pwc

48% of organisations that have experienced a major attack are prioritising managed services to fill critical skills deficiencies (compared to 39% overall).

Roughly half of respondents say their organisation is at best only ‘somewhat capable’ of withstanding cyber attacks targeting specific vulnerabilities.

Only 3% of organisations have implemented all leading quantum-resistant security measures surveyed.

33% of business and tech leaders ranked cloud-related threats in their top three threats they are least prepared to address.

The top three investment priorities when allocating cyber budgets are: Artificial intelligence (AI) (36%), Cloud security (34%), and Network security and zero trust (28%).

39% of business and tech leaders prioritise changes in trade and operating policies in response to the current geopolitical landscape.

AI enablement of key cyber capabilities is the #1 cyber investment priority for security leaders.

Over half (53%) of organisations are prioritising AI and machine learning tools in their top three priorities to help close capability gaps in cyber talent.

28% of business and tech leaders ranked attacks on connected products in their top three threats they are least prepared to address.

The top internal challenges to achieving post-quantum cryptography include gaps in technical expertise to adopt industry standards (37%) and gaps in dedicated quantum computing knowledge and resources (36%).

Regarding Operational Technology (OT) and Industrial Internet of Things (IIoT) systems, 47% of leaders cite a lack of qualified personnel/skillsets and resources as a top three challenge.

Cloud and connected product attacks are the top two cyber threats organisations feel least prepared to address.

Only 16% of organisations are measuring the potential financial impact of cyber risks (risk quantification) to a significant extent.

The Top 2 challenges to implementing AI for cyber defence are knowledge and skills gaps.

60% of business and tech leaders prioritise cyber risk investment in response to the current geopolitical landscape.

41% of business and tech leaders prioritise changes in critical infrastructure location in response to the current geopolitical landscape.

Only 6% of organisations have fully implemented all data risk measures surveyed across the enterprise.

AI (38%) and Cloud security (32%) are the top two areas where organisations are prioritising the use of managed services

Only 8% of security leaders include quantum readiness in their top three budget priorities for the coming year.

39% of business and tech leaders prioritise changes in cyber insurance policies in response to the current geopolitical landscape.

For companies with $5 billion or more in revenue, 41% reported a breach costing $1 million or more.

78% of business and tech leaders expect their cyber budget to increase over the coming year (a figure virtually unchanged from 77% last year).

More than a quarter of executives reported that their most damaging data breach in the past three years cost their organisation at least $1 million.

Only 24% of organisations are spending significantly more on proactive measures (e.g., monitoring, testing, controls) than reactive measures (e.g., incident response, fines, recovery)—which is considered the ideal spend ratio.

Most companies (67%) are spending roughly equal amounts on proactive and reactive cybersecurity measures.

Security leaders rank threat hunting as the #1 AI security capability they plan to bolster over the next 12 months.

The top three priority areas for deploying agentic AI solutions are cloud security (39%), data protection (39%), and cyber defence and operations (38%).

Only 6% of organisations feel confident/very capable across all vulnerabilities surveyed, given the current geopolitical landscape.

Quantum computing now ranks among the Top 4 threats that organisations feel least prepared to address.

49% of organisations have not considered or started implementing any quantum-resistant security measures.