Organizations around the world are dangerously unprepared for today's cybersecurity threats, with a new study revealing that just 4% have achieved the maturity level needed to effectively defend against modern attacks.

The findings, released in Cisco's 2025 Cybersecurity Readiness Index, paint a troubling picture of global cyber defences at a time when artificial intelligence is both revolutionizing security capabilities and creating entirely new categories of threats.

The networking giant's annual assessment of 8,000 security and business leaders across 30 countries found that cybersecurity readiness has barely improved from last year, when only 3% of organizations reached the "mature" readiness level. This marginal progress comes despite mounting threats and the widespread adoption of AI technologies that are reshaping the security landscape.

Perhaps most concerning is the impact of artificial intelligence on cybersecurity incidents. The study found that 86% of organizations experienced AI-related security breaches in the past year, highlighting how quickly threat actors have adapted to exploit new technologies.

Despite this surge in AI-powered attacks, organizations remain poorly equipped to understand and defend against these threats. Less than half of respondents expressed confidence that their employees fully understand AI-related risks, while only 48% believe their teams grasp how criminals are weaponizing AI for sophisticated attacks.

"As AI transforms the enterprise, we are dealing with an entirely new class of risks at unprecedented scale - putting even more pressure on our infrastructure and those who defend it," said Jeetu Patel, Cisco's Chief Product Officer. "This year's report continues to reveal alarming gaps in security readiness and a lack of urgency to address them."

Shadow AI Poses Hidden Risks

The rapid adoption of generative AI tools is creating significant blind spots for IT departments. While 51% of employees use approved third-party AI tools, 22% have unrestricted access to public AI platforms. More troubling still, 60% of IT teams remain unaware of how their employees interact with these AI systems.

This "shadow AI" phenomenon represents a major vulnerability, with 60% of organizations lacking confidence in their ability to detect unauthorized AI deployments within their networks. The problem is compounded by hybrid work arrangements, where 84% of organizations face increased security risks as employees access corporate networks from unmanaged personal devices.

The cybersecurity skills gap continues to plague organizations, with 86% identifying the shortage of qualified professionals as a major obstacle. More than half of these organizations report having more than 10 open cybersecurity positions they cannot fill.

This staffing crisis comes as organizations grapple with increasingly complex security infrastructures. Over 77% of companies report that managing more than 10 different point security solutions is hampering their ability to respond quickly and effectively to threats.

Despite the escalating threat landscape, cybersecurity investment appears to be declining as a priority. While 96% of organizations plan to upgrade their IT infrastructure, only 45% allocate more than 10% of their IT budgets to cybersecurity - a decrease of 8 percentage points from the previous year.

This trend is particularly concerning given that 71% of respondents anticipate business disruptions from cyber incidents within the next 12 to 24 months, and 49% of organizations suffered cyberattacks in the past year.

The study did reveal some encouraging trends in AI adoption for defensive purposes. An overwhelming 89% of organizations now use AI to better understand threats, 85% employ it for threat detection, and 70% leverage AI for incident response and recovery.

Organizations also recognize external threats as their primary concern, with 58% viewing malicious actors and state-affiliated groups as more significant risks than internal threats.

The full report is available here.