Swedish companies' cybersecurity preparedness has essentially stagnated over the past year, despite increasingly sophisticated threats and a dramatic rise in AI-driven attacks.
Det visar Ciscos nya rapport Cybersecurity Readiness Index 2025, som bygger på en omfattande undersökning av 8 000 företag globalt.
Alarming stagnation in security maturity
Only 6 percent of Swedish companies are classified as “mature” in cybersecurity—a slight increase from 1 percent the previous year. Meanwhile, 67 percent remain in the two lowest categories, indicating significant gaps in their security defenses.
“It is deeply concerning to see how little progress has been made, especially when we see how rapidly the threat landscape is evolving with AI as both a weapon and a target,” writes Emanuel Lipschütz.
AI – both a solution and a problem
The report reveals a strange paradox: while 86 percent of business leaders report experiencing at least one AI-related security incident in the past year, only 10 percent consider AI the most challenging aspect of their security infrastructure.
The most common AI-related attacks include:
- Theft of AI models or unauthorized access (43%)
- AI-enhanced social engineering (42%)
- Data poisoning attempts (38%)
Particularly concerning is that only 49 percent of respondents believe their employees fully understand AI-related cybersecurity threats. Meanwhile, 22 percent of companies have unrestricted access to public AI tools like ChatGPT, creating significant security risks.
Shadow AI becomes a growing problem
A new phenomenon highlighted by the report is “shadow AI”—the use of unapproved AI tools within organizations. A full 60 percent of IT teams say they cannot see what specific prompts or queries employees make in AI tools, and an equal number lack the ability to identify the use of unapproved AI tools.
The five pillars show mixed results
Cisco’s report measures cybersecurity maturity across five key areas:
- Identity Intelligence (9% mature) – Managing identities and access remains a critical weakness, especially in times of hybrid work and AI-driven deepfakes.
- Machine Trustworthiness (13% mature) – Some improvement is seen here, but the challenge of securing all connected devices in the IoT landscape persists.
- Network Resilience (3% mature) – Alarmingly, this area has actually deteriorated, with companies losing ground in their network protection.
- Cloud Reinforcement (5% mature) – Despite massive cloud migration, security lags behind, creating dangerous gaps.
- AI Fortification (5% mature) – The newest area shows that companies struggle to understand and protect against AI-related threats.
Budgets increase but fall short
Positivt nog planerar 96 procent av svenska företag att uppgradera sin IT-infrastruktur inom två år, och 90 procent av företagen globalt har ökat sina cybersäkerhetsbudgetar. Men takten är för långsam – medan 93 procent rapporterade budgetökningar på minst 10 procent det senaste året, förväntar sig endast 87 procent liknande ökningar framöver.
The way forward
The report highlights several critical actions Swedish companies must take:
- Develop a robust AI security strategy that both protects AI usage and secures the underlying models.
- Implement a Zero Trust architecture to verify every user and device.
- Prioritize network resilience and move beyond partial implementation.
- Invest in unified security solutions instead of fragmented strategies.
With cyber attacks becoming increasingly sophisticated and AI both enabling new defenses and creating new vulnerabilities, Swedish companies have no time to lose. The digital transformation won’t wait for security to catch up.