This is shown by Cisco's new report, Cybersecurity Readiness Index 2025, based on an extensive survey of 8,000 companies globally.
Alarming stagnation in security maturity
Only 6 percent of Swedish companies are classified as “mature” in cybersecurity—a slight increase from 1 percent the previous year. Meanwhile, 67 percent remain in the two lowest categories, indicating significant gaps in their security defenses.
“It is deeply concerning to see how little progress has been made, especially when we see how rapidly the threat landscape is evolving with AI as both a weapon and a target,” writes Emanuel Lipschütz.
AI – both a solution and a problem
The report reveals a strange paradox: while 86 percent of business leaders report experiencing at least one AI-related security incident in the past year, only 10 percent consider AI the most challenging aspect of their security infrastructure.
The most common AI-related attacks include:
- Theft of AI models or unauthorized access (43%)
- AI-enhanced social engineering (42%)
- Data poisoning attempts (38%)
Particularly concerning is that only 49 percent of respondents believe their employees fully understand AI-related cybersecurity threats. Meanwhile, 22 percent of companies have unrestricted access to public AI tools like ChatGPT, creating significant security risks.
Shadow AI becomes a growing problem
A new phenomenon highlighted by the report is “shadow AI”—the use of unapproved AI tools within organizations. A full 60 percent of IT teams say they cannot see what specific prompts or queries employees make in AI tools, and an equal number lack the ability to identify the use of unapproved AI tools.
The five pillars show mixed results
Cisco’s report measures cybersecurity maturity across five key areas:
- Identity Intelligence (9% mature) – Managing identities and access remains a critical weakness, especially in times of hybrid work and AI-driven deepfakes.
- Machine Trustworthiness (13% mature) – Some improvement is seen here, but the challenge of securing all connected devices in the IoT landscape persists.
- Network Resilience (3% mature) – Alarmingly, this area has actually deteriorated, with companies losing ground in their network protection.
- Cloud Reinforcement (5% mature) – Despite massive cloud migration, security lags behind, creating dangerous gaps.
- AI Fortification (5% mature) – The newest area shows that companies struggle to understand and protect against AI-related threats.
Budgets increase but fall short
On a positive note, 96 percent of Swedish companies plan to upgrade their IT infrastructure within two years, and 90 percent of companies globally have increased their cybersecurity budgets. However, the pace is too slow—while 93 percent reported budget increases of at least 10 percent in the past year, only 87 percent expect similar increases moving forward.
The way forward
The report highlights several critical actions Swedish companies must take:
- Develop a robust AI security strategy that both protects AI usage and secures the underlying models.
- Implement a Zero Trust architecture to verify every user and device.
- Prioritize network resilience and move beyond partial implementation.
- Invest in unified security solutions instead of fragmented strategies.
With cyber attacks becoming increasingly sophisticated and AI both enabling new defenses and creating new vulnerabilities, Swedish companies have no time to lose. The digital transformation won’t wait for security to catch up.