Cybersecurity in Crisis: Just 3% of Malaysian Firms Ready for AI-Driven Threats, Cisco Warns

Only 3% of organisations in Malaysia have reached the ‘Mature’ level of cybersecurity readiness needed to defend against today’s evolving threats, according to Cisco’s 2025 Cybersecurity Readiness Index.

This marks a marginal increase from last year’s 2%, underscoring a persistent gap in preparedness as AI and hyperconnectivity redefine the threat landscape.

AI is proving to be both a powerful tool and a formidable threat. While 93% of organisations experienced AI-related security incidents in the past year, less than half of Malaysian respondents believe their teams fully understand how AI is being exploited by malicious actors. This lack of awareness is leaving critical vulnerabilities wide open.

More than half of organisations (57%) reported suffering cyberattacks over the last 12 months, often due to fragmented security setups and outdated frameworks.

Looking ahead, companies view external threats—ranging from cybercriminals to state-backed hackers—as more pressing than internal vulnerabilities, highlighting the urgent need for coordinated and streamlined defense strategies.

“As AI transforms the enterprise, we are dealing with an entirely new class of risks at unprecedented scale—putting even more pressure on our infrastructure and those who defend it,” said Jeetu Patel, Cisco’s Chief Product Officer.

“This year’s report reveals not only readiness gaps but also a troubling lack of urgency to address them.”

Cisco’s Index evaluates cybersecurity readiness across five core pillars: Identity Intelligence, Network Resilience, Machine Trustworthiness, Cloud Reinforcement, and AI Fortification.

It categorises organisations into four stages—Beginner, Formative, Progressive, and Mature—based on their deployment of 31 key solutions, drawn from a global survey of 8,000 security and business leaders in 30 markets.

In Malaysia, 77% of respondents anticipate cyber incidents will disrupt their business within the next one to two years. While many are turning to AI as part of their defense—93% use AI for threat understanding, 83% for detection, and 69% for response—serious challenges remain:

• Unchecked GenAI Use: 44% of employees use approved GenAI tools, but 25% access public tools without restriction. Alarmingly, 61% of IT teams are unaware of these activities.
• Shadow AI Risk: 67% of organizations are not confident in detecting shadow AI—unauthorized or unmanaged AI deployments that heighten data and cybersecurity risks.
• Device Vulnerabilities: Hybrid work environments have amplified risks, with 87% citing threats from employees using unmanaged devices.
• Budget Misalignment: Despite 96% planning IT infrastructure upgrades, only 44% dedicate over 10% of their IT budget to cybersecurity—a sharp 14-point drop from last year.
• Overcomplexity: 83% report that having more than 10 point security solutions is slowing their threat response.
• Talent Shortage: 84% struggle to fill skilled cybersecurity roles, with nearly half reporting more than 10 vacancies.

To navigate this rapidly shifting landscape, Cisco urges organisations to simplify security architectures, invest in AI-driven solutions, and strengthen employee awareness of AI-based threats. Greater focus on managing unmanaged devices and shadow AI is also critical.

“AI opens up new possibilities but also adds complexity to an already challenging security landscape,” said Tay Bee Kheng, President of Cisco ASEAN. “Organisations in Malaysia must rethink their cybersecurity approach—one that not only harnesses AI for defense but also secures AI itself.”

The message is clear: without bold changes, Malaysia’s cybersecurity posture may remain dangerously behind as AI continues to transform the digital battlefield.