Despite rising threats and heavy cyber investments, few respondents had achieved tangible improvements in cybersecurity readiness, albeit by pre-defined# survey standards.

Based on a double-blind Jan/Feb 2025 online survey exercise of 8,000 business leaders in 30 territories who had cybersecurity responsibilities*, on five pillars of cybersecurity readiness^, a cybersecurity firm has released some findings.

First, compared to a similar survey in 2024 for the year 2023, the current survey indicates that 4% of respondents had been deemed to have reached the ‘mature’ stage (as defined by the survey architects#) in 2025 — a 1% increase from the 3% in non-similar respondents in a survey for 2024. About 70% of respondents at the bottom of readiness rankings had not progressed.

Second, the latest data shows that there has been a 5% growth in “machine trustworthiness” (from 7% in 2023). The lowest levels of maturity were found in AI fortification (7%), network resilience (7%), identity intelligence (6%) and cloud reinforcement (4%).

Other findings

Third, 86% of respondent had cited experiencing at least one AI-related security incident in the past year, with 49% indicated they believed their employees fully understand AI-related threats, and 48% indicating they think “staff grasp how malicious actors use AI for attacks”. Also:

  • 60% of all incident responses handled by the firm that commissioned the survey had involved identity-based attacks, with adversaries leveraging compromised accounts for lateral movement and privilege escalation.
  • 60% of IT teams among the respondents had indicated a lack of confidence in detecting unapproved AI tools; 22% of respondents had let employees access public generative tools without restrictions.
  • 84% of respondents (as employees) had cited accessing company networks from unmanaged devices; 31% had indicated they ever logged into six different networks weekly
  • 77% cited that too many cybersecurity solutions slowed incident response, and 70% had reported having more than 10 point solutions; 26% cited over 30.
  • 86% had cited cybersecurity talent shortages as a challenge, with 53% having over 10 open security positions.
  • 98% of respondents had cited plans to upgrade IT infrastructure, but only 45% now allocate over 10% of their IT budget to cybersecurity — down from 53% in the survey for 2024. This reflects cybersecurity’s shrinking share of total IT spend (due to faster growth in overall IT budgets), even as 93% of respondents had indicated increased cybersecurity spending in absolute terms.
  • The data showed that respondents in technology services, media and communications, and natural resources led in cyber readiness, while those in healthcare and wholesale were lagging. Respondents from the large firms (>1,000 staff) were deemed more cyber ready (6% in the mature cyber readiness tier) than those in small firms (10 to 249 staff) that were represented by only 2% in the mature cyber readiness tier. However, the latter respondents were also rapidly adopting AI-driven security in attempts to improve cost-effectiveness.

The firm that commissioned the survey, Cisco, has used the findings to recommend organizations to create robust identity security strategies; implement Zero Trust models for users and devices; urgently enhance network resilience; move beyond fragmented cloud security; and develop comprehensive AI security strategies that protect both AI technologies and the models themselves.

*including North America, Latin America, EMEA and Asia Pacific: Australia, Brazil, Canada, Mainland China, France, Germany, Hong Kong SAR, India, Indonesia, Italy, Japan, Malaysia, Mexico, Netherlands, New Zealand, Philippines, Poland, Saudi Arabia, Singapore, South Africa, South Korea, Spain, Sweden, Switzerland, Taiwan, Thailand, UAE, UK, United States, and Vietnam

^Identity intelligence (25% weightage), machine trustworthiness (25% weightage), network resilience (25% weightage), cloud reinforcement (15% weightage), and AI fortification (15% weightage) — across 31 solutions tied to the pillars curated for survey usage

# For a firm to be deemed mature”, the methodology required full deployment of 31 solutions, predominantly aligned with the commissioning firm’s product ecosystem and/or bundled solutions