1% of enterprises have a dedicated AI security budget.

21% of enterprises plan to introduce a dedicated AI security budget.

50% of CISOs cite lack of internal expertise as a top AI security challenge.

36% of CISOs report insufficient AI-specific security tools as a top challenge.

58% of CISOs say AI is influencing their security stack consolidation strategy.

3% of CISOs are actively consolidating their security stack due to AI.

11% of CISOs are consolidating their security stack for reasons unrelated to AI.

44% of CISOs acknowledge their AI security posture lags behind the rest of their security program.

48% of CISOs list limited visibility into AI usage as a top AI security challenge.

67% of CISOs report limited visibility into how AI is used across their environment.

75% of CISOs report their enterprises rely on extending controls originally designed for other attack surfaces to cover AI-driven workflows and infrastructure.

11% of enterprise CISOs have security tools specifically designed to protect AI systems.

78% of enterprises fund AI security through existing security budgets.

Cyberattacks against agencies in the U.S. have surged 25% in the last year and occur more frequently on a weekly basis than in the UK.

72% of CISOs agreed that their role has evolved to include leading their organization’s ability to recover continuity following a cyberattack or security incident.

54% of U.S. organizations uncover unmanaged privileged accounts and secrets every week.

67% of CISOs stated they are the primary executive responsible for ensuring Cyber Resilience within their organization.

In 2025, 83% of CISOs reported that Cyber Resilience was more critical for their organization than traditional cybersecurity measures, compared to 90% in the previous year.

88% of U.S. organizations manage two or more identity security tools, creating fragmentation that introduces blind spots.

Only 1% of U.S. organizations have fully implemented a modern Just-in-Time (JIT) privileged access model.