A new survey from the folks at PwC, the 2026 Global Digital Trust Insights, has laid this contradiction bare. It paints a picture of an industry throwing unprecedented sums of money at a problem while simultaneously admitting they’re not even close to solving it. This isn’t just a minor discrepancy; it’s a chasm between spending and security, between investment and confidence. It suggests a fundamental misunderstanding of what AI can, and cannot, do for our digital defences.
Drowning in Dollars, Gasping for Confidence
The numbers themselves are quite staggering. According to the PwC report, which surveyed over 3,800 executives globally, a full 78% of organisations plan to increase their cybersecurity budgets this year. That’s hardly surprising. What is surprising is where that money is headed. Of all the possible areas for investment, AI tops the list, with 36% of leaders naming it their number one priority. So far, so predictable in the current AI-obsessed climate.
Here’s the kicker, though. Despite these enormous AI security investments, a minuscule 6% of organisations rate themselves as “very capable” across all areas of cyber defence. Let that sink in. A third of companies are making AI their top spending priority, but fewer than one in sixteen feel truly prepared for an attack. It’s like buying a state-of-the-art fire engine but admitting you have no idea how to work the hydrant. The spending is happening, but the confidence simply isn’t there. This disparity points to a profound issue: we’re buying the tools, but we haven’t figured out the strategy.
Worse still, the consequences of failure are becoming ruinously expensive. The same report found that for 27% of businesses, their most damaging data breach in the past three years cost their organisation at least $1 million. So, the stakes are rising, the spending is increasing, but the feeling of preparedness is flatlining. The data suggests that much of this investment is flowing into one particular area: detection. But is being the fastest to spot a fire as good as preventing it in the first place?
Threat Hunting Automation: The Hyper-Vigilant Digital Guard
One of the most popular applications for these new AI budgets is threat hunting automation. In simple terms, this is about teaching an algorithm to do the painstaking work of “hunting” for signs of a breach within a corporate network. Think of a traditional Security Operations Centre (SOC) analyst as a detective sifting through mountains of surveillance footage, looking for a single suspicious face. It’s a gruelling, thankless task, and a human can only watch so many screens.
AI-powered threat hunting, in contrast, is like having a thousand detectives watching every screen at once, 24/7. These systems can analyse billions of data points—log files, network traffic, user behaviour—and spot the subtle anomalies that signal an intruder. It’s a game of pattern recognition at a scale no human team could ever hope to match. By automating this process, organisations can dramatically slash the “dwell time”—the dangerous period between when an attacker gets in and when they are finally discovered.
This is undeniably a huge leap forward. It makes our response faster and our security teams more efficient. But it’s still fundamentally a reactive measure. We are optimising the process of finding the burglar who is already in the house. We’re getting better at cleaning up the mess, but all this focus on detection begs a far more important question: what are we doing to stop the burglar from getting through the door?
The Allure of Zero-Day Exploit Prevention: Can AI Predict the Future?
This brings us to the holy grail of cybersecurity: zero-day exploit prevention. A “zero-day” is a vulnerability so fresh and new that even the software vendor doesn’t know about it. It’s a secret backdoor that only the attackers have found, and because it’s unknown, there’s no patch or signature-based defence against it. They are the cyber equivalent of an unblockable move.
Naturally, the promise of using AI to prevent these attacks is incredibly seductive. The idea is that instead of looking for known threats, AI can establish a baseline of “normal” behaviour for a network and its applications. When it sees code executing in a strange, anomalous way—even if it doesn’t match any known attack pattern—it can flag or block it. It’s less about identifying the weapon and more about identifying the intent to cause harm.
While this sounds great in a sales pitch, the reality is more complex. True zero-day exploit prevention is a probabilistic bet, not a certainty. AI models can be exceptionally good at spotting deviations from the norm, but they are not clairvoyant. The most sophisticated, never-before-seen attack might still look “normal” enough to slip past. Overly aggressive models can also lead to a nightmare of false positives, blocking legitimate actions and grinding business to a halt. So while AI improves our odds, it doesn’t eliminate the risk. The focus, once again, often drifts back to detecting the consequences of a zero-day exploit as quickly as possible, rather than purely preventing it.
SOC Optimization: Taming the Deluge of Alerts
This is where the most immediate and tangible benefit of AI security investments is found. The modern Security Operations Centre is a high-stress environment, plagued by “alert fatigue.” Analysts are bombarded with thousands of warnings every day, the vast majority of which are false positives. It’s the digital equivalent of “The Boy Who Cried Wolf,” and it leads to burnout and, critically, missed threats.
This is a problem tailor-made for AI. By applying machine learning models, SOC optimization becomes possible. The AI can act as a powerful filter, automatically investigating low-level alerts, correlating related events, and dismissing the noise. It then escalates only the most credible, high-priority threats to human analysts. This doesn’t replace the human, but it augments them, freeing up their expensive time and expertise for an actual investigation rather than endless triage.
This is a clear win for efficiency and resource allocation. It makes the SOC better, faster, and more effective. Yet, it reinforces the core paradox. We are building an incredibly sophisticated and expensive system for managing the flood, but we’re spending far less time, energy, and money trying to stop the rain. All these advancements—threat hunting, near-real-time exploit detection, SOC optimisation—are primarily defence, not prevention. They shore up the last line, not the first.
The Elephant in the Room: You Can’t Buy a Workforce
Perhaps the real answer to the paradox lies not in the technology at all, but in the people. You can purchase the most advanced AI security platform on the market, but who is going to configure, manage, and interpret its output? As Femi Osinubi, a leader at PwC Nigeria, astutely noted, “AI presents a significant opportunity to strengthen cyber defence, with success dependent on addressing the skills gap.”
This is the dirty little secret of the AI revolution. Far from making humans redundant, this new wave of technology demands an even more skilled, more specialised, and more expensive workforce. The PwC survey confirms this, highlighting persistent workforce shortages and a glaring skills gap as major obstacles. The 6% of organisations that feel “very capable” probably aren’t just the ones with the biggest budgets; they’re the ones who have managed to attract and retain the talent to properly wield these powerful new tools.
You can’t just download a team of AI-savvy cybersecurity experts. These are people who need a deep understanding of two incredibly complex and rapidly evolving fields. This isn’t a problem you can solve with a purchase order. It requires a long-term strategy of in-house training, new hiring profiles, and cultivating a security-aware culture from the top down. Without the right people, that multi-million-dollar AI platform is little more than a blinking, expensive box.
Shifting From Reaction to Resilience
The obsession with using AI for detection is understandable. It delivers measurable results: faster response times, fewer false positives, and more efficient teams. It’s a tangible return on investment that a CFO can understand. Prevention, on the other hand, is harder to quantify. How do you measure the breach that didn’t happen?
But the current trajectory is unsustainable. As attackers also begin to weaponise AI, our purely defensive and reactive posture will eventually be overwhelmed. A strategy based on cleaning up after the fact is a strategy that has already accepted defeat. The real promise of AI security investments won’t be realised by building better alarm systems, but by building fundamentally more resilient and secure organisations from the ground up.
This means shifting focus and budget. It means investing not just in detection, but in AI-powered tools that help write more secure code, that identify architectural weaknesses before they are deployed, and that train employees to be the first line of defence, not the weakest link. The future of security belongs to those who move beyond the reactive cycle of detect-and-respond and use technology to build a culture of proactive prevention.
So, as you review your own organisation’s strategy, it’s worth asking a critical question: Are you simply buying a faster shovel to deal with the aftermath, or are you investing in a plan to stop the ground from breaking in the first place?
