Site Search Site Search

Menu

Featured

Climate risk, resilience and adaptation

Business transformation

Artificial intelligence

Loading Results

AI emerges as the top cybersecurity investment priority for companies in a shifting risk landscape, as only 6% are ‘very capable’ to withstand cyber-attacks across all vulnerabilities surveyed

  • Press Release
  • 3 minute read
  • October 01, 2025
  • Nearly eight-in-ten (78%) organisations say their cyber budget will increase over the next 12 months, as businesses continue to contend with a widening array of cyber risks
  • Investment in artificial intelligence was the top budget priority (36%) over the next 12 months, ahead of cloud security (34%), network security (28%) and data protection (26%)
  • One-quarter of businesses (27%) say their most damaging data breach over the last three years cost US$1 million or more, with larger firms and the TMT sector at greater risk
  • Cyber skills deficits weigh: a lack of knowledge in the application of AI for cyber defence (50%) and lack of relevant skills (41%) were the top two challenges over the last 12 months in implementing AI for cyber defence

LONDON, 1 October 2025 – AI tops the agenda for cybersecurity and business leaders when it comes to cyber budget allocations, addressing cyber talent shortages, and bolstering cyber defence capabilities over the next 12 months, according to PwC’s 2026 Global Digital Trust Insights survey, released today.

The survey, which interviewed 3,887 business and tech executives from across 72 countries and territories, also finds that only around half of security and operations leaders say their organisation is ‘very capable’ of withstanding cyber-attacks, with only 6% say they’re ‘very capable’ across all areas surveyed, even as new and emerging technologies including AI and quantum computing transform the cyber risk landscape.

Less than or roughly half of organisations say they are ‘very capable’ to address areas including weak authentication and access controls (55%), vulnerable connected products/devices (48%), with legacy systems (45%) and supply chain vulnerabilities (43%) among the weakest spots among the areas surveyed.

Sean Joyce, Global Cybersecurity and Privacy Leader, PwC US, said:

“New and emerging technologies and a rapidly evolving and digitally interconnected global ecosystem and threat landscape have created a tipping point. Cyber leaders must chart a path forward and that requires executive alignment. The most successful organisations are those where CISOs have a seat at the table and cyber is woven into business decisions. The organisations that will lead in the future are those investing in cyber not just to respond, but to anticipate. This year’s findings show that resilience comes from foresight, not hindsight. Organisations should ensure they are also investing in AI and cyber skills, prioritising the upskilling and re-skilling of their cyber teams in order to clearly and proactively map the cyber risks they face.”

AI emerges as top-of-mind for cyber security leaders and budgets

Consistent with last year, nearly eight-in-ten (78%) organisations say their cyber budget will increase over the coming year, highlighting the continuing importance organisations are placing in bolstering their cyber security capabilities as the risk landscape continues to evolve. Nearly one-third (32%) of these said their budgets would likely increase 6-10%.

Looking within cyber budget priorities, investment in AI (36%) was the top priority over the next 12 months, ahead of cloud security (34%), network security (28%) and data protection (26%), as AI’s rapid advance continues to transform the digital landscape.

When looking at the AI security capabilities organisations are prioritising over the next 12 months, nearly half (48%) of security leaders are prioritising AI threat hunting capabilities, with more than one-third prioritising other capabilities such as agentic AI (35%). 

More organisations are now quantifying cyber risk

As organisations contend with a rising array of cyber risks – they are also increasingly putting a number behind it. Half now report using cyber risk quantification to measure financial impact to a significant or large extent, up from 44% last year.

This comes as a quarter of businesses (27%) say their most damaging data breach in the past three years cost their organisation at least US $1 million, consistent with last year’s responses. The most exposed include enterprises with US $5 billion or more in revenue (41%), US-based companies (37%), and TMT sector companies (33%). 

Skills gaps weigh on bolstering AI and cyber defence capabilities

Cyber security workforce shortages continue to impede progress as organisations operationalise AI, secure complex environments and prepare for the next generation of threats.

Half (50%) of respondents said a lack of knowledge in the application of AI for cyber defence, or lack of relevant skills (41%), were the biggest internal challenges to implementing AI for cyber defence over the last 12 months.

But while talent shortages weigh – business are responding by prioritising areas such as AI and machine learning tools (53%), security automation tools (48%), cyber tool consolidation (47%) and upskilling or reskilling (47%).

The cyber skills deficit challenge runs deeper beyond preparation for AI. Nearly half (47%) of leaders cite a lack of qualified personnel as a top challenge when securing operational technology (OT) and the industrial internet of things (IIoT) systems.

At the same time, as quantum technologies are advancing and represent one of the top-ranked threats organisations are least prepared to address (after cloud-related threats, 33%; attacks on connected products, 28%; third-party data breach, 27%; quantum computing threats, 26%), almost half (49%) haven’t considered or started implementing any quantum-resistant security measures due to a lack of understanding about post-quantum risks, limited internal resources and competing demands. 

See the full findings

About PwC’s 2026 Global Digital Trust Insights survey

The 2026 Global Digital Trust Insights survey captures the views of 3,887 business and technology executives between May-July 2025. One-third of the executives (33%) are from large companies with US $5 billion or more in revenues. Respondents operate in a range of industries, including financial services (21%); industrial manufacturing and automotive (21%); tech, media and telecom (19%); retail and consumer markets (16%); healthcare (10%); energy, utilities and resources (9%); and government and public services (4%). Respondents are based across 72 countries. The regional breakdown of responses is Western Europe (32%), North America (27%), Asia Pacific (18%), Latin America (11%), Central and Eastern Europe (6%), Africa (4%) and the Middle East (3%). Now in its 28th year, it’s the longest-running annual survey on cybersecurity trends. It’s also the largest survey in the cybersecurity industry and the only one that draws participation from senior business executives, not just security and technology executives.

About PwC

At PwC, we help clients build trust and reinvent so they can turn complexity into competitive advantage. We’re a tech-forward, people-empowered network with more than 370,000 people in 149 countries. Across audit and assurance, tax and legal, deals and consulting we help build, accelerate and sustain momentum. Find out more at www.pwc.com

Follow us

Contact us

Dan Barabas

Dan Barabas

Global Corporate Affairs & Communications, Manager, PwC United Kingdom

Email
Hide

© 2017 - 2025 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details. This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.