In 2025, 3% of Polish companies will have reached a mature level of readiness for cyber threats; that is 2% more than a year earlier – according to a Cisco report. As indicated, 86% of organizations have experienced incidents related to AI. Companies are also struggling with, among other things, a shortage of cybersecurity specialists.
The level of readiness of companies in Poland for cyber threats “remains low” – assessed the authors of the Cisco Cybersecurity Readiness Index 2025 report. As indicated in the press release, “only” 3% of organizations have achieved the highest, i.e. mature level of readiness , necessary for effective defense against modern cyber threats. This is 2% more than in 2024 – it was added. The global average is 4%.
15% of companies in Poland are at a beginner level , one in five (20%) at an advanced level, and over half at an intermediate level (62%). In 2024, 12% of Polish companies were characterized by a beginner level of cyber readiness, which means that their number increased year-on-year. “This is not necessarily due to the fact that these organizations have lost their level of security, but to the fact that they are standing still because they have not yet managed to develop solutions that will protect them from new challenges, for example those related to AI,” assessed Marcin Klimowski from Cisco during a press conference.
As indicated in the report, generative artificial intelligence (GenAI) tools are widely used in Polish companies. 26% of employees in our country have unlimited access to public GenAI (world average is 22%), and 46% use external tools approved by the company (51% globally). At the same time, 63% of Polish IT teams have no knowledge of employee interactions with GenAI, which, according to the authors, reveals significant deficiencies in supervision. The same percentage of organizations (63%) are not sure whether they can detect unauthorized AI implementations, which – as noted – poses a serious risk to data security and privacy.
During the year, 86% of Polish companies experienced AI-related incidents in the last year , according to the report. These risks are divided into two categories: security (e.g. hacking by cybercriminals through poorly implemented AI tools) and safety (e.g. disclosure of confidential data to chatbots or misuse of AI-generated content by employees), explained Marcin Klimowski. 31% of Polish companies reported theft or unauthorized access to an AI model, and 28% reported AI-assisted social engineering attacks. As Marcin Klimowski explained, they consist of, among other things, advanced phishing, i.e. creating personalized, fake emails to extort data. 41% of companies also experienced attempts to so-called poison data used to train models, i.e. introducing false information into them.
As emphasized in the report, AI creates not only threats for companies, but also opportunities to strengthen cybersecurity. The majority of surveyed organizations (86%) use AI to better understand threats and to detect dangers. AI also helps companies restore systems to operation after attacks (73%), helps respond to threats (63%), assess security policies (73%) and recommend them (65%). For 59% of organizations, the introduction of AI also forced the introduction of such a policy.
“The challenges of AI are compounding the already enormous difficulties of protecting the hybrid workforce,” the report said. These problems include employees using unsecured devices on corporate networks (indicated by 88 percent of respondents). One in five employees (20 percent) logs into six different networks per week to do their job. Another problem is the overload of corporate cybersecurity alerts. According to the report, 64 percent of companies have 10 or more security solutions. At the same time, 74 percent of respondents indicated that having too many solutions slowed their teams' ability to detect and respond to incidents or otherwise weakened cybersecurity.
Another unresolved challenge – according to the authors of the report – remains the shortage of cybersecurity specialists in companies. This problem was indicated by 79% of respondents, and every second company in Poland (57%) has more than 10% of positions in cybersecurity teams unfilled.
Among the positive trends, Cisco noted a 3% increase in IT budgets in Polish companies for cybersecurity year-on-year. The opposite trend is observed worldwide – a “significant” decrease (8%) was noted in the number of companies that allocate more than 10% of their IT budget to these issues – it was noted.
The Cisco Cybersecurity Readiness Index report is based on a double-blind survey conducted in January and February 2025 among 8,000 security and business leaders in 30 markets, including Poland, where 150 companies were surveyed. (PAP)
mbl/ drag/
