Global cybersecurity readiness remains critically low
Only 4% of organizations worldwide have achieved the ‘mature’ level of readiness required to withstand cybersecurity threats, according to Cisco’s 2025 Cybersecurity Readiness Index. This is a slight increase from last year’s index, in which 3% of organizations worldwide were designated as mature.
This demonstrates that despite a slight improvement from last year, global cybersecurity preparedness remains low as hyperconnectivity and AI introduce new complexities for security practitioners.
AI is changing the threat landscape
AI is revolutionizing security and escalating threat levels, with nearly 9 in 10 organizations (86%) facing AI-related security incidents last year. However, only 49% of respondents are confident their employees fully understand AI related threats, and 48% believe their teams fully grasp how malicious actors are using AI to execute sophisticated attacks. This awareness gap leaves organizations critically exposed.
In the last year, 49% of organizations suffered cyberattacks, hindered by complex security frameworks with disparate point solutions. Looking forward, respondents view external threats like malicious actors and state-affiliated groups (58%) as more significant to their organizations than internal threats (42%), underscoring the urgent need for streamlined defense strategies to thwart external attacks.
“As AI transforms the enterprise, we are dealing with an entirely new class of risks – putting even more pressure on our infrastructure and those who defend it,” said Cisco CPO Jeetu Patel.
The lack of cybersecurity readiness globally is alarming as 71% of respondents anticipate business disruptions from cyber incidents within the next 12 to 24 months.
GenAI deployment risks
89% of organizations use AI to understand threats better, 85% for threat detection, and 70% for response and recovery, underscoring AI’s vital role in strengthening cybersecurity strategies.
GenAI tools are widely adopted, with 51% of employees using approved third-party tools. However, 22% have unrestricted access to public GenAI, and 60% of IT teams are unaware of employee interactions with GenAI, underscoring major oversight challenges.
60% of organizations lack confidence in detecting unregulated AI deployments, or shadow AI, posing significant cybersecurity and data privacy risks. Within hybrid work models, 84% of organizations face increased security risks as employees access networks from unmanaged devices, further increased by using unapproved GenAI tools.
Investment priorities shift
While 96% of organizations plan to upgrade their IT infrastructure, only 45% allocate more than 10% of their IT budget to cybersecurity (down 8% year-over-year), emphasizing a critical need for more focused investment in comprehensive defense strategies, which is incredibly important as threats are not slowing.
77% of organizations report that their complex security infrastructures, dominated by the deployment of more than ten point security solutions, are impeding their ability to respond swiftly and effectively to threats.
86% of respondents identify the shortage of skilled cybersecurity professionals as a major challenge, with more than half reporting more than ten positions to fill.
To tackle cybersecurity challenges, organizations must invest in AI-driven solutions, simplify security infrastructures, and enhance AI threat awareness. Prioritizing AI for threat detection, response, and recovery is essential, as is addressing talent shortages and managing risks from unmanaged devices and shadow AI.