Cybersecurity Readiness 2025: Between AI euphoria and security risk

The new ‘Cybersecurity Readiness Index 2025’ from Cisco paints an alarming picture: companies in Germany and Europe are less prepared for cyber threats than they were in 2024 – at the same time, the danger posed by AI in particular is constantly increasing.

The Cisco Cybersecurity Readiness Index is an annual report that assesses the ability of organisations worldwide to counter current and future cyber threats. The latest edition, the 2025 Cybersecurity Readiness Index, is based on a survey of approximately 8,000 business and security leaders from 30 countries. The index serves as a benchmarking tool to measure the maturity of organisations’ cybersecurity strategies. It helps organisations to evaluate their security measures and identify areas for improvement.

Significant decline in safety maturity

In Germany, only 1.65% of companies still achieve the highest level of maturity – a dramatic fall from 11% in the previous year. The situation is hardly any better across Europe: Only 9% of companies are considered to be well prepared for the current threat scenarios. One of the reasons for this is the rapid technological development and an increasingly complex threat situation that many companies are unable to keep up with.

AI threats are increasing rapidly

AI-supported attacks in particular pose a new challenge:

• 86% of European companies report security incidents related to artificial intelligence.
• Only 45% have the necessary internal resources to conduct AI security assessments.
• In Germany, 55% report cyberattacks in the last year – half of which caused damage of over 300,000 US dollars.

A deceptive sense of security

Despite these developments, 82% of the German companies surveyed consider themselves to be ‘well’ or ‘very well’ positioned in terms of cyber security – a dangerous fallacy. Cloud security and identity management scored particularly poorly, with only 15% of companies able to demonstrate mature protection.

What companies need to do now

We advise companies to put their cybersecurity strategy to the test and carry out specific audits, penetration tests and emergency drills in order to realistically assess and specifically improve their technical and organisational resilience.

In addition, it is essential to strategically reorganise our own security architecture and set the following priorities:

• Modernise cloud and identity protection – especially in areas where there is currently the greatest need to catch up.
• Address AI risks in a targeted manner – through the targeted development of internal skills and the integration of specialised external expertise.
• Use security budgets strategically – instead of investing in reactive individual solutions, investments should be focussed on sustainable, integrated security concepts.
• Actively involve and train employees – because despite all the technology, people remain the decisive factor in the security chain.

Only those who act now and make cyber security a top priority will be able to withstand the increasing demands and make their organisation resilient in the long term – technologically, organisationally and culturally.

Conclusion

The threat situation has worsened significantly since 2024. While attacks are becoming more sophisticated and automated, the actual resilience of many organisations is decreasing. Those who fail to act now risk not only high costs, but also the loss of trust and business continuity.