KPMG: Cybersecurity spending rises as attacks increase
Security organizations are almost universally boosting their cybersecurity budgets, and with good reason.
An overwhelming 99% of surveyed C-suite and senior-level security executives plan to increase their cybersecurity budgets over the next two to three years, and 98% have increased their cybersecurity spending in the past 12 months.
Results of the 2025 KPMG Cybersecurity Survey, which polled more than 300 security executives, also showed 83% of respondents reported a rise in cyberattacks. These incidents included a range of security events, such phishing and ransomware as well as more advanced artificial intelligence-based social engineering attacks.
[READ MORE: Ransomware gang takes credit for hacking Belk in May 2025, report says]
With 99% of respondents planning to increase cybersecurity budgets in the next few years, more than half (54%) are planning for increases of 6% to 10%, even as 52% cite competing priorities for security budget allocation such as data security and privacy, identity and access management, and cloud security.
The survey also revealed some specific cybersecurity trends relating to AI and HR:
AI
While only 38% of respondents cited AI-powered attacks as a major challenge in the next two to three years, 70% are already dedicating more than 10% of their budgets to AI-related cybersecurity initiatives, and 58% dedicate more than 15%.
Respondents also said that the areas where AI will have the greatest cybersecurity impact are proactively identifying and stopping threats with fraud prevention (57%), predictive analytics (56%), and enhanced detection (53%).
HR
More than half (53%) of respondents cite a lack of qualified candidates as a high-impact cybersecurity challenge. Responses to this situation include increasing compensation (49%), boosting internal training (49%), and relying more on external partners (25%) including managed security service providers to fill critical talent gaps.
"The data doesn't just point to steady growth; it signals a potential boom," said Michael Isensee, cybersecurity & tech risk leader, KPMG LLP. "We're seeing a major market pivot where cybersecurity is now a fundamental driver of business strategy. Leaders are moving beyond reactive defense and are actively investing to build a security posture that can withstand future shocks, especially from AI and other emerging technologies. This isn't just about spending more; it's about strategic investment in resilience."
