- Nearly eight-in-ten (78%) organisations say their cyber budget will increase over the next 12 months, as businesses continue to contend with a widening array of cyber risks.
- Investment in artificial intelligence was the top budget priority (36%) over the next 12 months, ahead of cloud security (34%), network security (28%) and data protection (26%).
- More than a quarter of businesses (27%) say their most damaging data breach over the last three years cost USD1 million or more, with larger firms [1]TMT sector at greater risk.
- Cyber skills deficits weigh: a lack of knowledge in the application of AI for cyber defence (50%) and lack of relevant skills (41%) were the top two challenges over the last 12 months in implementing AI for cyber defence.
AI tops the agenda for cybersecurity and business leaders when it comes to cyber budget allocations, addressing cyber talent shortages, and bolstering cyber defence capabilities over the next 12 months, according to PwC’s 2026 Global Digital Trust Insights survey.
The survey, which interviewed 3,887 business and tech executives from across 72 countries and territories, also finds that only around half of security and operations leaders say their organisation is ‘very capable’ of withstanding cyber-attacks, with only 6% say they’re ‘very capable’ across all areas surveyed, even as new and emerging technologies including AI and quantum computing transform the cyber risk landscape.
Less than or roughly half of organisations say they are “very capable” to address areas including weak authentication and access controls (55%), vulnerable connected products/devices (48%), with legacy systems (45%) and supply chain vulnerabilities (43%) among the weakest spots among the areas surveyed.
Sean Joyce, Global Cybersecurity and Privacy Leader, PwC US, said:
“New and emerging technologies and a rapidly evolving and digitally interconnected global ecosystem and threat landscape have created a tipping point. Cyber leaders must chart a path forward and that requires executive alignment. The most successful organisations are those where CISOs have a seat at the table and cyber is woven into business decisions. The organisations that will lead in the future are those investing in cyber not just to respond, but to anticipate. This year’s findings show that resilience comes from foresight, not hindsight. Organisations should ensure they are also investing in AI and cyber skills, prioritising the upskilling and re-skilling of their cyber teams in order to clearly and proactively map the cyber risks they face.”
AI emerges as top-of-mind for cyber security leaders and budgets
Consistent with last year, nearly eight-in-ten (78%) organisations say their cyber budget will increase over the coming year, highlighting the continuing importance organisations are placing in bolstering their cyber security capabilities as the risk landscape continues to evolve. Nearly one-third (32%) of these said their budgets would likely increase 6-10%.
Looking within cyber budget priorities, investment in AI (36%) was the top priority over the next 12 months, ahead of cloud security (34%), network security (28%) and data protection (26%), as AI’s rapid advance continues to transform the digital landscape.
When looking at the AI security capabilities organisations are prioritising over the next 12 months, nearly half (48%) of security leaders are prioritising AI threat hunting capabilities, with more than one-third prioritising other capabilities such as agentic AI (35%).
More organisations are now quantifying cyber risk
As organisations contend with a rising array of cyber risks – they are also increasingly putting a number behind it. Half now report using cyber risk quantification to measure financial impact to a significant or large extent, up from 44% last year.
This comes as more than a quarter (27%) of businesses say their most damaging data breach in the past three years cost their organisation at least USD1 million, consistent with last year’s responses. The most exposed include enterprises with USD5 billion or more in revenue (41%), US-based companies (37%), and TMT sector companies (33%).
Skills gaps weigh on bolstering AI and cyber defence capabilities
Cyber security workforce shortages continue to impede progress as organisations operationalise AI, secure complex environments and prepare for the next generation of threats.
Half (50%) of respondents said a lack of knowledge in the application of AI for cyber defence, or lack of relevant skills (41%), were the biggest internal challenges to implementing AI for cyber defence over the last 12 months.
But while talent shortages weigh – businesses are responding by prioritising areas such as AI and machine learning tools (53%), security automation tools (48%), cyber tool consolidation (47%) and upskilling or reskilling (47%).
The cyber skills deficit challenge runs deeper beyond preparation for AI. Nearly half (47%) of leaders cite a lack of qualified personnel as a top challenge when securing operational technology (OT) and the industrial internet of things (IIoT) systems.
At the same time, as quantum technologies are advancing and represent one of the top-ranked threats organisations are least prepared to address (after cloud-related threats, 33%; attacks on connected products, 28%; third-party data breach, 27%; quantum computing threats, 26%), almost half (49%) haven’t considered or started implementing any quantum-resistant security measures due to a lack of understanding about post-quantum risks, limited internal resources and competing demands.
Rishi Anand, Consulting Partner at PwC Thailand, added his insights on Thailand:
“Most Thai companies are focusing on cybersecurity, but progress isn’t even. Financial services and telecom firms lead the way, while many others remain reactive. Most SMEs believe they’re too small to be targeted—but in today’s world, everyone is a potential victim.
“Thailand’s cybersecurity readiness is improving compared to global standards, but we must be more proactive, adopt risk-based thinking and invest in talent.”
Anand continued, “Even though cybersecurity is advancing quickly, much of it is still focuses on compliance rather than risk-based strategies. Tools like identity management, data protection and AI-driven security are more commonplace, but AI adoption in defence is just beginning. The challenge isn’t just about tools—it’s about people, skills and strategy. To build true resilience, organisations must shift from buying AI products to developing AI capabilities.”
[1] Technology, Media and Telecommunications (TMT) industry