Cisco Study Reveals Alarming Deficiencies in European Cybersecurity Readiness

According to Cisco’s 2025 Cybersecurity Readiness Index, only 3 percent of organizations in Europe have achieved the ‘Mature’ level of readiness required to effectively withstand today’s cyber threats, as hyperconnectivity and AI introduce new complexities.

The European Union has adopted regulatory frameworks that address critical infrastructure security (NIS2) and product security (Cyber Resilience Act, CRA), but progress has been critically held back by inconsistent implementation and irregular roadmaps for compliance. The EU has signaled cybersecurity will be a cornerstone of its regulatory simplification program, which presents a unique opportunity to get this back on track. Cisco’s Cybersecurity Readiness Index provides further evidence that ‘carrots’ are required to go alongside the legislative ‘sticks’.

AI is revolutionizing security and escalating threat levels, with nearly nine-in-ten organizations (87%) facing AI-related security incidents last year. However, only 42% of European respondents are confident their employees fully understand AI related threats, and 42% believe their teams fully grasp how malicious actors are using AI to execute sophisticated attacks (vs 49% globally). This awareness gap leaves organizations critically exposed. The industry needs to dramatically simplify how enterprises deploy, manage, and secure AI to keep pace with the evolving threat landscape.

AI is compounding an already challenging threat landscape. In the last year, nearly half of European organizations (46%) suffered cyberattacks, hindered by complex security frameworks with disparate point solutions. Looking forward, respondents view external threats like malicious actors and state-affiliated groups (58%) as more significant to their organizations than internal threats (42%), underscoring the urgent need for streamlined defense strategies to thwart external attacks.

Policy makers need to incentivize the removal of outdated technologies and adoption of modern architecture, including AI-powered defenses. They also need to swiftly boost initiatives to enable a skilled cyber workforce, in partnership with industry.

Cybersecurity Readiness Remains Flat as AI Transforms the Industry

The Index evaluates companies’ readiness across five pillars—Identity Intelligence, Network Resilience, Machine Trustworthiness, Cloud Reinforcement, and AI Fortification. Based on a double-blind survey of close to 2,000 private sector security and business leaders in Europe* (8,000 globally. Companies were then categorized into four readiness stages: Beginner, Formative, Progressive, and Mature.

Organizations must simplify their security frameworks, prioritize cybersecurity in their IT budgets, elevate AI threat awareness, address risk from unmanaged devices and shadow AI, and prioritize AI for threat detection, response and recovery.

2025 Cisco Cybersecurity Readiness Index Findings

Cybersecurity preparedness remains alarmingly low in Europe as 69% of European respondents (71% globally) anticipate business disruptions from cyber incidents within the next 12 to 24 months.

• AI’s Expanding Role in Cybersecurity: An impressive 84% of organizations use AI to understand threats better, 81% for threat detection, and 64% for response and recovery, underscoring AI’s vital role in strengthening cybersecurity strategies.
• GenAI Deployment Risks: GenAI tools are widely adopted, with 54% of employees using approved third-party tools. However, 21% have unrestricted access to public GenAI, and 69% of IT teams are unaware of employee interactions with GenAI, underscoring major oversight challenges.
• Shadow AI Concerns: 65% of organizations lack confidence in detecting unregulated AI deployments, or shadow AI, posing significant cybersecurity and data privacy risks.
• Talent Shortage Impedes Progress: A staggering 82% of respondents identify the shortage of skilled cybersecurity professionals as a major challenge, with 50% reporting more than ten positions to fill.
• Investment Priorities Shift: While 96% of organizations plan to upgrade their IT infrastructure, only 39% allocate more than 10% of their IT budget to cybersecurity, emphasizing a critical need for more focused investment in comprehensive defense strategies, which is incredibly important as threats are not slowing.
• Unmanaged Device Vulnerability: Within hybrid work models, 81% of organizations face increased security risks as employees access networks from unmanaged devices, further exacerbated by using unapproved Gen AI tools.
• Complex Security Postures: Over 72% of organizations report that their complex security infrastructures, dominated by the deployment of more than ten point security solutions, are impeding their ability to respond swiftly and effectively to threats.

AI is reshaping the world, introducing risks of a magnitude never before encountered—challenging infrastructures and those who defend it.

Cisco’s report highlights the critical gaps in security readiness and an alarming complacency in addressing them. Organizations must rethink their strategies to remain relevant and secure in the AI era.

How ready is your organization? Check the Cybersecurity Readiness Assessment Tool to find out.

Share: