96% of businesses have low cyber-readiness, claims Cisco
A tiny increase in the number of ‘mature’ organizations shows growing problems with AI


Businesses worldwide are still unprepared for a myriad of cyber attacks, according to the latest Cisco Cybersecurity Readiness Index.
The networking specialist categorizes companies’ cyber readiness as Mature, Progressive, Formative, and Beginner based on what it considers to be the five most important pillars of cybersecurity for businesses today.
These include:
- Identity Intelligence
- Machine Trustworthiness
- Network Resilience
- Cloud Reinforcement
- AI Fortification
According to the report, which is based on a double-blind survey of 8,000 business and cybersecurity leaders, the progressive category has remained static at 26% compared to 2024, while beginner has decreased from 11% to 9%.
There has been a slight increase in the progressive and mature categories, Cisco noted, going from 60% to 61% and 3% to 4% respectively.
Winners and losers
Of the five areas identified as most important by Cisco, two of the most mature and widely used technologies – cloud computing and networking – had some of the lowest levels of ‘mature’ cybersecurity readiness, at 4% and 7%.
Despite being a newer field of technology, AI fortification was on a par with networking in terms of maturity, ranking at 7%, while identity intelligence was ranked at 6%. Machine trustworthiness was the only category to reach double-digits, at 12%.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
In terms of which industries have the greatest levels of mature cyber readiness, technology services, media and communications, and natural resources all come in at 6%. At the other end of the scale, at beginner level, are healthcare (14%), wholesaling (15%), and natural resources (16%).
The results for the natural resources industry in particular show that there can be a wide variety of knowledge and preparedness even within a single sector, Cisco said.
AI in the spotlight
AI threats are “a blind spot for many companies”, the report’s authors claim, despite an increase in would-be hackers targeting AI systems through methods such as data poisoning, prompt injection attacks, and model theft.
Exacerbating this problem, only 51% of respondents believe employees within the business are fully aware of AI-related cyber threats. Additionally, 22% say employees are allowed unfettered access to third-party generative AI tools, which carries a variety of security risks.
“Regardless of how employees use AI at work, IT teams have limited visibility and control, with 60% saying they can't see specific prompts or requests made by employees using GenAI tools,” the report says.
“Unregulated AI deployments, or shadow AI, pose significant cybersecurity and data privacy risks, as it is hard for security teams to monitor and control what they can't see.”
MORE FROM ITPRO
- What good AI cyber security looks like today
- Executives think AI can supercharge cybersecurity teams – analysts aren’t convinced
- Agentic AI could be a blessing and a curse for cybersecurity

Jane McCallion is Managing Editor of ITPro and ChannelPro, specializing in data centers, enterprise IT infrastructure, and cybersecurity. Before becoming Managing Editor, she held the role of Deputy Editor and, prior to that, Features Editor, managing a pool of freelance and internal writers, while continuing to specialize in enterprise IT infrastructure, and business strategy.
Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.
-
Dell Pro 14 Premium review
Reviews Dell plays it safe with its 14in business ultraportable, but svelte design and great battery life can't mask the flaws
-
SAS Innovate 2025 live: All the latest news and updates
Live blog ITPro is live on the ground at SAS Innovate 2025 – follow every announcement as they happen
-
Cisco takes aim at AI security at RSAC with ServiceNow partnership
News The companies claim Cisco AI Defense and ServiceNow SecOps will help address new challenges raised by AI
-
Cisco claims new smart switches provide next-level perimeter defense
News Cisco’s ‘security everywhere’ mantra has just taken on new meaning with the launch of a series of smart network switches.
-
Cisco is jailbreaking AI models so you don’t have to worry about it
News Cisco's new AI Defense security solution helps organizations shore up LLM security by identifying potential flaws.
-
Cisco dispels Kraken data breach claims, insists stolen data came from old attack
News Cisco has refuted claims it has suffered a data breach after the Kraken threat group posted stolen data online.
-
Cisco patches critical flaws in Identity Services Engine
News Cisco has issued patches for a pair of critical vulnerabilities affecting its Identity Service Engine (ISE).
-
Your office is now absolutely riddled with surveillance equipment
News While workplace monitoring is shown to have a detrimental effect on morale, many firms are still charging ahead
-
Cisco confirms attackers stole data, shuts down access to compromised DevHub environment
News The tech giant insists that no sensitive customer information has been compromised
-
Cisco confirms investigation amid data breach claims
News The networking giant says its probe is ongoing amid claims a threat actors accessed company data