Today’s threat terrain is more complicated than ever. Cisco’s 2025 Cybersecurity Readiness Index is a wake-up call for every security practitioner in this regard. The annual survey reveals that only 7% of organisations in India have achieved a mature level of cybersecurity readiness, up from 4% last year. Despite this modest improvement, overall preparedness remains low as organisations continue to face mounting challenges from hyper-connectivity and emerging technologies such as AI.
It is a common perception that Indian organisations are increasingly aware of cybersecurity risks. However, as cyberattacks grow in scale and sophistication, the risks now extend far beyond data loss — organisations face operational disruption, damage to brand reputation, and erosion of customer trust. Cisco’s report indicates that while cybersecurity is a top concern for Indian firms, only a small percentage are truly prepared to defend against modern threats. This suggests a growing understanding of the risk, but a significant gap in actual preparedness.
In fact, this lack of readiness is substantial despite almost 81% of Indian respondents believing a cybersecurity incident will disrupt their business in the next 12-24 months. In the last year, more than half of organisations (57%) suffered cyberattacks, hindered by complex security frameworks with disparate point solutions, the Cisco report said.
Moreover, businesses continue to struggle with the complexities introduced by AI, with 95% having experienced AI-related security incidents in the last year. Only 66% of respondents are confident their employees fully understand AI related threats, and 63% believe their teams fully grasp how malicious actors are using AI to execute sophisticated attacks. Also, the lack of skilled professionals remains an issue. Compounding the problem, many of these positions remain unfilled.
There are also concerns around shadow AI. This pertains to the unsanctioned or unauthorised use of AI tools and technologies within an organisation without the formal approval or oversight of the IT department or security teams. This includes employees using generative AI tools, large language models, or machine learning models for various tasks, often without understanding the security or compliance implications. As per the Cisco report, 45% of organisations in India lack confidence in detecting unregulated AI deployments, posing significant cybersecurity and data privacy risks.
“AI is one of the fastest growing technologies in history and I believe it will truly be a net positive for society and the economy,” said Cisco chief product officer Jeetu Patel. “But as inspiring and exciting as AI is, it also presents us with the hardest challenge in the history of cybersecurity. As AI transforms the enterprise, we are dealing with an entirely new class of risks at unprecedented scale —putting even more pressure on our infrastructure and those who defend it,” he emphasised.
How do we keep ourselves secure in the AI world? “At Cisco, we have launched a range of innovations designed to help enterprises equip their incredibly overworked and understaffed cybersecurity teams with the AI tools they need to protect their companies in this AI era,”said Patel. “With AI, a security breach isn’t just about someone stealing private data or shutting down a system anymore. Now, it’s about the core intelligence driving your business being compromised,” he added.
The silver lining is that Indian firms are ahead in leveraging AI for network security, with 55% integrating AI into their network resilience strategies, compared to 46% globally. They are also outpacing the global average in integrating AI for cybersecurity, with 55% significantly using AI in their capabilities compared to 46% globally — reflecting a stronger adoption of intelligent defense mechanisms. India leads in AI-driven threat intelligence, with 96% of organisations using AI technologies like GenAI to understand threats – surpassing the global average of 89%.
Still, this year’s Cybersecurity Readiness Index reveals a widening gap between the pace of threats and the preparedness of businesses. Samir Kumar Mishra, director, Security Business, Cisco India & Saarc, told FE: “To close this gap, organisations must adopt unified, AI-driven security platforms that automate threat detection and response.” Addressing the talent shortage and mitigating risks from unmanaged devices and shadow AI will be equally critical to building resilience and safeguarding trust in an increasingly digital world, he added.
