Accenture: Closing the AI Security Maturity Gap
AI is transforming industries at breakneck speed. From automating backāoffice functions to powering nextāgeneration products and services, AI technologies are shaping businesses across all elements of their operations.
But, as it scales across enterprises, Accenture warns that AI is also creating a global cyber risk.
In its State of Cybersecurity Resilience 2025 report, Accenture reveals a sobering picture: just one in 10 organisations worldwide are prepared to counter AIādriven cyberattacks.
By contrast, 63% sit in what Accenture calls the āExposed Zoneā, meaning they lack both a cohesive cybersecurity strategy and the technical foundations needed to withstand modern threats.
"Rising geopolitical tensions, economic volatility and increasingly complex operational environments, coupled with AI-augmented attacks are leaving organisations more vulnerable to cyber risks,ā says Paolo Dal Cin, Global Lead at Accenture Security, one of the reportās three authors.
āThis report serves as a wakeāup call that cybersecurity can no longer be an afterthought. It must be embedded by design into every AIādriven initiative.ā
Is global cybersecurity at a turning point?
Accentureās research is based on a global survey of 2,286 security and technology executives across 24 industries and 17 countries, representing some of the worldās largest organisations.
Respondents fell into three maturity zones:
- Exposed Zone: Companies lacking both strategy and capability, leaving them highly vulnerable – 63% fall into this category
- Progressing Zone: Organisations, of which Accenture identified 27%, with strengths in either strategy or protection but fail to align the two effectively
- ReinventionāReady Zone: Accenture found just 10% of leading firms combine adaptive security strategies with strong technical defence. These companies are 69% less likely to fall victim to advanced AIāpowered attacks, enjoy 1.5 times higher success rates in blocking threats and report a 15% boost in customer trust
For organisations in the ReinventionāReady Zone, security has become a business enabler, not just a shield, Accenture says.
Emphasising how these gaps undermine cyber resilience, Accenture identifies several systemic shortcomings across global enterprises in its report.
- 77% lack data and AIāspecific security practices to safeguard models, pipelines and cloud workloads
- Only 22% have established policies and training for Gen AI usage
- Just 25% fully apply encryption and access controls to protect sensitive information
- 83% of executives cite workforce limitations as a critical barrier to sustaining a strong defence posture
Against a backdrop of rising geopolitical tensions, shifting regulations and increasingly complex supply chains, these gaps leave enterprises exposed to disruption.
Co-author Daniel Kendzior, Global Data & AI Security Lead at Accenture, says: “The rapid advancement of generative AI represents a profound paradigm shift in cybersecurity, bringing unique challenges and opportunities.
“By designing AI systems with security at their core and continuously monitoring and updating them, organisations can stay ahead of the most critical threats.
āBusiness resilience requires readiness to quickly respond to disruptive forces and confidence in your organizationās ability to act effectively.ā
How can cybersecurity resilience be strengthened?
For those that find themselves falling short, Accenture identifies four critical steps companies must adopt to move towards the ReinventionāReady Zone.
Accentureās advice:
- Govern with purpose: Build and deploy a fitāforāpurpose security governance framework that aligns AI security to regulatory, ethical and business priorities, ensuring boardālevel accountability, Accenture says
- Design secure digital cores: Accenture advises businesses embed resilience into every AI system from the outset, eliminating the inefficiencies of retrofitting defences and treating security as an enabler of innovation
- Maintain resilient foundations: By establishing continuous monitoring, independent model testing and AIāspecific incident response capabilities, Accenture says businesses will be able to address threats like deepfakes, model manipulation and AIāpowered worms.
- Reinvent security with AI: Deploy Gen AI as a force multiplier for cyber teams, Accenture advises. Automating threat detection, reducing analyst workloads and bridging the cyber talent gap are benefits that come as a result.
Despite issuing widespread advice, Accenture acknowledges that there are sharp variations in readiness across geographies.
The study finds that only 14% of North American and 11% of European organisations have mature cyber postures. It also identifies that 77% of Latin American companies remain in the Exposed Zone, while in AsiaāPacific, 71% face serious operational and financial risks due to inadequate defences.
This geographic imbalance suggests that the majority of enterprises around the world are heading into an AIādriven era of cyber threats underāsecured and underāprepared.
Security as a strategic enabler
Accenture’s message is simple – treating cybersecurity as a compliance obligation is no longer sustainable.
Instead, businesses that embed resilience into their AI strategies are already demonstrating greater operational visibility, stronger customer trust and improved returns on their AI investments.
Paolo says: “Taking this proactive approach will help ensure a competitive edge, strengthen customer loyalty and turn cybersecurity into a business enabler.”
