14 August 2025 – As artificial intelligence (AI) sweeps across industries, a startling majority around 90% of organisations admit they are not ready to defend against AI-driven cyber-attacks. A recent global survey of 2,286 executives, primarily CISOs and CIOs from billion-dollar companies spanning 24 industries and 17 regions, reveals where AI ambitions collide with cybersecurity shortcomings.
Readiness Gaps and Policies Ignored
- Only 22% of companies have formal policies or training around generative AI use.
- Just 25% fully leverage encryption and access controls to safeguard sensitive information.
- Few organisations maintain a comprehensive inventory of AI systems critical for managing supply chain risks.
- Readiness varies by region: only 14% in North America and 11% in Europe have mature AI-security postures, while 71% in Asia-Pacific and 77% in Latin America remain in an “Exposed Zone.”
In this context, the “Exposed Zone” refers to organisations with low AI-security maturity-lacking the essential capabilities, governance, and defences required to counter AI-enabled threats. It does not mean the remaining percentage is fully prepared; many are still in intermediate readiness stages.
Experts caution that AI must be designed with security at its core and continuously monitored to stay ahead of evolving threats. They also stress that cybersecurity should be treated as a strategic enabler, not an afterthought.
Why the Gap Persists?
The speed of AI adoption has outstripped the pace of security adaptation, leaving critical vulnerabilities unaddressed. Limited policies, skills shortages, and outdated security models make it difficult for organisations to keep up with evolving AI-driven threats.
1. Rapid AI Adoption Outpacing Security
Over one-third of executives believe AI is advancing faster than their organisations’ security capabilities can keep up. Many lack clear governance frameworks, leaving them vulnerable to sophisticated AI-powered attacks.
2. Workforce & Tooling Challenges
- More than half of organisations have no dedicated strategy to counter AI-driven threats.
- Skills shortages, insufficient training, and limited access to modern AI-enabled security tools hinder readiness.
- In some regions, infrastructure limitations-such as outdated devices incapable of supporting AI securely pose additional risks.
3. Emerging Threats Escalating Risk
AI is increasingly being used by cybercriminals for advanced phishing, deepfakes, automated reconnaissance and malware generation. While some organisations are exploring AI-driven tools for defense, concerns remain about excessive autonomy without human oversight.
4. Strategic & Regulatory Misalignment
Traditional security models often fail to address AI’s dynamic nature. Experts are urging a shift toward adaptive, behaviour-aware security frameworks that account for real-time learning and model drift, alongside proactive measures like penetration testing and red teaming.
The Road to Resilience: What Must Be Done
Organisations must embed security by design, adopt adaptive frameworks, train their workforce, and proactively test defences to stay ahead of AI-enabled threats. To bridge the gap between innovation and security, organisations should:
- Embed Security by Design: Build AI systems with strong security foundations, backed by clear policies and asset inventories.
- Adopt Adaptive Frameworks: Use dynamic, explainable AI, zero-trust models, and continuous threat modelling.
- Bolster Workforce Readiness: Train teams, hire specialised talent, and leverage managed security services.
- Leverage AI for Defense: Deploy AI to enhance threat detection and response, while keeping human oversight in place.
- Prioritise Governance & Awareness: Educate leadership and staff on emerging AI risks and safe practices.
- Simulate & Test Proactively: Conduct regular security drills and offensive testing to uncover vulnerabilities before attackers do.
Final Word
The findings serve as a clear warning: AI adoption without equally advanced security measures is a direct path to heightened cyber vulnerability. As AI continues to reshape industries, the race is on-not just for innovation, but for resilience.