Despite widespread use of artificial intelligence (AI) and an uptick in digital threats, global cybersecurity readiness remains dangerously low, according to Cisco’s newly released 2025 Cybersecurity Readiness Index. Only 4% of organizations worldwide have reached the “Mature” level of readiness. That’s up just one percentage point from last year’s findings. The rest remain vulnerable to modern cyber threats, including AI-driven attacks. Of particular interest to us was the mention of “shadow AI,” read on for our editorial note on that concern.
“Most companies remain underprepared to prevent or manage these threats, with cybersecurity readiness levels remaining essentially static in the past 12 months,” the report states.
AI Incidents Widespread, Understanding Low
Nearly nine in ten companies (86%) reported experiencing at least one AI-related security incident in the past year. Common incidents include model theft, AI-enhanced phishing, data poisoning, and prompt injection attacks.
Yet only 49% of companies believe their employees understand AI-related cyber threats. Even fewer, 48%, believe their teams grasp how malicious actors exploit AI to launch sophisticated attacks.
Cloud and Network Defenses Falling Behind
Cloud security maturity remains limited. Just 4% of companies have fully deployed comprehensive protections in cloud environments. Basic tools like host firewalls and visibility analytics are deployed in less than half of organizations.
Network security also lags. Seven percent of companies reached “Mature” readiness in network resilience. That’s the same as last year despite a sharp increase in threats. “Network Resilience is sliding backwards… many appear to be losing ground,” the report stated.
Companies cited outdated infrastructure, limited budgets, and technical complexity as barriers to implementation.
Machines and Identity Systems Vulnerable
Progress in machine trustworthiness has improved slightly. This year, 12% of companies reached maturity in this pillar, up from 7% in 2024. Still, many struggle to secure hybrid work environments and Internet of Things (IoT) devices.
Identity systems also remain weak. Just 6% of organizations have fully deployed protections like passwordless authentication or AI-powered identity verification.
“Full deployment remains stagnant,” Cisco found.
Unmanaged devices, multiple network logins, and limited employee training all contribute to growing exposure.
Shadow AI Raises New Risks
Companies face a growing threat from “shadow AI,” which is the unauthorized use of generative AI tools by employees.
(Editorial note: Shadow AI is a growing concern, especially in organizations under financial strain, where employees may quietly bypass AI usage policies to appear more productive or self-sufficient, thus avoiding the optics of needing help in a climate of cutbacks and uncertainty.)
Sixty percent of IT teams say they lack visibility into how these tools are being used inside their networks.
“60% stated they lack confidence in their ability to identify the use of unapproved AI tools,” the report warned.
Unregulated access to GenAI tools, often through unmanaged devices, increases the risk of accidental data leaks and exploitation.
Cybersecurity Budgets Rising, but Slowly
Almost all companies (96%) plan to upgrade their IT infrastructure in the next two years. But cybersecurity isn’t keeping pace. Only 45% of respondents said more than 10% of their IT budget goes toward cybersecurity. That’s down from 53% in 2024. The mismatch between growing IT investment and stagnant security spending could leave firms more exposed to cyber threats.
Skilled Talent Shortage Persists
The lack of qualified cybersecurity professionals remains one of the most cited challenges. Eighty-six percent of organizations said the shortage hinders their readiness. “53% report having more than 10 cybersecurity positions to fill,” according to the report. This shortage delays the rollout of essential protections and leaves security teams stretched thin.
Cisco’s Recommendations to Close the Cybersecurity Readiness Gap
Cisco urges organizations to address readiness shortfalls across five critical pillars:
- Identity Intelligence: Adopt Zero Trust strategies and AI-enhanced identity tools.
- Machine Trustworthiness: Verify every device with robust endpoint protections.
- Network Resilience: Move past partial rollouts and strengthen network segmentation and anomaly detection.
- Cloud Reinforcement: Unify fragmented strategies and implement cross-cloud policy enforcement.
- AI Fortification: Secure both AI tools and underlying models from exploitation.
“Develop a robust AI security strategy that includes securing both the use of AI technologies and the models,” Cisco advised.
The findings are based on a double-blind survey of 8,000 business leaders with cybersecurity responsibilities. Respondents span 30 countries and 18 industries, including technology, healthcare, and finance. The index measures cybersecurity readiness across five weighted pillars and 31 specific solutions. Data collection took place in January and February 2025.
Other News: Cybersecurity Readiness: Why Most Enterprises Overestimate Their Resilience(Opens in a new browser tab)
