AI, cloud security take over! New PwC report reveals top cyber spending priority for companies

The 2026 Global Digital Trust Insights is a survey of 3,887 business and technology executives conducted in the period from May to July 2025. The India edition of the global survey report focuses on the responses of the executives of 138 Indian businesses.

Less than or roughly half of organisations say they are “very capable” to address areas including Unpatched software updates (57%), weak authentication and access controls (55%), Lack of visibility into end points (55%), supply chain vulnerabilities (52%), with vulnerable connected products/devices (49%), insufficient network architecture (48%) and legacy systems (45%) among the weakest spots among the areas surveyed.

Sundareshwar Krishamurthy, Partner and India Cyber Leader, PwC India, said “India’s cybersecurity posture is evolving rapidly, driven by executive alignment and a growing recognition that cyber is central to business strategy. With 72% of organisations prioritising cyber risk at the board level, the shift from reactive defence to intelligence-led resilience is well underway. AI, cloud security, and managed services are now core to India’s cyber investment agenda. However, resilience demands foresight. Organisations remain underprepared to tackle third-party breaches and quantum threats, two of the most pressing risks in today’s digital ecosystem. The persistent talent gap further complicates execution, especially in areas like AI-enabled defence and quantum cryptography. Looking ahead, the organisations that will lead are those embedding cybersecurity into core decision-making, aligning budgets to emerging risks, and building teams capable of anticipating not just reacting to threats. Resilience will come from foresight, not hindsight.”

AI emerges as top-of-mind for cyber security leaders and budgets

Cyber budgets are still rising, though at a more deliberate pace. This year, 87% of leaders of Indian organisations expect their cyber budgets to grow in the coming year and nearly one-third of them plan to boost spending by more than 10%—a slight dip from last year’s 93%, yet a strong signal of sustained investment. This highlights the continuing importance organisations are placing in bolstering their cyber security capabilities as the risk landscape continues to evolve. Notably, just over one-third (38%) of these said their budgets would likely increase 6-10%.

Looking within cyber budget priorities, investment in AI (46%) was the top priority over the next 12 months, ahead of cloud security (33%), and cyber managed services (28%), as AI’s rapid advance continues to transform the digital landscape.

When looking at the AI security capabilities organisations are prioritising over the next 12 months, more than half (60%) of security leaders are prioritising AI threat hunting capabilities, with nearly 47% prioritising other capabilities such as agentic AI.

More organisations are now quantifying cyber risk

As organisations contend with a rising array of cyber risks – they are also increasingly putting a number behind it. Half now report using cyber risk quantification to measure financial impact to a significant or large extent.

This comes as nearly a quarter (25%) of businesses say their most damaging data breach in the past three years cost their organisation at least US $1 million, with exposure highest among enterprises generating $5 billion or more in revenue (45%).

Skills gaps weigh on bolstering AI and cyber defence capabilities

Cyber security workforce shortages continue to impede progress as organisations operationalise AI, secure complex environments and prepare for the next generation of threats.

Over half (60%) of respondents said a lack of knowledge in the application of AI for cyber defence, or lack of relevant skills (50%), were the biggest internal challenges to implementing AI for cyber defence over the last 12 months.

But while talent shortages weigh – business is responding by prioritising areas such as AI and machine learning tools (61%), cyber tool consolidation (51%), security automation tools (49%), and upskilling or reskilling (49).

The cyber skills deficit challenge runs deeper beyond preparation for AI. More than half (55%) of leaders cite a lack of qualified personnel as a top challenge when securing operational technology (OT) and the industrial internet of things (IIoT) systems.

At the same time, as quantum technologies are advancing and represent one of the top-ranked threats organisations are least prepared to address (after third party breaches, 18%; followed by attacks ransomware (13%), cloud-related threats (12%), on connected products (8%)), nearly 40% haven’t considered or started implementing any quantum-resistant security measures due to a lack of understanding about post-quantum risks, limited internal resources and competing demands.