Artificial intelligence has become the number one investment priority for cybersecurity budgets over the next year, according to a comprehensive new report from PwC. The findings indicate a significant shift in how organizations are allocating resources to defend against increasingly sophisticated digital threats.
The PwC 2026 Global Digital Trust Insights Survey, which gathered responses from nearly 3,900 executives worldwide, found that 36% of leaders now place AI-based security among their top three budget priorities. This focus on AI surpasses other critical areas like cloud security and data protection.
Key Takeaways
- AI-based security is the top budget priority for 36% of business and technology executives, overtaking cloud security (34%).
- Nearly 80% of organizations plan to increase their overall cybersecurity budget in the coming year, with 60% citing geopolitical risks as a key driver.
- A significant skills gap remains a major hurdle, with 50% of leaders citing a lack of AI knowledge as a challenge to implementation.
- Despite being a top concern, less than 10% of organizations are prioritizing quantum-resistant security measures in their budgets.
AI Leads Cybersecurity Spending Priorities
The new data from PwC highlights a clear trend among global organizations: artificial intelligence is now central to modern defense strategies. The report shows that 36% of executives named AI-based security as a top-three spending focus, placing it just ahead of cloud security, which was cited by 34% of respondents.
Other traditional security domains are also receiving attention but are now ranked lower than AI. Network security and zero trust architectures were a priority for 28% of leaders, followed by data protection at 26% and threat management at 24%. This reordering shows how companies are looking to advanced technologies to counter new threats.
When examining specific AI capabilities, security leaders are most focused on AI-powered threat hunting. According to the survey, 48% of security executives are prioritizing this area to proactively identify and neutralize potential attacks before they cause damage.
What is Agentic AI?
Agentic AI refers to autonomous AI systems, or 'agents,' that can independently perform tasks, make decisions, and interact with their environment to achieve specific goals. In cybersecurity, these agents can automate complex processes like responding to threats or managing cloud security configurations, increasing efficiency and reducing the workload on human analysts.
Another significant area of investment is the use of agentic AI solutions to improve operational efficiency. Approximately 35% of security leaders are deploying these systems to automate tasks, particularly within cloud security environments. Other AI applications, such as event detection, behavioral analytics, and identity management, were each prioritized by about one-third of security leaders.
Budget Increases Driven by Geopolitical Concerns
The focus on advanced security measures is supported by a broad commitment to increase spending. A substantial 78% of organizations surveyed expect their cybersecurity budget to grow over the next 12 months. This widespread increase reflects a growing awareness of the financial and reputational risks posed by cyber threats.
A major factor driving this investment is the current global geopolitical landscape. The report reveals that 60% of respondents are boosting their cyber risk investments specifically in response to international tensions and state-sponsored cyber activities.
Confidence Gap in Cyber Defense
Despite rising budgets, confidence in existing defenses remains low. The PwC survey found that only 6% of organizations believe they are 'very capable' of withstanding cyber-attacks across all potential vulnerabilities in the current geopolitical climate.
This data points to a concerning gap between spending and perceived resilience. While organizations are allocating more funds, many still feel unprepared for the sophisticated attacks that can emerge from geopolitical conflicts. This underscores the need for strategic, forward-looking investments rather than purely reactive measures.
Skills Shortage Hinders AI Adoption
While the appetite for AI in cybersecurity is strong, significant roadblocks remain. The primary challenge identified by organizations is a lack of internal expertise. Half of all respondents (50%) stated that a lack of knowledge about AI technology is a major obstacle to its effective application in cyber defense.
Closely related to this is the shortage of skilled personnel. A further 41% of executives cited a lack of relevant skills within their teams as a key challenge. This talent gap prevents many organizations from fully leveraging the advanced security tools they are acquiring.
"The organizations that will lead in the future are those investing in cyber not just to respond, but to anticipate," stated Sean Joyce, Global Cybersecurity and Privacy Leader at PwC US. "This year’s findings show that resilience comes from foresight, not hindsight."
Joyce also stressed the importance of addressing the skills deficit directly. "Organizations should ensure they are also investing in AI and cyber skills, prioritizing the upskilling and re-skilling of their cyber teams in order to clearly and proactively map the cyber risks they face," he added.
Addressing the Talent Gap with Technology
To overcome the skills shortage, companies are turning to technology itself for solutions. More than half (53%) of organizations are prioritizing the use of AI and machine learning tools specifically to help close their internal capability gaps.
Other popular strategies include:
- Investing in security automation tools (48%)
- Consolidating the number of cybersecurity tools used (47%)
- Upskilling or reskilling existing staff (47%)
This multi-pronged approach shows that leaders are trying to both augment their human teams with technology and improve the skills of their current workforce simultaneously.
Emerging Threats: The Quantum Computing Challenge
Looking beyond immediate concerns, the report also sheds light on long-term threats that organizations are ill-prepared to handle. Quantum computing was ranked as one of the top five threats that companies are least ready to address, alongside breaches related to cloud services and third-party vendors.
Despite this high level of concern, action and investment are lagging significantly. Key findings on quantum preparedness include:
- Less than 10% of organizations prioritize quantum security measures in their budgets.
- A mere 3% have implemented all leading quantum-resistant security measures.
- Nearly half (49%) have not even started to consider or implement any quantum-resistant protections.
The primary barriers to adopting quantum-safe standards are, once again, related to expertise. Gaps in technical knowledge to adopt new industry standards were cited by 37% of security leaders, while 36% pointed to a lack of dedicated quantum computing resources and skills. This suggests that as quantum technology matures, the cybersecurity skills gap could widen even further if not addressed proactively.