Dive Brief:
- Many business leaders still aren’t following cybersecurity best practices to protect their organizations from costly intrusions, according to a report that the consulting giant Unisys published on Tuesday.
- Only 62% of organizations have or are setting up a zero-trust network architecture, only 61% are prioritizing post-incident recovery and only 45% deploy or plan to deploy managed detection and response software.
- Only 42% of organizations said they use or plan to use digital identity and access management services, which are considered essential for stopping attacks that exploit legitimate credentials.
Dive Insight:
A consistent theme in Unisys’ report is that companies are eagerly embracing new technologies like artificial intelligence at the expense of shoring up their cyber defenses against well-known threats. At the same time as many organizations eschew access-control technologies, for example, roughly three-quarters of them told Unisys that they plan to spend more money on cloud services that are routinely breached through identity-based attacks.
Many companies remain unprepared to deal with the security threats that experts say could arrive with the advent of quantum computers. Roughly three-quarters of respondents (71%) said their cyber defenses were “insufficient to withstand the challenges posed by quantum cryptography incursions.” In addition, only 14% of organizations told Unisys that their IT infrastructure could support post-quantum-cryptography — a potentially alarming statistic given that the U.S. government has described cryptographic migration as a business and national-security imperative. (Roughly half of respondents said they were planning those migrations.)
One of the Unisys report’s most notable sections addresses the conflicting perspectives of corporate executives and their IT leaders. These professionals disagree about whether cybersecurity measures make it too difficult to analyze and share data (63% of business executives say this, compared with 35% of IT leaders) and about whether cloud security policies significantly impede innovation (68% versus 37%).
In the survey, which was based on interviews with 1,000 senior IT and business leaders around the world between March and May 2025, 85% of respondents admitted that “their cyber strategies are too reactive.”
The findings in the Unisys report are notable when compared with the conclusions of other recent surveys. For example, while Unisys found that fewer than half of organizations were interested in identity-verification technologies, the enterprise software firm JumpCloud recently found that identity-based attacks ranked second on IT professionals’ list of fears, with 49% of them citing it as a top concern. JumpCloud also reported that only 11% of organizations felt confident that they’d achieved a full migration to zero-trust architecture, a figure that complements Unisys’ finding about relatively tepid interest in the technology.
The Unisys report provides more evidence that a rush to participate in a new technological trend is driving many companies’ investments in artificial intelligence. More than three-quarters of respondents (78%) said they planned to spend more on generative AI solutions, even though only 45% of respondents said they were “very satisfied” with those technologies’ return on investment.
JumpCloud, too, reported that companies were eager to deploy AI systems. The share of firms that reported no plans to adopt AI dropped from roughly 13% in the first quarter of 2024 to less than 0.5% in the third quarter of 2025. Nearly two-thirds of companies (63%) said they were actively using AI tools, while 53% said they were piloting AI features in existing technologies and 46% said they were planning to adopt AI in the next year. Of the companies using AI, 67% said they were using it to detect cyberattacks.
But security is also a hindrance to some companies’ AI plans, JumpCloud found: 47% said security and compliance concerns were their biggest AI implementation challenge.
