50% of CISOs cite lack of internal expertise as a top AI security challenge.

1% of enterprises have a dedicated AI security budget.

58% of CISOs say AI is influencing their security stack consolidation strategy.

36% of CISOs report insufficient AI-specific security tools as a top challenge.

67% of CISOs report limited visibility into how AI is used across their environment.

3% of CISOs are actively consolidating their security stack due to AI.

48% of CISOs list limited visibility into AI usage as a top AI security challenge.

11% of enterprise CISOs have security tools specifically designed to protect AI systems.

21% of enterprises plan to introduce a dedicated AI security budget.

78% of enterprises fund AI security through existing security budgets.

44% of CISOs acknowledge their AI security posture lags behind the rest of their security program.

11% of CISOs are consolidating their security stack for reasons unrelated to AI.

75% of CISOs report their enterprises rely on extending controls originally designed for other attack surfaces to cover AI-driven workflows and infrastructure.

Cyberattacks against agencies in the U.S. have surged 25% in the last year and occur more frequently on a weekly basis than in the UK.

63% of U.S. organizations admit employees bypass controls to move faster.

In 2025, 61% of CISOs indicated that their organization’s board and C-suite expect the cybersecurity group to guarantee zero breaches and ransomware incidents.

Only 1% of U.S. organizations have fully implemented a modern Just-in-Time (JIT) privileged access model.

66% of U.S. organizations say traditional privileged access reviews delay projects.

In 2025, 19% of CISOs indicated that recovery efforts from cyber incidents extended as long as two weeks.

91% of U.S. organizations report that at least half of their privileged access is always-on, providing unrestricted access to sensitive systems.