90 percent of companies worldwide are not protected against AI cyber threats

While artificial intelligence (AI) is fundamentally changing the business world, the vast majority of companies (90 percent) are not adequately protected against new AI cyber threats. This is according to the latest study by the consulting firm Accenture "State of Cybersecurity Resilience 2025". Particularly alarming: almost two-thirds (63 percent) of companies worldwide are in the so-called exposed zone. This means they lack both a coherent security strategy to counter cyber threats and the necessary technical capabilities to do so.

Accenture's study is based on a global survey of 2,286 executives from cybersecurity and technology departments of large companies. The results clearly show: the rapid spread of AI has made cyber threats not only more numerous but also significantly faster and more sophisticated. The demands far exceed what companies' cybersecurity departments can currently handle. Over three-quarters of companies (77 percent) do not have the basic data and AI security tools needed to effectively protect core business models, data interfaces, and cloud infrastructures.

Plan security proactively

“Companies today are under enormous pressure. Increasing geopolitical tensions, economic uncertainties, and ever more complex operating environments are encountering a new wave of AI-driven cyberattacks. This makes them more vulnerable than ever to digital threats. Our report is a clear wake-up call: cybersecurity must not be addressed only in hindsight. It must be an integral part of every AI initiative from the outset,” explains Thomas Schumacher, head of the security business unit at Accenture DACH. “A proactive security approach around the use and development of AI tools not only gives companies a competitive advantage but also strengthens customer trust - making cybersecurity a real success factor.”

The time for such an approach is pressing, because despite the rapid pace at which companies are adopting AI, only 22 percent have so far established clear guidelines and training for the use of generative AI. A complete overview of the AI systems in use is also lacking in most cases - yet this overview is crucial for effectively managing supply chain risks and correctly assessing cyber threats in advance. The situation is similarly critical when it comes to data protection: only a quarter of companies consistently use encryption and access controls to protect sensitive data.

“The rapid development of generative AI is fundamentally changing the rules of cybersecurity, bringing new challenges but also great opportunities,” adds Schumacher. “Those who design AI systems securely from the outset, continuously monitor them, and regularly update them can stay one step ahead of dangerous threats. Cyber resilience today means, above all, being able to react quickly and having confidence in one's own ability to act.”

Three maturity levels in cybersecurity

The study clearly shows: there is still a great need for improvement worldwide in terms of cybersecurity. There is a dangerous gap between the security demands of many companies and their actual readiness to implement security measures. Only eleven percent of European companies (compared to 14 percent of North American companies) have a mature security strategy. In Latin America, 77 percent of companies lack a basic security structure. And in the Asia-Pacific region, 71 percent of companies are in the exposed zone - associated with significant operational and financial risks.

The study distinguishes three maturity levels in cybersecurity - depending on strategy and technical implementation:

• “Reinvention Ready Zone” (10%): These pioneers have an adaptable and resilient security architecture that continuously adapts to new threats. They are well positioned to keep pace with the dynamic threat landscape of cyberattacks.
• “Progressing Zone” (27%): Companies in this group have already made progress but struggle with strategic alignment and consistent implementation of their security measures.
• “Exposed Zone” (63%): The majority of companies fall into this category. They are inadequately prepared for cyberattacks and often only react when threats have already occurred. The challenges are further exacerbated by the increasing complexity of AI systems and global risk factors.

Four ways to enhance cybersecurity in the AI era

• For companies in the “Reinvention Ready Zone”, it is 69% less likely to be affected by advanced cyberattacks. They are 1.5 times more effective at successfully defending against such cyberattacks. Additionally, they have 1.3 times more transparency in their IT and OT environments, have reduced their technical debt by eight percent, and report a 15% increase in customer trust. This clearly shows how stronger cybersecurity practices promote both resilience and business success.

  Companies reach the 'reinvention ready zone' in four ways:

  1. Develop a tailored security and governance model: Companies should create a security framework and operating model that meets the challenges of an AI-disruptive world. The aim is to define clear responsibilities and align AI security with regulatory requirements and business goals.
  2. Design a digital core: The digital core of a company should be designed so that generative AI is secure from the outset (security by design). This is achieved by consistently embedding security measures in the development, implementation, and operation of AI systems.
  3. Build and maintain resilient AI systems: It is important to create stable and secure foundations for AI that can detect new threats early, enable testing of AI models, and support quick and effective responses to cyberattacks.
  4. Rethink cybersecurity with generative AI: Companies should use generative AI specifically to automate security processes, strengthen defence mechanisms, and detect threats more quickly.