Enterprises Are All in on AI for Security but Budgets Aren’t Keeping Pace

The rapid escalation of cyber threats has forced organizations to treat artificial intelligence not just as a tool, but as an essential layer of defense. While traditional security measures struggle against sophisticated attacks, AI excels at pattern recognition and anomaly detection, enabling faster identification of advanced persistent threats and deepfake impersonations. This shift is reflected in the EY survey, where nearly all security leaders acknowledge AI’s strategic importance, signaling a broader industry move toward intelligent, automated protection mechanisms.

Despite this enthusiasm, a stark funding shortfall persists. Over four‑fifths of respondents admit their AI budgets are inadequate, a mismatch that could leave critical gaps as adversaries weaponize the same technologies. Moreover, only one‑fifth of firms report a cohesive governance structure that embeds AI into corporate culture, exposing them to compliance and oversight challenges. The projected surge to 48% of cybersecurity spend on AI within two years underscores the urgency for budget realignment and governance reforms, especially as firms plan multi‑million‑dollar investments.

Return on investment remains mixed, with less than half of participants reporting under $1 million in savings, and a notable minority unable to quantify benefits. Nevertheless, leaders anticipate tangible performance gains, such as reduced mean time to detect and recover from incidents and fewer false positives. Focus areas like identity and access management, third‑party risk, and real‑time fraud detection are poised to benefit most from AI integration, positioning organizations to not only mitigate risk but also streamline operations in an increasingly hostile digital landscape.