New York – A significant increase in cybersecurity investment is on the horizon as businesses prepare to counter a new wave of sophisticated, AI-driven threats. The 2025 KPMG Cybersecurity Survey reveals that a remarkable 99% of security leaders intend to boost their cybersecurity budgets over the next two to three years, indicating that cybersecurity has evolved from a mere priority to a critical business imperative.
The survey, which gathered insights from over 300 C-suite and senior security leaders, highlights a surge in spending, with 98% confirming budget increases in the past year alone. This influx of investment comes alongside a concerning trend: 83% of organizations report an uptick in cyberattacks, ranging from phishing and ransomware to advanced AI-powered social engineering schemes. The findings underscore an expanding threat landscape that is driving organizations to enhance their cybersecurity spending, recruit talent, and forge strategic partnerships.
“The data doesn’t just point to steady growth; it signals a potential boom. We’re seeing a major market pivot where cybersecurity is now a fundamental driver of business strategy,” said Michael Isensee, Cybersecurity & Tech Risk Leader at KPMG LLP. “Leaders are moving beyond reactive defense and are actively investing to build a security posture that can withstand future shocks, especially from AI and other emerging technologies. This isn’t just about spending more; it’s about strategic investment in resilience.”
Key indicators from the KPMG survey suggest that the cybersecurity boom is imminent. Firstly, a vast majority of companies (99%) are planning to increase their cybersecurity budgets in the coming years, with 54% anticipating significant increases of 6% to 10%. However, leaders face challenges in securing these additional funds, with 52% citing competing priorities in budget allocation, including data security and privacy, identity and access management (IAM), and cloud security. This scenario necessitates a strategic approach to spending, pushing leaders to leverage AI, unified security platforms, and Managed Services to enhance efficiencies and bolster their defensive capabilities.
The rise of AI presents a double-edged sword for businesses. While 38% of leaders identify AI-driven attacks as a prominent challenge in the near term, 70% of organizations report allocating more than 10% of their budgets to AI-related cybersecurity initiatives. Furthermore, respondents indicated that AI will be instrumental in proactively identifying and mitigating threats, with applications in fraud prevention (57%), predictive analytics (56%), and enhanced detection (53%).
As investment in cybersecurity escalates, the competition for skilled professionals intensifies. The survey shows that 53% of leaders perceive a lack of qualified candidates as a significant barrier, prompting organizations to raise compensation for cybersecurity roles (49%), enhance internal training programs (49%), and increasingly rely on external partners, including Managed Security Service Providers (MSSPs), to fill critical talent gaps.
Investment strategies are also evolving, with a notable shift towards controls that protect access and trust across enterprises. The survey indicates that 42% of leaders are prioritizing identity and access management in their budgets over the next two to three years, following closely behind data security, privacy, and cloud security. This shift reflects a growing acknowledgment that as organizations expand their use of cloud and AI technologies, robust identity governance and access controls become essential for protecting sensitive data and systems, thereby enhancing organizational resilience.
The confluence of increased investment, a pronounced talent gap, and the pressing need to outpace AI-driven threats marks the onset of a new era in cybersecurity. As organizations adapt to these dynamics, the importance of robust cybersecurity measures may become pivotal not just for security, but for survival and growth in an increasingly digital landscape.
About the Survey
The 2025 KPMG Cybersecurity Survey was conducted from September 25 to October 9, 2025, with responses from 310 C-suite security leaders at U.S. organizations boasting at least $1 billion in revenue.
About KPMG LLP
KPMG LLP is the U.S. firm of the KPMG global organization, which comprises independent professional services firms providing Audit, Tax, and Advisory services. The KPMG global network operates in 147 countries and territories, employing over 219,000 professionals worldwide.
