Cisco’s 2025 Cybersecurity Readiness Index Finds Alarming Deficiencies in Security Readiness in Malaysia

According to Cisco‘s 2025 Cybersecurity Readiness Index, only 3% of organisations in Malaysia have achieved the ‘Mature’ level of readiness required to effectively withstand today’s cybersecurity threats. This is a slight increase from last year’s Index, in which 2% of organisations in Malaysia were designated as Mature. This demonstrates that despite a slight improvement from last year, cybersecurity preparedness remains low as hyperconnectivity and Artificial Intelligence (AI) introduces new complexities for security practitioners.

Artificial Intelligence is revolutionising security and escalating threat levels, with 9 in 10 organisations (93%) facing AI-related security incidents last year. However, the 2025 Cybersecurity Readiness Index found that only 51% of respondents are confident their employees fully understand AI related threats, and 49% believe their teams fully grasp how malicious actors are using AI to execute sophisticated attacks. This awareness gap leaves organisations critically exposed.

This means AI is compounding an already challenging threat landscape. In the last year, more than half of organisations (57%) suffered cyberattacks, hindered by complex security frameworks with disparate point solutions. Looking forward, respondents view external threats like malicious actors and state-affiliated groups (47%) as more significant to their organisations than internal threats (53%), underscoring the urgent need for streamlined defence strategies to thwart external attacks.

“As AI transforms the enterprise, we are dealing with an entirely new class of risks at unprecedented scale – putting even more pressure on our infrastructure and those who defend it,” said Cisco Chief Product Officer Jeetu Patel. “This year’s report continues to reveal alarming gaps in security readiness and a lack of urgency to address them. Organisations must rethink their strategies now or risk becoming irrelevant in the AI era.”

2025 Cybersecurity Readiness Index: Cybersecurity Readiness Remains Low as AI Transforms the Industry

The 2025 Cybersecurity Readiness Index evaluates companies’ readiness across five pillars—Identity Intelligence, Network Resilience, Machine Trustworthiness, Cloud Reinforcement, and AI Fortification. It encompasses 31 solutions and capabilities. Based on a double-blind survey of 8,000 private sector security and business leaders in 30 global markets, respondents detailed their deployment stages for each solution. Companies were then categorised into four readiness stages: Beginner, Formative, Progressive, and Mature.

Findings of the 2025 Cybersecurity Readiness Index

The lack of cybersecurity readiness in Malaysia is alarming as 77% of respondents, according to the 2025 Cybersecurity Readiness Index, anticipate business disruptions from cyber incidents within the next 12 to 24 months. Further:

• AI’s Expanding Role in Cybersecurity: An impressive 93% of organisations use AI to understand threats better, 83% for threat detection, and 69% for response and recovery, underscoring AI’s vital role in strengthening cybersecurity strategies.
• GenAI Deployment Risks: GenAI tools are widely adopted, with organisations in Malaysia saying that 44% of their employees are using approved third-party tools. However, 25% have unrestricted access to public GenAI, and 61% of IT teams are unaware of employee interactions with GenAI, underscoring major oversight challenges.
• Shadow AI Concerns: 67% of organisations lack confidence in detecting unregulated AI deployments, or shadow AI, posing significant cybersecurity and data privacy risks.
• Unmanaged Device Vulnerability: Within hybrid work models, 87% of organisations face increased security risks as employees access networks from unmanaged devices, further exacerbated by using unapproved Gen AI tools.
• Investment Priorities Shift: While 96% of organisations plan to upgrade their IT infrastructure, only 44% allocate more than 10% of their IT budget to cybersecurity (down 14% year-over-year), emphasising a critical need for more focused investment in comprehensive defence strategies, which is incredibly important as threats are not slowing.
• Complex Security Postures: 83% of organisations report that their complex security infrastructures, dominated by the deployment of more than 10 point security solutions, are impeding their ability to respond swiftly and effectively to threats.
• Talent Shortage Impedes Progress: A staggering 84% of respondents identify the shortage of skilled cybersecurity professionals as a major challenge, with 49% reporting more than ten positions to fill.

To tackle today’s cybersecurity challenges, organisations must invest in AI-driven solutions, simplify security infrastructures, and enhance AI threat awareness. Prioritising AI for threat detection, response, and recovery is essential, as is addressing talent shortages and managing risks from unmanaged devices and shadow AI.

“AI opens up new possibilities but also adds complexity to an already challenging security landscape. Over the past year, we have seen companies worldwide, including those in Malaysia, continue to grapple with evolving threats like the rise of shadow AI, talent shortages, and complex security infrastructures. This underscores the need for a different approach to security— one that not only leverages AI for security but also ensures AI itself is secure and scalable,” said Tay Bee Kheng, President at Cisco ASEAN, about the results and recommendations of the 2025 Cybersecurity Readiness Index.