AI-driven cyber threats impact spending plans

Nearly 82% of CEOs and CISOs surveyed by AXIS said their organisations plan to increase cybersecurity budgets over the next 12 months, while 75.2% said they are likely to reduce cybersecurity headcount tied to productivity gains from AI cybersecurity tools.

AXIS Capital Holdings Limited said the findings point to changes in how companies allocate resources while artificial intelligence changes both cyber defence capabilities and attack methods.

“AI is clearly a transformative force for data analytics, innovation, and operational efficiency, and it is also undeniable that AI is quickly propelling us toward an entirely new risk landscape,” said Vince Tizzio (pictured), AXIS president and CEO. “The findings in this report underscore our new environment, where a technology that promises untold productivity gains is also creating unprecedented risk.”

AXIS said AI is improving defensive technologies but also equipping cybercriminals with tools that can increase speed and adaptability. Risks discussed in the report include shadow AI, model manipulation, deepfakes and social engineering, data leakage and advanced ransomware.

The report found that AI-driven attacks were viewed as the top emerging cyber threat across both the UK and US regions. In the survey’s combined results, AI-driven attacks were cited by 25.2% as the leading emerging threat, followed by identity theft or credential abuse (18.0%) and supply chain compromise (16.6%).

Regionally, executives differed in the level of concern about AI-driven attacks as the greatest emerging cyber threat over the next 12 months. The report showed higher concern among UK executives at 29.6%, compared to US executives at 20.8%.

The study also found differences in how CEOs and CISOs prioritise AI-related risks. CISOs most frequently pointed to shadow AI, described as the unsanctioned use of AI tools by employees without IT or security safeguards or approval, as the greatest AI risk (27.2%). CEOs most frequently cited data leakage (28.7%).

Confidence and trust also diverged by region. AXIS said 85% of US leaders felt prepared for AI threats, compared with 44% of leaders in the UK. Among CEOs, 88.4% in the US said they were confident AI would better their company’s safeguards, compared with 55.3% in the UK.

Trust in AI tools for cybersecurity decisions showed a similar gap. In AXIS’ findings, 82.6% of US CEOs and 83.0% of US. CISOs reported trusting AI tools, compared with 49.6% of UK CEOs and 37.0% of UK CISOs.

Respondents also differed on return on investment. In the US, 93.5% of CEOs and 87.5% of CISOs said AI delivered ROI for cybersecurity, compared with 69.1% of UK CEOs and 74.0% of UK CISOs.

The survey found US respondents were more likely to carry cyber insurance, at 94.0%, compared with 68.4% in the UK.

“Our survey findings indicate the impact of AI in transforming corporate defence strategies while exposing differing views between CEOs’ strategic optimism and CISOs’ security prudence,” said Lori Bailey, head of global cyber and technology at AXIS.

The findings were based on a 23-question online survey of 500 CEOs and CISOs in the US and UK. The US sample included 138 CEOs and 112 CISOs, while the UK sample included 123 CEOs and 127 CISOs. Respondents represented companies with at least 250 employees. The survey was fielded October 22-29, 2025, by an independent company.