AI cybersecurity readiness remains low globally as 90% of firms face elevated threat risks

Only a fraction of organisations have achieved readiness for evolving AI-driven cyber risks, concludes a new study from Accenture. (Photo: DC Studio/Shutterstock)

Just 10% of large companies globally are currently positioned to defend against cybersecurity risks intensified by widespread AI adoption, says new research. According to a report by Accenture, 90% of surveyed enterprises lack the necessary maturity to manage AI-augmented threats effectively.

According to the consultancy, 63% of respondents fall within what the report identifies as the “Exposed Zone.” These organisations are defined by limited security coordination and insufficient technical capabilities. The findings are based on an online survey conducted between late October and December 2024. It covered 2,286 cybersecurity and IT leaders from large companies operating across 24 sectors in 17 countries, each generating over $1bn in annual revenue.

“The rapid advancement of gen AI represents a profound paradigm shift in cybersecurity, bringing unique challenges and opportunities,” said Accenture’s global data and AI security lead, Daniel Kendzior. “By designing AI systems with security at their core and continuously monitoring and updating them, organisations can stay ahead of the most critical threats.”

The report highlights that 77% of companies have not implemented the foundational security measures required to protect data pipelines, cloud infrastructure and machine learning models. Additionally, only 25% of firms report using full encryption methods and access controls to safeguard sensitive data.

Despite rapid growth in generative AI deployment, only 22% of enterprises have introduced clear policies or conducted internal training related to AI usage. The lack of system inventories further hinders security efforts, particularly in managing AI supply chain risks. According to the research, this shortfall increases the vulnerability of core systems, particularly in operational environments where AI models are now routinely integrated.

Accenture’s findings point to a consistent lack of preparedness across all major regions. Only 14% of North American and 11% of European organisations report mature security frameworks. In Latin America, 77% of businesses lack basic cybersecurity strategies and operational capabilities. Meanwhile, 71% of Asia-Pacific firms remain in the most vulnerable bracket of security readiness, indicating exposure to significant operational risks.

Security readiness categorised by three organisational zones based on maturity indicators

The report classifies enterprises into three categories based on their cyber resilience. According to it, 10% are identified as being in the “Reinvention Ready Zone,” marked by a responsive and continuously adaptive security posture. A further 27% fall into the “Progressing Zone,” showing some strength in implementation but lacking long-term strategic direction. The remaining companies, forming the majority, fall in the “Exposed Zone,” characterised by reactive responses and fragmented defences.

According to Accenture, companies in the Reinvention Ready group experience 69% fewer advanced attacks and are 1.5 times more effective in blocking threats. They also have 1.3 times greater visibility across IT and OT systems, have reduced technical debt by 8%, and report a 15% increase in customer trust.

Read more: AI-driven data leaks hit 68% of firms, finds report