SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Ai security lock glass office data breach neural network night
#
Data Protection
#
Hybrid Cloud
#
Digital Transformation

AI adoption drives security spend but breaches persist

Thu, 5th Mar 2026
Author image
By Sean Mitchell, Publisher

New research from Forrester suggests many organisations are spending more on security and privacy programmes but still struggling to reduce breach frequency, as rapid AI adoption and complex technology environments create new exposure.

Forrester found that two-thirds of enterprises experienced at least one breach in the past 12 months. It also reported that 67% of enterprise security decision-makers believe their organisation's sensitive data was compromised or breached at least once over the same period.

The findings point to a persistent gap between budget growth and measurable risk reduction. External attacks, internal incidents and supply-chain vulnerabilities remain leading breach causes, and breach recurrence has stayed broadly consistent year on year despite expanded defences.

AI governance

Forrester linked some of the strain to the speed of generative AI deployment. Organisations are rolling out genAI across employee productivity, data management and customer experience use cases, while privacy and cybersecurity teams struggle to keep pace with assessment and oversight.

Within privacy programmes, improving AI governance was a priority for 29% of respondents. Another 28% prioritised developing frameworks to assess and mitigate privacy risk from AI and genAI systems.

The research described this as a sequencing problem. Security and privacy functions can be delayed in validating AI-driven systems and establishing governance frameworks, leaving organisations to manage new data flows and automation without consistent controls across their environments.

Detection focus

Detection and response remains central to security planning. Forrester reported that 31% of enterprise security decision-makers chose improving detection and response as a top strategic priority, reflecting a shift towards more proactive defence rather than reliance on post-incident remediation.

Identity and access management continues to attract investment. The share of respondents highlighting employee identity and access management rose from 22% to 25% year on year, while customer identity and access management increased from 21% to 24%.

Operational constraints can still blunt the impact of these investments. Forrester cited visibility gaps, alert fatigue and tool complexity as obstacles that slow execution and limit the value of detection improvements.

Executive access

The research suggests some security and privacy leaders are gaining greater access to senior management, although board engagement remains uneven. More than one-third of enterprises reported that their Chief Privacy Officer has a seat at the executive table. Forrester found that 22% of Chief Privacy Officers report directly to the Chief Executive, while 17% report to the board.

CISOs also appear to be moving closer to the top of the organisation. Forrester reported that 31% report to the Chief Executive or president, and a further 10% report directly to the board.

However, the research flagged a gap in formal board-level communication. Only 15% of firms prioritised board-level communication in their security planning, leaving many organisations with oversight structures in place but limited focus on how risk is discussed and tracked at board level.

Cloud complexity

Forrester highlighted the operational consequences of expanding cloud and hybrid environments. Cloud adoption, multi-provider strategies, hybrid work patterns and broader digital ecosystems have expanded attack surfaces and increased fragmentation across security tools and governance models.

The research found that 63% of public cloud decision-makers expect to increase the number of cloud providers they use. That would require organisations to manage multiple policy frameworks, identity architectures and monitoring approaches in parallel, alongside additional third-party dependencies.

Despite this complexity, only 19% of organisations prioritised consolidating their security technology stack. This suggests many teams expect to integrate a growing set of tools rather than reduce the number of platforms in use.

Overall, the research portrays rising security and privacy ambition alongside persistent execution challenges. Organisations face a mix of legacy exposure, new AI-related risks and a larger supplier footprint, increasing the likelihood that breaches continue even as budgets rise and leadership visibility improves.

"Organisations worldwide are increasing their investment in security, privacy, and AI‐related governance - yet breaches remain the norm, and privacy and cybersecurity debt continues to accumulate."

Forrester's benchmarks suggest security teams will continue to prioritise identity controls and detection programmes, while privacy teams focus on AI governance and assessment frameworks as genAI becomes more embedded in day-to-day operations.

Related stories
Turning security into a story: How managed service providers use reporting to drive retention and revenue
Barracuda spots 7 million device code phishing attacks
Commvault extends Clumio support to Google Cloud Storage
Commvault brings cloud resilience tools to Google Cloud
Elastic adds Prometheus ingestion & PromQL in Kibana

Top stories

Zapier expands AI governance controls for enterprise users
Avatier launches offline card after Stryker cyberattack
Automotive microcontroller market set to hit USD $15.1bn
Vodafone & Google Cloud launch AI & security tools
ISACA launches AI risk certification amid governance gap