2025年思科网络安全就绪指数

2025 Cisco CybersecurityReadiness Index Readiness remains flat as AI transforms the industry Contents Executive Summary3Benchmarking Readiness7Identity Intelligence8Machine Trustworthiness10Network Resilience12Cloud Reinforcement14Artificial Intelligence (AI) Fortification16Industry and Size Matter18Recommendations21About the Research22 Executive Summary A few short years after Gen AI was introduced,artificial intelligence (AI) continues to changethe tech industry at record speed, asbusinesses race to launch new technologyand to meaningfully implement it as part oftheir IT strategies. However, only 10% consider AI to be the most challengingaspect of their security infrastructure to protect. As AI-enabled threats become increasingly sophisticated, thesethreats will only rise. Cisco’s third annualCybersecurity Readiness Indexis our updated guide that addresses the current globalcybersecurity landscape and assesses how readycompanies are to face today’s cybersecurity risks. It isbased on a double-blind survey of 8,000 businessesand cybersecurity leaders across 30 global markets.Respondents represent a broad range of private sectorindustries, including financial services, retail, technologyservices, and manufacturing. While AI brings promise of new possibilities, it also addslayers of complexity to an already complicated securitylandscape. It’s challenging for companies to both embraceand secure AI. What’s more, there’s a disconnect betweengeneral understanding of the threats posed by AI andwhat it takes to secure organizations against thosethreats. Nearly nine out of 10 (86%) business leaders withcybersecurity responsibilities reported at least one AI-related incident in the past 12 months. Just 48% believethat their employees understand how malicious actors areusing AI to enhance their attacks. Under half (45%) feeltheir company has the internal resources and expertiseto conduct comprehensive AI security assessments. The 2025 edition of this study shows that readinessremained flat from 2024. Based on five pillars ofcybersecurity readiness that are most relevant tosecuring today’s organizations –Identity Intelligence,Machine Trustworthiness,Network Resilience,Cloud Reinforcement, andArtificial Intelligence (AI)Fortification. A mere four percent of companies (as opposed tothree percent in 2023) reached the Mature stage ofreadiness. Alarmingly, nearly three quarters (70%)remain in the bottom two categories (Formative, 61%and Beginner, nine percent) - with little change fromlast year. As threats continue to evolve and multiply,companies need to enhance their preparedness at anaccelerated pace to remain ahead of malicious actors. In terms of the pillars of readiness, this year’sresults reflect the largest increase is in MachineTrustworthiness (12% Mature), which saw themost growth compared to seven percent in 2024.Conversely the report saw the lowest levels of maturityin AI Fortification (seven percent), Network Resilience(seven percent), Identity Intelligence (six percent), andCloud Reinforcement (four percent), all trailing withsingle-digit performance. Types of AI-related securityincidents companies experienced Threats to AI systems and secure data processesremain a blind spot for many companies, despite anabundance of active and increasingly sophisticatedattacks. Added to that is a general lack of employees’understanding of the security risks that come withusing and developing AI applications. Model theft or unauthorized access Only 49% of respondents believe employeesfully understand AI-related cybersecurity threats,which commonly take the form of model theft orunauthorized access, AI-enhanced social engineering,or data poisoning attempts. AI-enhanced social engineering Data poisoning attempts This lack of understanding is overshadowed by theincreasingly widespread adoption of AI, particularlyGenAI. While half (51%) of companies require theiremployees to utilize approved third-party GenAI toolsthrough a security service, nearly a quarter (22%) haveunrestricted access to publicly available tools. Thisunrestricted access puts sensitive company data atserious risk and could lead employees to inadvertentlypropagate threats. Planned increase in cybersecurityinfrastructure spending Regardless of how employees use AI at work, IT teamshave limited visibility and control, with 60% sayingthey can’t see specific prompts or requests made byemployees using GenAI tools. Unregulated AI deployments, or shadow AI, posesignificant cybersecurity and data privacy risks, as itis hard for security teams to monitor and control whatthey can’t see. 60% stated they lack confidence intheir ability to identify the use of unapproved AI tools intheir environments. AI-related risks are further muddying waters in analready-complex operating environment involving hybridworkers, unmanaged devices, and solution sprawl. Thisbuilds the case for more action and investment. Globally, nearly half of respondents (49%) experien