KPMG Reports Surge in Cybersecurity Investment as AI Threats Redefine Risk
A cybersecurity boom appears imminent as businesses invest to defend against a new generation of sophisticated, AI-driven threats. According to the 2025 KPMG Cybersecurity Survey, a staggering 99% of security leaders plan to increase their cybersecurity budgets over the next two to three years, signaling that cybersecurity is no longer just a priority but a critical business imperative.
The survey, which polled over 300 C-suite and senior security leaders, found that spending is already surging, with 98% confirming budget increases in the last 12 months. This rush of investment comes as 83% of organizations report a rise in cyberattacks, including everything from phishing and ransomware to more advanced AI-powered social engineering schemes. The findings suggest that the escalating threat landscape is fueling a market-wide expansion in cybersecurity spending, talent acquisition, and strategic partnerships.
“The data doesn’t just point to steady growth; it signals a potential boom. We’re seeing a major market pivot where cybersecurity is now a fundamental driver of business strategy,” said Michael Isensee, cybersecurity & tech risk leader, KPMG LLP. “Leaders are moving beyond reactive defense and are actively investing to build a security posture that can withstand future shocks, especially from AI and other emerging technologies. This isn’t just about spending more; it’s about strategic investment in resilience.”
Key indicators from the KPMG survey that point to a cybersecurity boom include:
- Sustained Budget Growth: With 99% of companies planning to increase cyber budgets in the next few years, the vast majority (54%) are planning for significant increases of 6% to 10% as they brace for future threats. Even so, leaders still face hurdles in securing additional funding, with 52% citing competing priorities for budget allocation which include data security and privacy, IAM, and cloud security. This signals a need for leaders to focus on managing this spend more strategically — turning to AI, unified security platforms, and Managed Services to create efficiencies, reduce overhead, and ensure every additional dollar strengthens their overall defense posture.
- The AI Arms Race: The rise of AI is a dual catalyst. While 38% of leaders see AI-powered attacks as a major challenge in the next two to three years, 70% of organizations are already dedicating more than 10% of their budgets to AI-related cyber initiatives. They also reported that AI will have the greatest impact in proactively identifying and stopping threats with fraud prevention (57%), predictive analytics (56%) and enhanced detection (53%).
- A War for Talent: The boom is creating fierce competition for skilled professionals. 53% of leaders cite a lack of qualified candidates as a high-impact challenge, forcing them to increase compensation (49%), boost internal training (49%), and rely more on external partners (25%) including MSSPs to fill critical gaps.
- Strategic Investment Beyond IT: Cybersecurity investment is increasingly centered on the controls that protect access and trust across the enterprise. The survey shows that 42% of leaders are making identity and access management a top budget priority over the next two to three years, closely following data security and privacy and cloud security. This reflects a growing recognition that as organizations scale cloud and AI, stronger identity governance and access controls are critical to protecting sensitive data and systems and to building a more resilient security posture.