Security
99% of Security Leaders Plan to Raise Cyber Budgets as AI-Driven Threats Accelerate: KPMG Survey
2025-12-24
Nearly all large enterprises are preparing to increase cybersecurity spending over the next few years as artificial intelligence reshapes the global threat landscape, according to a new survey by KPMG.
The 2025 KPMG Cybersecurity Survey, which polled more than 300 C-suite executives and senior security leaders, found that 99% of respondents plan to increase their cybersecurity budgets over the next two to three years, signaling a sharp escalation in investment as organizations contend with more frequent and sophisticated attacks. The spending momentum is already underway: 98% of leaders said their organizations raised cybersecurity budgets in the past 12 months.
The surge in investment comes as cyber risk intensifies across industries. More than four in five organizations surveyed reported an increase in cyberattacks over the last year, ranging from phishing and ransomware incidents to advanced social-engineering campaigns powered by generative AI. Security leaders said the expanding attack surface created by cloud adoption, remote work, and AI-enabled systems is forcing companies to rethink cybersecurity as a core business requirement rather than a technology function.
Michael Isensee, Cybersecurity and Technology Risk Leader at KPMG LLP, said the findings point to a fundamental shift in how organizations view cyber resilience. He noted that companies are moving beyond reactive defense models and investing to build security programs capable of withstanding long-term disruption, particularly as AI becomes both a tool for attackers and a defensive capability.
Despite the strong intent to spend more, budget pressures remain. More than half of respondents said competing enterprise priorities continue to constrain cybersecurity funding decisions, particularly as organizations balance investments in data protection, identity and access management, and cloud security. Many leaders indicated they are increasingly turning to automation, unified security platforms, and managed services to stretch budgets further and improve operational efficiency.
AI emerged as a central theme in the survey. While 38% of respondents identified AI-powered attacks as one of their biggest challenges over the next few years, 70% said they already allocate more than 10% of their cybersecurity budgets to AI-related initiatives. Security leaders reported that AI is expected to have its greatest impact in fraud prevention, predictive threat analytics, and advanced detection capabilities.
The report also highlights mounting pressure on cybersecurity talent. More than half of respondents cited shortages of qualified professionals as a major obstacle, prompting organizations to raise compensation, expand internal training programs, and rely more heavily on external security partners to fill capability gaps.
As enterprises accelerate digital transformation and AI adoption, cybersecurity spending is increasingly focused on foundational controls that protect access, data, and trust. Identity and access management, data security, and cloud security ranked among the top investment priorities, reflecting growing recognition that effective governance is essential to securing AI-enabled and cloud-first environments.
KPMG said the convergence of rising cyber risk, AI-driven threats, and persistent talent shortages is driving what could become a prolonged expansion cycle for the cybersecurity market, as organizations position security as a strategic enabler of resilience and growth rather than a defensive cost center.
The 2025 KPMG Cybersecurity Survey, which polled more than 300 C-suite executives and senior security leaders, found that 99% of respondents plan to increase their cybersecurity budgets over the next two to three years, signaling a sharp escalation in investment as organizations contend with more frequent and sophisticated attacks. The spending momentum is already underway: 98% of leaders said their organizations raised cybersecurity budgets in the past 12 months.
The surge in investment comes as cyber risk intensifies across industries. More than four in five organizations surveyed reported an increase in cyberattacks over the last year, ranging from phishing and ransomware incidents to advanced social-engineering campaigns powered by generative AI. Security leaders said the expanding attack surface created by cloud adoption, remote work, and AI-enabled systems is forcing companies to rethink cybersecurity as a core business requirement rather than a technology function.
Michael Isensee, Cybersecurity and Technology Risk Leader at KPMG LLP, said the findings point to a fundamental shift in how organizations view cyber resilience. He noted that companies are moving beyond reactive defense models and investing to build security programs capable of withstanding long-term disruption, particularly as AI becomes both a tool for attackers and a defensive capability.
Despite the strong intent to spend more, budget pressures remain. More than half of respondents said competing enterprise priorities continue to constrain cybersecurity funding decisions, particularly as organizations balance investments in data protection, identity and access management, and cloud security. Many leaders indicated they are increasingly turning to automation, unified security platforms, and managed services to stretch budgets further and improve operational efficiency.
AI emerged as a central theme in the survey. While 38% of respondents identified AI-powered attacks as one of their biggest challenges over the next few years, 70% said they already allocate more than 10% of their cybersecurity budgets to AI-related initiatives. Security leaders reported that AI is expected to have its greatest impact in fraud prevention, predictive threat analytics, and advanced detection capabilities.
The report also highlights mounting pressure on cybersecurity talent. More than half of respondents cited shortages of qualified professionals as a major obstacle, prompting organizations to raise compensation, expand internal training programs, and rely more heavily on external security partners to fill capability gaps.
As enterprises accelerate digital transformation and AI adoption, cybersecurity spending is increasingly focused on foundational controls that protect access, data, and trust. Identity and access management, data security, and cloud security ranked among the top investment priorities, reflecting growing recognition that effective governance is essential to securing AI-enabled and cloud-first environments.
KPMG said the convergence of rising cyber risk, AI-driven threats, and persistent talent shortages is driving what could become a prolonged expansion cycle for the cybersecurity market, as organizations position security as a strategic enabler of resilience and growth rather than a defensive cost center.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
