In a recent global survey conducted by Cisco, it was found that only 4% of organizations are fully equipped to handle the increasing complexity of modern cybersecurity threats. Despite the widespread adoption of artificial intelligence and hyperconnectivity in business environments, the majority of companies are not adequately prepared to address cybersecurity challenges.
The 2025 Cisco Cybersecurity Readiness Index, based on a survey of 8,000 security and business leaders across 30 countries, highlights the significant gap in cybersecurity readiness within the private sector. While there has been a slight improvement from the previous year, with 3% of organizations classified as ‘Mature’ in terms of cybersecurity readiness, the progress is minimal and indicates a persistent vulnerability in how businesses approach security in an AI-driven world.
The index assesses organizational maturity across five critical domains: AI Fortification, Cloud Reinforcement, Machine Trustworthiness, Network Resilience, and Identity Intelligence. Despite the growing awareness of cybersecurity risks, a large number of businesses are still in the early stages of development, lacking comprehensive defense mechanisms.
According to the report, 71% of organizations anticipate experiencing a cybersecurity-related business disruption in the next 12 to 24 months. The convergence of generative AI, remote work, and distributed digital infrastructures has intensified threat complexity, with nearly half of the surveyed companies reporting at least one cyberattack in the past year. These attacks are often exacerbated by fragmented security architectures and scattered point solutions.
Artificial intelligence plays a central role in both the problem and the solution. While many businesses are leveraging AI for threat detection and incident response, there is a lack of awareness around AI-specific risks. A significant number of respondents feel that their workforce does not fully understand the security implications of AI tools or how threat actors exploit AI to automate attacks.
The report also highlights the rise of ‘shadow AI’ – unauthorized and unsupervised AI deployments that pose risks to data security and compliance. Many IT teams are unaware of how employees interact with AI tools, leading to potential data leakage and privacy violations. Hybrid work environments further compound these risks, with unmanaged devices increasing the likelihood of security breaches.
Budget constraints are also hindering progress in cybersecurity preparedness, with fewer organizations allocating a significant portion of their IT budgets to cybersecurity. This lack of investment comes at a time when cyber threats are becoming more sophisticated and frequent, underscoring the need for a reevaluation of enterprise risk prioritization.
Jeetu Patel, Cisco’s Executive Vice President and Chief Product Officer, emphasizes the urgency of addressing cybersecurity gaps in the face of evolving threats. He warns that companies risk losing relevance in the AI age if they do not prioritize cybersecurity strategies.
The study also highlights the operational challenges posed by the use of multiple disjointed security solutions, which hinder organizations’ ability to respond effectively to threats. The reliance on fragmented security tools leads to inefficiencies and delays in threat detection.
The talent shortage in cybersecurity remains a significant bottleneck, with many organizations struggling to fill open cybersecurity roles. This shortage of skilled professionals further weakens enterprise security despite investments in infrastructure.
In response to these challenges, the report calls for a shift towards integrated, AI-enabled security solutions and a simplification of infrastructure. Organizations are urged to focus on improving threat detection, securing cloud environments, and enhancing workforce education on AI-related risks. Addressing shadow AI risks, investing in secure access solutions for remote workforces, and overseeing GenAI deployments are identified as essential steps to enhance cybersecurity readiness.
As cyber threats continue to evolve, the 2025 Cisco Cybersecurity Readiness Index serves as a crucial guide for organizations seeking to strengthen their security posture. The report emphasizes the importance of modernizing security strategies with intelligence, automation, and collaboration to mitigate risks effectively. By taking proactive steps to address cybersecurity challenges, businesses can enhance their resilience in the face of emerging threats.
