Only 4% of UK firms have the tools in place to defend against today’s complex cyber threats, with 83% grappling with a shortage of skilled cybersecurity professionals as threat levels increase.
That is the damning conclusion of the 2025 Cisco Cybersecurity Readiness Index, which comes amid a spate of cyber-attacks against British retailers and a Government warning that firms must make cyber security an “absolute priority”.
The study is quick to point out that while artificial intelligence brings the promise of new possibilities in the fight against cyber-attacks, it also adds layers of complexity to an already complicated security landscape.
While 92% of UK organisations are already using AI in some form to detect or respond to various malware, the report found that over 78% have experienced security incidents related to AI within the past year.
Despite this, 65% of tech teams said they had little to no visibility into employee use of unapproved AI tools, raising concerns over so-called “shadow AI”.
Cisco Talos EMEA lead Martin Lee told City AM: “People love shiny new tech, and move faster than policy. We’re seeing employees putting confidential company data into AI systems without understanding where the data goes.
“The bad guys are there looking for ways in – and far too many organisations are sitting ducks. They have tools, they have a business model, they know how to make money.”
The report reveals that the skills crisis is compounding the problem, with nearly half of UK firms surveyed having over ten open cybersecurity roles. Compounding the issue, only 45% are allocating more than 10% of their IT budgets to cyber defence, down from 54% last year.
Lee added: “We’ve never had enough cyber professionals- and we never will. So, let’s get AI doing the simple stuff, and use our people for the things machines can’t do – like responding to complex incidents and making strategic decisions.”
The report also exposes the growing challenges related to security complexity, with over two thirds of businesses relying on over 10 disconnected security tools. This fragmentation can hinder response times and increase the risk of missed threats.
Meanwhile, 71% believe that a cybersecurity incident is likely to disrupt their organisation’s business within the next 12 to 24 months yet only 34% feel very confident in the resilience of their organisation’s current cybersecurity infrastructure against attacks.
Lee concluded: “The biggest advice I can give to businesses is to get to basics right. Cyber criminals are looking for the easiest route in – and if you’re better prepared, they’ll move on to someone else.”
Related stories
Govt wades in as Co-op and M&S cyber attacks escalate
M&S online shopping ad blitz ‘adding insult to injury’
M&S woes continue as hack attack enters second week
M&S halts click & collect as ‘cyber incident’ continues
Experts wade in as M&S plays down ‘cyber incident’
Ransomware fine fuels security warning to all UK firms
Be the first to comment on "Just 4% of UK businesses able to fend off cyber-attacks"