Only 5% of organisations in the Asia-Pacific region including Japan and China (APJC) have achieved the ‘Mature’ level of readiness required to effectively withstand today’s cybersecurity threats.
This is according to Cisco’s 2025 Cybersecurity Readiness Index, which is based on a double-blind survey of 8,000 business leaders who have cybersecurity responsibilities in their companies. The companies cover 30 territories in North America, Latin America, EMEA and APAC, including Singapore.
This is a slight increase from last year’s Index, in which 4% of organisations in APJC were designated as Mature. This demonstrates that despite a slight improvement from last year, cybersecurity preparedness remains low as hyperconnectivity and AI introduce new complexities for security practitioners.
AI is revolutionizing security and escalating threat levels, with 90% OF organizations facing AI- related security incidents last year.
However, only 51% of respondents are confident their employees fully understand AI related threats, and 49% believe their teams fully grasp how malicious actors are using AI to execute sophisticated attacks. This awareness gap leaves organizations critically exposed.
Also, AI is compounding an already challenging threat landscape. In the last year, more than half (56%) of organisations suffered cyberattacks, hindered by complex security frameworks with disparate point solutions.
Looking forward, respondents view external threats like malicious actors and state-affiliated groups (57%) as more significant to their organizations than internal threats (43%), underscoring the urgent need for streamlined defense strategies to thwart external attacks.
“As AI transforms the enterprise, we are dealing with an entirely new class of risks at unprecedented scale – putting even more pressure on our infrastructure and those who defend it,” said Cisco chief product officer Jeetu Patel.
Findings show that 79% of respondents anticipate business disruptions from cyber incidents within the next 12 to 24 months.
Among organisations, 92% use AI to understand threats better, 87% for threat detection, and 73% for response and recovery, underscoring AI’s vital role in strengthening cybersecurity strategies.
Generative AI tools are widely adopted, with organisations across APJC saying that 50% of their employees are using approved third-party tools.
However, 23% have unrestricted access to public generative AI, and 55% of IT teams are unaware of employee interactions with generative AI, underscoring major oversight challenges.
Further, 60% of organisations lack confidence in detecting unregulated AI deployments, or shadow AI, posing significant cybersecurity and data privacy risks.
Within hybrid work models, 88% of organisations face increased security risks as employees access networks from unmanaged devices, further exacerbated by using unapproved generative AI tools.
While 97% of organisations plan to upgrade their IT infrastructure, only 48% allocate more than 10% of their IT budget to cybersecurity, compared to 55% in 2024.
This highlights a critical need for more focused investment in comprehensive defense strategies, which is incredibly important as threats are not slowing.
Moreover, 83% of organisations report that their complex security infrastructures, dominated by the deployment of more than 10 point security solutions, are impeding their ability to respond swiftly and effectively to threats.
Among respondents, 90% identify the shortage of skilled cybersecurity professionals as a major challenge, with more than half (57%) reporting more than 10 positions to fill.
In Singapore, the proportion is slightly higher, with 91% highlighting the talent shortage as a major challenge and 61% reporting more than 10 open roles.
