident their employees fully understand AI-related threats, and 48 percent believe their teams fully grasp how malicious actors are using AI to execute sophisticated attacks.
“As AI transforms the enterprise, we are dealing with an entirely new class of risks at unprecedented scale-putting even more pressure on our infrastructure and those who defend it,” Patel said.
But it is not just AI augmenting attackers that organizations need to look out for.
Key Findings
- AI’s Growing Role in Cybersecurity: 89% of organizations use AI for threat analysis, 85% for detection, and 70% for response.
- Generative AI Risks: 51% of employees use approved third-party generative AI tools, but 22% have unrestricted access to public GenAI, while 60% of IT teams are unaware of employee interactions.
- Shadow AI Concerns: 60% of organizations lack confidence in detecting unregulated or shadow AI deployments.
- Unmanaged Device Vulnerabilities: 84% of organizations face heightened security risks from employees accessing networks via unmanaged devices, worsened by unapproved GenAI tool usage in hybrid work environments.
- Investment Priorities: Although 96% plan IT infrastructure upgrades, only 45% allocate over 10% of their IT budget to cybersecurity-a decline of 8% year-over-year-indicating a need for stronger investment in defense.
- Complex Security Postures: Over 77% report that managing more than ten point security solutions complicates and slows their ability to respond effectively to threats.
- Talent Shortage: 86% identify a shortage of skilled cybersecurity professionals as a major challenge, with over half having more than ten open positions, hindering security progress.
AI is compounding the threat landscape. In the last year, 49 percent of organizations suffered cyberattacks, hindered by complex security frameworks with disparate point solutions.
As companies rapidly introduce AI into their systems to enhance efficiency, automate processes, and strengthen cybersecurity, they are also inadvertently increasing the complexity of their digital environments, making them harder to defend.
The intricate nature of AI models means their decision-making processes are often opaque, complicating troubleshooting and reducing trust in automated responses. This “black box” effect makes it difficult for security teams to interpret alerts and understand system behavior, potentially delaying detection and response to threats.
Pinpointing the Threats
However, the study showed that most threats organizations face are coming from external sources.
Respondents view external threats like malicious actors and state-affiliated groups (58 percent) as more significant to their organizations than internal threats (42 percent), underscoring the urgent need for streamlined defense strategies to thwart external attacks.
Increasing geopolitical tension has thrust enterprises further into the fray of cyberattacks.
As a result, as much as 71 percent of respondents said they anticipate business disruptions from cyber incidents within the next 12 to 24 months.
Cisco concludes that to fight the rising tide of threats, organizations should fight fire with fire by investing in AI solutions to tackle new threats and bring them up to speed.
Last month, Cisco announced the release of its new AI Defense solution.
The solution is designed to provide protection for both the development and utilization of AI applications within an organization, enabling businesses to feel confident as they advance their AI initiatives.
