Alarming Lack Of Security Readiness: Mere 4% Enterprises 'Mature' Enough To Counter Cyber Threats

Global cybersecurity preparedness remains alarmingly low even as hyperconnectivity and artificial intelligence breed new complexities.

A mere 4% of organisations worldwide have achieved the "mature" level of cyber readiness required to withstand today's threats, according to recently released Cisco's 2025 Cybersecurity Readiness Index.

Even though this is a slight increase from last year's Index — in which 3% of organisations worldwide were Mature — it demonstrates a critical lack of preparedness among enterprises even as the threat landscape grows and cyber criminals get smarter with each passing day.

The index surveyed 8,000 private sector security and business leaders in 30 global markets. 

The awareness gap regarding artificial intelligence is leaving organisations critically exposed. Nearly nine out of 10 organisations (86%) experienced security events related to AI last year, demonstrating how AI is raising threat levels.

However, only 49% of respondents are certain their employees properly comprehend the risks associated with AI, and 48% think their teams fully understand how malicious actors are utilising AI to carry out complex attacks. Nearly half of organisations (49%) experienced cyberattacks in 2024, which were made more difficult by complex security frameworks with scattered solutions.

In the future, respondents believe that external threats, such as state-affiliated groups and malicious actors (58%) are more important than internal risks (42%), highlighting the urgent need for defence against external attacks.

The lack of cybersecurity readiness globally is alarming as 71% of respondents anticipate business disruptions from cyber incidents within the next 12 to 24 months. Other findings include:

• AIs In Cybersecurity: Around 89% of organisations use AI to understand threats better, 85% for threat detection, and 70% for response and recovery, underscoring AI's vital role in strengthening cybersecurity.

• Generative AI Deployment Risks: Over half (51%) of employees use approved third-party tools, demonstrating the widespread adoption of gen AI tools. However, major oversight issues are highlighted by the fact that 22% employees have unrestricted access to public gen AI and 60% of IT teams don't know employees are using gen AI.

• Shadow AI Concerns: Significant cybersecurity and data privacy issues arise because 60% of companies lack confidence in identifying shadow AI or unregulated AI implementations.

• Vulnerable Devices: Within hybrid work models, because employees access networks from unmanaged devices and use unapproved gen AI technologies, 84% of companies face higher security risks.

• Cybersecurity Investments Not Enough: While 96% of organisations plan to upgrade their IT infrastructure, only 45% allocate more than 10% of their IT budget to cybersecurity (down 8% year-over-year), even as threats rise.

• Talent Shortage: A staggering 86% of respondents identify the shortage of skilled cybersecurity professionals as a major challenge, with more than half reporting more than 10 positions to fill.