AI Is the Top Cybersecurity Investment Priority for Companies

AI tops the agenda for cybersecurity and business leaders when it comes to cyber budget allocations, addressing cyber talent shortages, and bolstering cyber defense capabilities over the next 12 months, according to PwC. The 2026 Global Digital Trust Insights survey, which interviewed 3,887 business and tech executives from across 72 countries and territories, also finds that only around half of security and operations leaders say their organisation is ‘very capable’ of withstanding cyber-attacks, with only 6% say they’re ‘very capable’ across all areas surveyed, even as new and emerging technologies including AI and quantum computing transform the cyber risk landscape.

Less than or roughly half of organizations say they are ‘very capable’ to address areas including weak authentication and access controls (55%), vulnerable connected products/devices (48%), with legacy systems (45%), and supply chain vulnerabilities (43%) among the weakest spots among the areas surveyed. Consistent with last year, nearly eight-in-ten (78%) organizations say their cyber budget will increase over the coming year, highlighting the continuing importance organizations are placing on bolstering their cybersecurity capabilities as the risk landscape continues to evolve. Nearly one-third (32%) of these said their budgets would likely increase 6-10%.

Looking within cyber budget priorities, investment in AI (36%) was the top priority over the next 12 months, ahead of cloud security (34%), network security (28%), and data protection (26%), as AI’s rapid advance continues to transform the digital landscape. When looking at the AI security capabilities organizations are prioritizing over the next 12 months, nearly half (48%) of security leaders are prioritizing AI threat hunting capabilities, with more than one-third prioritizing other capabilities such as agentic AI (35%).

As organizations contend with a rising array of cyber risks, they are also increasingly putting a number behind them. Half now report using cyber risk quantification to measure financial impact to a significant or large extent, up from 44% last year. This comes as a quarter of businesses (27%) say their most damaging data breach in the past three years cost their organization at least US $1 million, consistent with last year’s responses. The most exposed include enterprises with $5 billion or more in revenue (41%), US-based companies (37%), and TMT sector companies (33%). 

Cybersecurity workforce shortages continue to impede progress as organizations operationalize AI, secure complex environments, and prepare for the next generation of threats. Half (50%) of respondents said a lack of knowledge in the application of AI for cyber defense, or lack of relevant skills (41%), were the biggest internal challenges to implementing AI for cyber defense over the last 12 months. But while talent shortages weigh, businesses are responding by prioritizing areas such as AI and machine learning tools (53%), security automation tools (48%), cyber tool consolidation (47%), and upskilling or reskilling (47%).

The cyber skills deficit challenge runs deeper beyond preparation for AI. Nearly half (47%) of leaders cite a lack of qualified personnel as a top challenge when securing operational technology (OT) and the industrial internet of things (IIoT) systems. At the same time, as quantum technologies are advancing and represent one of the top-ranked threats organisations are least prepared to address (after cloud-related threats, 33%; attacks on connected products, 28%; third-party data breach, 27%; quantum computing threats, 26%), almost half (49%) haven’t considered or started implementing any quantum-resistant security measures due to a lack of understanding about post-quantum risks, limited internal resources and competing demands.