AI emerges as the top cybersecurity investment priority for companies in a shifting risk landscape, as only 6% are ‘very capable’ to withstand cyber-attacks across all vulnerabilities surveyed: PwC

• Nearly eight-in-ten (78%) organisations say their cyber budget will increase over the next 12 months, as businesses continue to contend with a widening array of cyber risks.
• Investment in artificial intelligence was the top budget priority (36%) over the next 12 months, ahead of cloud security (34%), network security (28%) and data protection (26%).
• More than a quarter of businesses (27%) say their most damaging data breach over the last three years cost USD1 million or more, with larger firms¹ TMT sector at greater risk.
• Cyber skills deficits weigh: a lack of knowledge in the application of AI for cyber defence (50%) and lack of relevant skills (41%) were the top two challenges over the last 12 months in implementing AI for cyber defence

BANGKOK, 14 November 2025 – AI tops the agenda for cybersecurity and business leaders when it comes to cyber budget allocations, addressing cyber talent shortages, and bolstering cyber defence capabilities over the next 12 months, according to PwC’s 2026 Global Digital Trust Insights survey.

The survey, which interviewed 3,887 business and tech executives from across 72 countries and territories, also finds that only around half of security and operations leaders say their organisation is ‘very capable’ of withstanding cyber-attacks, with only 6% say they’re ‘very capable’ across all areas surveyed, even as new and emerging technologies including AI and quantum computing transform the cyber risk landscape.

Less than or roughly half of organisations say they are “very capable” to address areas including weak authentication and access controls (55%), vulnerable connected products/devices (48%), with legacy systems (45%) and supply chain vulnerabilities (43%) among the weakest spots among the areas surveyed. 

Sean Joyce, Global Cybersecurity and Privacy Leader, PwC US, said:

“New and emerging technologies and a rapidly evolving and digitally interconnected global ecosystem and threat landscape have created a tipping point. Cyber leaders must chart a path forward and that requires executive alignment. The most successful organisations are those where CISOs have a seat at the table and cyber is woven into business decisions. The organisations that will lead in the future are those investing in cyber not just to respond, but to anticipate. This year’s findings show that resilience comes from foresight, not hindsight. Organisations should ensure they are also investing in AI and cyber skills, prioritising the upskilling and re-skilling of their cyber teams in order to clearly and proactively map the cyber risks they face.”

AI emerges as top-of-mind for cyber security leaders and budgets

Consistent with last year, nearly eight-in-ten (78%) organisations say their cyber budget will increase over the coming year, highlighting the continuing importance organisations are placing in bolstering their cyber security capabilities as the risk landscape continues to evolve. Nearly one-third (32%) of these said their budgets would likely increase 6-10%.

Looking within cyber budget priorities, investment in AI (36%) was the top priority over the next 12 months, ahead of cloud security (34%), network security (28%) and data protection (26%), as AI’s rapid advance continues to transform the digital landscape.

When looking at the AI security capabilities organisations are prioritising over the next 12 months, nearly half (48%) of security leaders are prioritising AI threat hunting capabilities, with more than one-third prioritising other capabilities such as agentic AI (35%).

More organisations are now quantifying cyber risk

As organisations contend with a rising array of cyber risks – they are also increasingly putting a number behind it. Half now report using cyber risk quantification to measure financial impact to a significant or large extent, up from 44% last year.

This comes as more than a quarter (27%) of businesses say their most damaging data breach in the past three years cost their organisation at least USD1 million, consistent with last year’s responses. The most exposed include enterprises with USD5 billion or more in revenue (41%), US-based companies (37%), and TMT sector companies (33%).

Skills gaps weigh on bolstering AI and cyber defence capabilities

Cyber security workforce shortages continue to impede progress as organisations operationalise AI, secure complex environments and prepare for the next generation of threats.

Half (50%) of respondents said a lack of knowledge in the application of AI for cyber defence, or lack of relevant skills (41%), were the biggest internal challenges to implementing AI for cyber defence over the last 12 months.

But while talent shortages weigh – businesses are responding by prioritising areas such as AI and machine learning tools (53%), security automation tools (48%), cyber tool consolidation (47%) and upskilling or reskilling (47%).

The cyber skills deficit challenge runs deeper beyond preparation for AI. Nearly half (47%) of leaders cite a lack of qualified personnel as a top challenge when securing operational technology (OT) and the industrial internet of things (IIoT) systems.

At the same time, as quantum technologies are advancing and represent one of the top-ranked threats organisations are least prepared to address (after cloud-related threats, 33%; attacks on connected products, 28%; third-party data breach, 27%; quantum computing threats, 26%), almost half (49%) haven’t considered or started implementing any quantum-resistant security measures due to a lack of understanding about post-quantum risks, limited internal resources and competing demands.

Anand continued, “Even though cybersecurity is advancing quickly, much of it is still focuses on compliance rather than risk-based strategies. Tools like identity management, data protection and AI-driven security are more commonplace, but AI adoption in defence is just beginning. The challenge isn’t just about tools—it’s about people, skills and strategy. To build true resilience, organisations must shift from buying AI products to developing AI capabilities.”

//ENDS//

^{[1] Technology, Media and Telecommunications (TMT) industry}

Notes to Editors

About PwC’s 2026 Global Digital Trust Insights survey 

The 2026 Global Digital Trust Insights survey captures the views of 3,887 business and technology executives between May-July 2025. One-third of the executives (33%) are from large companies with USD5 billion or more in revenues. Respondents operate in a range of industries, including financial services (21%); industrial manufacturing and automotive (21%); tech, media and telecom (19%); retail and consumer markets (16%); healthcare (10%); energy, utilities and resources (9%); and government and public services (4%). Respondents are based across 72 countries. The regional breakdown of responses is Western Europe (32%), North America (27%), Asia Pacific (18%), Latin America (11%), Central and Eastern Europe (6%), Africa (4%) and the Middle East (3%). Now in its 28^th year, it’s the longest-running annual survey on cybersecurity trends. It’s also the largest survey in the cybersecurity industry and the only one that draws participation from senior business executives, not just security and technology executives.
 

About PwC

At PwC, we help clients build trust and reinvent so they can turn complexity into competitive advantage. We’re a tech-forward, people-empowered network with more than 364,000 people in 136 countries and 137 territories. Across audit and assurance, tax and legal, deals and consulting, we help clients build, accelerate, and sustain momentum. Find out more at www.pwc.com.

PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.

© 2025 PwC. All rights reserved.