AI Threats Drive Cyber Budget Growth: KPMG Survey

The survey highlights a cybersecurity landscape increasingly shaped by AI threats, with organizations investing heavily in AI-driven defense mechanisms. Despite resource constraints, companies are expanding budgets to improve data security, identity management, and cloud security. Workforce challenges persist, prompting investments in training and external partnerships, as organizations aim to stay ahead of sophisticated cyber threats.
Jan. 13, 2026
4 min read

Key Highlights

  • 99% of security leaders plan to increase cybersecurity budgets in the next two to three years, focusing on data security, privacy, and cloud security.
  • Rising cyberattack activity, including phishing, ransomware, and AI-enhanced threats, is prompting organizations to reassess and strengthen their defenses.
  • Over half of respondents are concerned about AI-powered social engineering and malicious insider use, viewing AI as both a risk and a vital defense tool.
  • Workforce shortages remain a significant challenge, leading to increased investment in employee training, external partnerships, and talent retention strategies.
  • Organizations are strategically shifting from reactive to proactive security postures, emphasizing resilience against future AI-driven threats.
ID 845560 © Absolut_photos | Dreamstime.com
696660a5d7766bf00c35e0b9 Edgecirclemask 540x250

U.S. companies are planning widespread increases in cybersecurity investment as emerging threats driven by artificial intelligence (AI) reshape risk priorities, according to the newly published 2025 KPMG Cybersecurity Survey.

The report, available for download here, shows nearly all security leaders surveyed intend to boost budgets for cyber defense over the next several years, underscoring the increasingly strategic role cybersecurity plays for large organizations.

The survey was conducted from September 25 to October 9, 2025, and includes responses from 310 C-suite security leaders at U.S. organizations with at least $1 billion in revenue, according to an announcement. Findings indicate that nearly all respondents plan to grow their cybersecurity budgets over the next two to three years, and almost as many reported increases during the past 12 months.

Cyberattack activity continues to rise

According to the survey, 99% of respondents anticipate increasing cybersecurity spending in the near term, with more than half planning budget increases of 6% to 10%. Priority investment areas include data security and privacy, identity and access management and cloud security. Budget growth appears closely tied to the surge in cyber threats, even as leaders cite resource constraints and competing demands for funding as barriers to addressing vulnerabilities.

The survey reflects a heightened level of cyber activity. Eighty-three percent of security leaders reported a rise in cyberattacks over the last year. Among organizations that experienced an incident, phishing and distributed denial-of-service attacks were the most frequently cited, followed by ransomware and malware. Insider-related incidents, Internet of Things attacks and password-based attacks were also identified as recurring challenges.

AI reshapes both threats and defenses

AI-driven threats are emerging as a central concern. More than half of respondents cited AI-powered social engineering and targeted attacks as top challenges, along with AI-enhanced malware, ransomware and automated phishing campaigns. Despite these concerns, fewer than half of respondents rated their defenses as highly effective against AI-driven threats. More than half also expressed concern about the malicious use of AI tools by insiders.

At the same time, AI is viewed as both a risk and a critical line of defense. Most respondents expect AI-powered attacks to become a major challenge within the next two to three years, particularly among organizations that feel less prepared today. However, leaders also expect AI to have the greatest impact in areas such as fraud prevention, predictive analytics and enhanced threat detection. Many organizations already dedicate more than 10% of their cybersecurity budgets to AI-related initiatives, signaling that AI investment is becoming a core component of security strategy.

Workforce pressures influence security strategy

Talent shortages remain another key challenge. More than half of respondents cited a lack of qualified cybersecurity professionals as a high-impact issue, along with the rising cost of attracting and retaining talent. 

To address these gaps, organizations are investing in training and upskilling existing employees, increasing compensation and benefits and relying on external partners to supplement internal teams, according to the survey.

“The data doesn’t just point to steady growth; it signals a potential boom. We’re seeing a major market pivot where cybersecurity is now a fundamental driver of business strategy,” stated Michael Isensee, Cybersecurity & Tech Risk Leader, KPMG. “Leaders are moving beyond reactive defense and are actively investing to build a security posture that can withstand future shocks, especially from AI and other emerging technologies. This isn’t just about spending more; it’s about strategic investment in resilience.”

Key Considerations For Technology And Security Leaders Entering 2026

ID 8331329 © Helen Filatova | Dreamstime.com
dreamstime_xxl_8331329

The findings from the 2025 KPMG Cybersecurity Survey point to several areas that CIOs, CTOs, and CISOs are already prioritizing as they plan for the year ahead.

Evaluate readiness for AI-driven threats.

The survey shows that most security leaders expect AI-powered attacks to become a major challenge within the next two to three years, even as fewer than half rate their current defenses as highly effective. Many organizations are reassessing how well their security programs can detect and respond to AI-enabled social engineering malware and automated attacks.

Align cybersecurity budgets with rising attack activity.

With the majority of respondents reporting increased cyberattacks over the past year and nearly all planning budget increases, organizations are tying investment decisions more closely to threat volume and exposure. Data security, privacy, identity, and access management, and cloud security are emerging as leading budget priorities.

Revisit identity and access strategies as environments grow more complex.

The survey highlights growing concern around insider risk, non-human identities, and automated access, driving continued investment in identity and access management initiatives as part of broader cybersecurity programs.

Address workforce gaps through training and partnerships.

Talent shortages remain a high-impact challenge, prompting many organizations to invest in upskilling existing staff, increasing compensation, and relying on external partners or managed services to supplement internal capabilities.

Like what you're reading? Sign up for our free weekly newsletter.

About the Author

Rodney Bosch

Rodney Bosch

Contributor

Rodney Bosch is a seasoned journalist and Editor-in-Chief of SecurityInfoWatch.com, covering the full spectrum of the security industry. Drawing on years of experience in both B2B and newspaper journalism, he provides clear, credible reporting and analysis on the technologies, companies, and trends shaping today’s security marketplace.

Trending

Resources

Oct. 16, 2025
Oct. 16, 2025
Oct. 16, 2025

Quiz

mktg-icon Your Competitive Edge, Delivered

Stay ahead of the curve with weekly insights into emerging technologies, cybersecurity, and digital transformation. TechEDGE brings you expert perspectives, real-world applications, and the innovations driving tomorrow’s breakthroughs, so you’re always equipped to lead the next wave of change.

Sign Me Up
marketing-image