Survey data from 300 senior security leaders at medium to large organisations shows a high frequency of security incidents despite widespread confidence in internal defences. Nine in 10 respondents reported at least one security incident in the past 12 months, with 17% saying incidents occur at least weekly and 32% saying at least monthly, while only 10% reported no incidents in the past year. At the same time, 76% rated their company’s security as above average and 5% said it was below industry standards, suggesting a disconnect between perceived and actual resilience.
Artificial Intelligence is emerging as both a driver of change and a source of concern for security teams. Sixty-five per cent said they need to rapidly upgrade security monitoring and threat detection due to Artificial Intelligence-related concerns, and more than half (54%) said identity and access management will become more complex over the coming year, while half said stronger data protection and privacy controls are needed. Fifty-nine per cent ranked Artificial Intelligence being exploited by malicious actors as the top risk, followed by protecting sensitive data used by generative Artificial Intelligence at 53% and compliance and regulatory risks linked to Artificial Intelligence at 53%. A skills gap compounds these pressures, with half citing the lack of security experts as the biggest obstacle to improving security, followed by legacy technology complexity at 46%, regulatory uncertainty at 45% and budget limitations at 42%.
Website security and broader strategic impacts feature prominently in the findings. Only 49% said they were fully prepared for a security incident, and nearly two in five (39%) reported a security issue that affected their content strategy in the past year, influencing publishing workflows, campaign timing and governance for content updates. For upcoming website investments, 62% prioritised data encryption and privacy, 56% focused on user authentication and access control, and 51% aimed to adopt Artificial Intelligence-powered security tools. On the wider threat landscape, respondents ranked hackers and malware highest at 54%, followed by employee human error at 47% and new risks introduced by Artificial Intelligence at 45%. Looking three to five years ahead, 55% identified increasing use of Artificial Intelligence as the biggest threat, compared with 49% for cloud adoption and multi-cloud complexity and 45% for growing global regulatory and compliance requirements, underscoring concerns that legacy systems, staffing shortages and outdated websites are constraining both day-to-day operations and long-term growth.
