According to Cisco’s 2025 Cybersecurity Readiness Index, only 5% of organisations in South Africa have achieved the ‘Mature’ level of readiness required to effectively withstand today’s cybersecurity threats. Unchanged from the 2024 Index, the report highlights that majority of companies remain in formative stage of security readiness, while facing new complexities such as hyperconnectivity and AI.
AI is revolutionising security and escalating threat levels, with nearly 9 in 10 organisations (87%) facing AI-related security incidents last year. However, only 59% of respondents are confident their employees fully understand AI related threats, and 61% believe their teams fully grasp how malicious actors are using AI to execute sophisticated attacks. This awareness gap leaves organisations critically exposed.
Fady Younes, Managing Director of Cybersecurity for Cisco Middle East & Africa says, “The speed at which AI is being weaponised by threat actors is outpacing traditional security approaches. Globally, we’re seeing that fragmented defences and under-resourced teams can’t match the scale or sophistication of today’s attacks. Organisations must shift from incremental upgrades to integrated, AI-native strategies that can defend at machine speed, anything less is no longer sustainable.”
AI is compounding an already challenging threat landscape. In the last year, over half of organisations (54%) suffered cyberattacks, hindered by complex security frameworks with siloed point solutions.
2025 Cisco Cybersecurity Readiness Index: Cybersecurity Readiness Remains Flat as AI Transforms the Industry
The Index evaluates companies’ readiness across five pillars—Identity Intelligence, Network Resilience, Machine Trustworthiness, Cloud Reinforcement, and AI Fortification— and encompassing 31 solutions and capabilities. Based on a double-blind survey of 8,000 private sector security and business leaders in 30 global markets including 150 businesses in South Africa, respondents detailed their deployment stages for each solution. Companies were then categorised into four readiness stages: Beginner, Formative, Progressive, and Mature.
Findings for South Africa
The lack of cybersecurity readiness is alarming as 22% of respondents anticipate business disruptions from cyber incidents within the next 12 to 24 months. Further:
· AI’s Expanding Role in Cybersecurity: An impressive 92% of organisations use AI to understand threats better, 89% for threat detection, and over 80% for response and recovery, underscoring AI’s vital role in strengthening cybersecurity strategies.
· GenAI Deployment Risks: GenAI tools are widely adopted, with 47% of employees using approved third-party tools. However, 21% have unrestricted access to public GenAI, and 40% of IT teams are unaware of employee interactions with GenAI, underscoring major oversight challenges.
· Unmanaged Device Vulnerability: Within hybrid work models, 75% of organisations face increased security risks as employees access networks from unmanaged devices, further exacerbated by using unapproved Gen AI tools.
· Investment priorities are shifting: While 30% of organisations plan to upgrade their IT infrastructure, only 8% allocate more than 10% of their IT budget to cybersecurity. This highlights the need for more focused investment in defence strategies as threats continue to rise.
· Complex Security Postures: Over 60% of organisations report that their complex security infrastructures, dominated by the deployment of more than ten point security solutions, are impeding their ability to respond swiftly and effectively to threats.
· Talent Shortage Impedes Progress: A staggering 78% of respondents identify the shortage of skilled cybersecurity professionals as a major challenge, with more than half reporting more than ten positions to fill.
Smangele Nkosi, General Manager at Cisco South Africa, concludes: “To meet today’s cybersecurity demands, organisations must prioritise AI-powered solutions, streamline their security architecture, and build greater awareness of AI-driven threats. It’s crucial to focus on AI for faster detection, response, and recovery — while also addressing talent shortages and mitigating risks from unmanaged devices and shadow AI.”
