Hackers vs. AI: 86% of Firms Hit by Cyber Threats—Who’s Winning?

Cisco's 2025 Cybersecurity Readiness Index reveals that only 4% of organizations worldwide have reached a "Mature" level of cybersecurity readiness. This is a slight improvement from last year's 3%, but it still highlights significant gaps in global preparedness.

The Index evaluates companies' readiness across five pillars—Identity Intelligence, Network Resilience, Machine Trustworthiness, Cloud Reinforcement, and AI Fortification— and encompassing 31 solutions and capabilities. Based on a double-blind survey of 8,000 private sector security and business leaders in 30 global markets, respondents detailed their deployment stages for each solution. Companies were then categorized into four readiness stages: Beginner, Formative, Progressive, and Mature.

Key Findings:

The lack of cybersecurity readiness globally is alarming as 71% of respondents anticipate business disruptions from cyber incidents within the next 12 to 24 months.

• AI-related security incidents affected 86% of organizations in the past year.
• 49% of respondents believe their employees fully understand AI-related threats, while 48% think their teams grasp how malicious actors use AI for attacks.
• Nearly half of organizations suffered cyberattacks, struggling with complex security frameworks.
• 71% of respondents anticipate business disruptions due to cyber incidents within the next 12 to 24 months.
• Only 45% of organizations allocate more than 10% of their IT budget to cybersecurity, down from 53% last year.

The report evaluates cybersecurity readiness across five pillars: Identity Intelligence, Network Resilience, Machine Trustworthiness, Cloud Reinforcement, and AI Fortification. AI is both a security tool and a threat, with 89% of organizations using AI for threat detection, response, and recovery

The report said that — to tackle today’s cybersecurity challenges, organizations must invest in AI-driven solutions, simplify security infrastructures, and enhance AI threat awareness. Prioritizing AI for threat detection, response, and recovery is essential, as is addressing talent shortages and managing risks from unmanaged devices and shadow AI.