PwC Report Finds Cyber Resilience Spending Lags as AI-Driven Threats Intensify

Only six percent of organizations feel prepared to withstand a wide range of cyberattacks, as experts urge a layered, systemwide approach to resilience.

• By Tom Leyden
• Feb 17, 2026

Despite geopolitical uncertainty, new AI-created cyber threats and national state security risks, global businesses show their budget outlook is woefully thin on cyber resilience spending to defend against these threats. The 2026 PwC Global Digital Trust Insights report calls resilience “a work in progress” as only 6% feel their organization can withstand a wide range of attacks.

The report also warns that spending is too skewed toward reactive measures like paying fines than proactive measures to support effective cyber resilience. Ideally spending will reach a better balance. However, powerful cyber resilience does need to cover both before and after elements of security and data protection. Think of it as a complete system, one that assumes attacks will occur and focuses on fast, reliable recovery.

Taking a Systematic Approach to Cyber Resilience

Taking a systematic approach is the most effective means of fighting the new generation of automated AI threats, ransomware being the prime example. Using these modern tools, ransomware has evolved into a new, more dangerous version.

IT and security professionals know there is no solitary product or control that can stop every one of these threats. Protection must therefore be designed as a complete system, providing a business with the most thorough defense and recovery infrastructure.

To achieve resilience, it is strategic to think of a cyber security infrastructure as having five layers:  1.) API defense 2.) Data access control 3.) Stored data protection 4.) Multi-site data redundancy and 5.) Architecting for Immutability. These layers work together to keep data protected, recoverable, and trustworthy even when other parts of the environment are compromised. Any organization, regardless of size or technology stack, can apply these same principles.

1. Defense at the API origin. Gaining entry through management consoles or API is an alternative to accessing hardware and a favorite of attackers. Therefore, interfaces must be treated as critical security boundaries that deserve the same attention as firewalls or authentication systems.

Recommended defense tactics include strong access control, fine-grained permissions, and strict retention and immutability policies. These will protect data from both external attackers and accidental, potentially damaging internal actions. 

2. Data access control. Preserving the integrity and confidentiality of data, even when attackers succeed in breaching the network, must be a critical priority. To accomplish this, the data layer should always assume zero trust.

Every user, device, or process requesting access must be verified. Additionally, the system must encrypt data in transit and at rest to prevent stolen data from being exploited. Real time monitoring is also required to flag anomalies and suspicious activity. Along with audit trails, these practices strengthen a proactive defense.

3. Stored data protection. Hardening the storage layer is essential to business recovery in the event of a cyber-attack. Using techniques like erasure coding and distributed integrity checks, data can be reconstructed even if disks, servers, or entire nodes fail.

Another recommended practice is separating metadata from the stored data to thwart attackers trying to reassemble stolen information. This strategy helps ensure stored data will be recoverable even after a hardware failure or attack.

4. Multi-site data redundancy. The recent AWS outage is a good illustration of the need to spread risk via multiple sites and geographic locations. Data redundancy is the best approach to ensuring business continuity and recovery in case of a widespread outage, cyber-attack, or natural disaster.

As some locations come back online, locally stored data will help businesses recover faster. It is an essential safety net in an era in which businesses are more globally dispersed than ever.

5. Architecting for Immutability. For true resilience, a business must look beyond tools and policies to how the overall system architecture protects data and supports recovery. The best, secure architecture isolates failure domains so that an issue in one area does not cascade across the environment.

Add to this multi-site replication, hybrid-cloud deployment, and policy-based data placement to enable operations to continue if one region fails. Architecting immutability also requires being able to adapt to new threats like AI ransomware and making system changes to support the highest level of protection.

A Workable System for Future Threats

When only 6% of organizations feel confident, they can adequately respond to a wide range of threats, it is compelling proof that a system approach to resilience needs more adoption.

Without architecting for the certain eventuality of an attack or outage, businesses remain highly vulnerable while AI and other threats gain even more ground.
Defending against these threats can be efficiently managed by integrating the resilience layers into a simplified architecture. Unifying storage, backup, and security functions reduces risk while improving efficiency.

The easier it is for administrators to apply consistent policies and verify results, the stronger the overall defense becomes.

A 2026 survey outlook of digital trust professionals shows AI-driven social engineering (63%) as the top cyber threat they believe their organization will face next year. Ransomware and extortion attacks (54%) and insider threats (35%) are also noted. The threats are real and worsening. It’s time to fight back by putting cyber resilience into action.