Cisco Index Reveals Only 4% of Firms Achieve Mature Security
Only 4% of organisations worldwide have achieved the ‘Mature’ level of cybersecurity readiness required to withstand contemporary threats, according to the 2025 Cisco Cybersecurity Readiness Index. This represents a marginal improvement from last year's figure of 3%, indicating global cybersecurity preparedness remains insufficient as hyperconnectivity and AI introduce additional complexities for security practitioners.
The research, based on a double-blind survey of 8,000 private sector security and business leaders across 30 global markets, evaluates companies’ readiness across five pillars: Identity Intelligence, Network Resilience, Machine Trustworthiness, Cloud Reinforcement and AI Fortification. These encompass 31 solutions and capabilities, with respondents detailing their deployment stages for each solution.
Cisco Cybersecurity Index highlights AI-related security incidents impact on organisations
The research reveals that AI is simultaneously revolutionising security practices and escalating threat levels, with 86% of organisations experiencing AI-related security incidents in the past year. Despite this clear danger, only 49% of respondents express confidence that their employees fully understand AI-related threats, while 48% believe their teams comprehend how malicious actors employ AI to execute sophisticated attacks.
βAs AI transforms the enterprise, we are dealing with an entirely new class of risks at unprecedented scale β putting even more pressure on our infrastructure and those who defend it,β says Cisco Chief Product Officer Jeetu Patel. "This yearβs report continues to reveal alarming gaps in security readiness and a lack of urgency to address them.β
The integration of AI into cybersecurity strategies appears widespread, with 89% of organisations using AI to understand threats better, 85% employing it for threat detection, and 70% utilising it for response and recovery processes.
However, the adoption of generative AI tools presents additional risks. While 51% of employees use approved third-party tools, 22% have unrestricted access to public generative AI platforms. Perhaps more concerning, 60% of IT teams lack awareness of employee interactions with generative AI, highlighting significant oversight challenges.
Shadow AI and unmanaged devices create security vulnerabilities
The report identifies ‘shadow AI’ as an emerging concern, with 60% of organisations lacking confidence in their ability to detect unregulated AI deployments, which pose cybersecurity and data privacy risks. This problem compounds existing challenges within hybrid work models, where 84% of organisations face increased security risks from employees accessing networks via unmanaged devices.
The complexity of security infrastructures represents another obstacle, with 77% of organisations reporting that their security posture, characterised by the deployment of more than 10 point security solutions, impedes their ability to respond swiftly and effectively to threats.
- 86% of organisations experienced AI-related security incidents in the past year, yet only 49% of respondents believe their employees understand these threats
- Despite growing threats, cybersecurity investment is declining with only 45% of organisations allocating more than 10% of IT budget to security β down 8% from 2024
- The talent gap continues to widen with 86% of organisations reporting skilled cybersecurity professional shortages as a major challenge
Despite these challenges, investment priorities appear to be shifting away from cybersecurity. While 96% of organisations plan to upgrade their IT infrastructure, only 45% allocate more than 10% of their IT budget to cybersecurity – a decrease of 8% year-over-year.
Talent shortage remains critical challenge for businesses
The research indicates that 71% of respondents anticipate business disruptions from cyber incidents within the next 12 to 24 months. This projection becomes more concerning when considering the persistent talent shortage in the cybersecurity sector.
A significant 86% of respondents identify the shortage of skilled cybersecurity professionals as a primary challenge, with more than half reporting more than ten positions to fill within their organisations.
In the context of evolving threats, survey participants view external threats such as malicious actors and state-affiliated groups (58%) as more significant to their organisations than internal threats (42%), underscoring the need for streamlined defence strategies.
Jeetu Patel adds: “Organisations must rethink their strategies now or risk becoming irrelevant in the AI era.”
Explore the latest edition of Cyber Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.
Discover all our upcoming events and secure your tickets today.
Cyber Magazine is a BizClik brand
