2025 Cisco Cybersecurity Readiness Index

Readiness remains flat as AI transforms the industry

Cisco’s third annual Cybersecurity Readiness Index is an updated guide that addresses the current global cybersecurity landscape and assesses how ready organizations are to face today’s cybersecurity risks.

Worldwide, companies underestimate the complexities of securing AI.

0%

86% say their organizations have experienced AI-related security incidents in the past 12 months.

0%

45% feel their organization has the internal resources and expertise to conduct comprehensive AI security assessments.

But only 10% of companies believe AI is the most difficult pillar to secure.

There is a conflict between understanding AI security and the reality of experiences with AI threats.

0%

52% report that employees do not fully grasp how malicious actors are using AI.

0%

Only 49% of respondents believe employees fully understand AI-related cybersecurity threats.

0%

41% do not have mature controls on data used to train AI models.

0%

60% do not know the specific requests employees make to GenAI tools.

Organizations recognize the need for more investment in cybersecurity, but talent shortages and an already-complex operating environment are a barrier.

0%

96% of respondents plan to upgrade or restructure their IT infrastructure within the next two years.

0%

53% report that their organizations have more than 10 cybersecurity related positions to fill.

Only 45% of respondents in this year's survey say their organization allocates more than 10% of their IT budget to cybersecurity, compared to 53% in 2024.

2025
45%
2024
53%

Organizations must balance priorities and make choices within tight budgets.

0%

71% believe that a cybersecurity incident is likely to disrupt their organization’s business within the next 12 to 24 months.

0%

Only 34% feel very confident in the resilience of their organization’s current cybersecurity infrastructure against attacks.

Amid these growing concerns, only 4% of organizations reached Mature stage of cybersecurity readiness, up just 1% from the year before.

0%

2024

0%

2025

A look at global readiness

  • Readiness remains low globally year over year, as companies underestimate the complexities of AI.
  • AI is reshaping the security landscape, adding layers of complexity to threats and the measures needed to defend against them.

Find out how peers in your region, industry, and market compare when it comes to cybersecurity readiness:

Global readiness
Mature ?Progressive ?Formative ?Beginner ?
2024 Global readiness
Mature ?Progressive ?Formative ?Beginner ?
?
Mature ?Progressive ?Formative ?Beginner ?
?
Mature ?Progressive ?Formative ?Beginner ?
?
Mature ?Progressive ?Formative ?Beginner ?
?
Mature ?Progressive ?Formative ?Beginner ?

Cisco surveyed business leaders across 30 global markets to gain insight into cybersecurity readiness based on five pillars of preparedness:

Identity Intelligence

Are you effectively protecting user access and preventing identity-based breaches?

Identity Intelligence

Create a robust identity security strategy that includes comprehensive identity visibility and Zero Trust with Passwordless and/or multi-factor authentication, supported by AI detections.

Network Resilience

How secure are your endpoints, servers, and IoT devices from cyber intrusions?

Network Resilience

Organizations need to treat this pillar with significant urgency and move beyond partial implementation as they prepare their networks for the era of AI.

Machine Trustworthiness

Is your network infrastructure resilient against infiltration and data exfiltration?

Machine Trustworthiness

Implement a zero-trust security model to verify every user and device before granting access to the network. This approach helps ensure trusted access and acts as both the first and last line of defense.

Cloud Reinforcement

How well are you securing your cloud environments and mitigating cloud-specific risks?

Cloud Reinforcement

Companies must move beyond fragmented security strategies and invest in a unified, proactive model enhanced by AI.

AI Fortification

Are your AI-driven systems safeguarded against adversarial threats and misuse?

AI Fortification

Develop a robust AI security strategy that includes securing both the use of AI technologies and the models upon which AI technologies are built.

Companies were placed in four stages of readiness based on their overall score (of a maximum of 100).

How are mature companies fast-tracking readiness?

Mature companies with the highest level of cybersecurity readiness are most commonly large organizations.

Share of mature companies by company size

Mature companies are better resourced to assess AI threats.

Percentage of companies with internal resources and expertise to conduct comprehensive AI security assesments

Mature companies are setting aside more budget for cybersecurity.

Methodology

The 2025 Cisco Cybersecurity Readiness Index is based on a double-blind survey of 8,000 private sector business leaders who have cybersecurity responsibilities in their organizations across 30 markets. The research was conducted between January and February 2025 using online interviews.

We looked at 31 different solutions across the five core pillars of cybersecurity protection: Identity Intelligence, Machine Trustworthiness, Network Resilience, Cloud Reinforcement, and AI Fortification. Each company's scores were determined by the stage of deployment of various solutions under each of the five pillars. The scores for each pillar were then combined and weighted to arrive at an overall cybersecurity readiness score for each organization.