SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Small business office network ai cyber attack understaffed it team
#
Malware
#
Data Protection
#
Digital Transformation

AI-linked security incidents surge amid skills gap

Thu, 5th Feb 2026
Author image
By Mark Tarre, News Chief

Storyblok has published survey findings indicating that most medium to large businesses suffered security incidents in the past year, with many linking rising risk and operational pressure to artificial intelligence and a shortage of specialist staff.

The survey of 300 senior security professionals in leadership or decision-making roles points to frequent incidents alongside high confidence in internal security standards.

Nine in 10 respondents reported at least one security incident in the past 12 months. Seventeen per cent said incidents occur at least weekly, and 32% said at least monthly. Only 10% reported no incidents in the past year.

Despite that, 76% rated their company's security as above average, while 5% said it was below industry standards.

AI pressure

AI is pushing organisations to change security practices and increase monitoring. Sixty-five per cent said they need to rapidly upgrade security monitoring and threat detection due to AI-related concerns.

More than half (54%) said identity and access management will become more complex over the coming year. Half said stronger data protection and privacy controls are needed.

Respondents also identified their main AI-specific concerns. Fifty-nine per cent ranked AI being exploited by malicious actors as the top risk. Protecting sensitive data used by generative AI came next at 53%, along with compliance and regulatory risks linked to AI (also 53%).

Skills gap

A shortage of qualified security specialists emerged as a major barrier. Half cited the lack of security experts as the biggest obstacle to improving security.

Legacy technology complexity followed at 46%, regulatory uncertainty at 45%, and budget limitations at 42%.

The findings point to a gap between the pace of new threats and many organisations' capacity to respond. Skills shortages can slow deployment of monitoring tools, delay incident response planning, and limit progress on governance and controls for AI systems.

Website exposure

Website security featured prominently, reflecting the importance of digital channels for customer interaction and content publishing. Only 49% said they were fully prepared for a security incident.

Nearly two in five (39%) reported a security issue that affected their content strategy in the past year. Incidents can also have knock-on effects beyond remediation, including changes to publishing workflows, campaign timing, and governance for content updates.

For future website security investment, 62% prioritised data encryption and privacy, followed by user authentication and access control (56%) and AI-powered security tools (51%).

On broader threats, respondents ranked hackers and malware highest at 54%, followed by employee human error at 47% and new risks introduced by AI at 45%.

Growth constraints

Security concerns also appear to shape corporate strategy. Sixty per cent said the ability to scale security operations in line with business growth is the area most affected.

Handling employee and customer data across countries followed at 58%, pointing to concerns about cross-border operations and differing requirements. Working safely with new vendors and partners came next at 49%, reflecting supply chain and third-party risk pressures.

Looking three to five years ahead, respondents identified increasing use of AI as the biggest threat (55%). Cloud adoption and multi-cloud complexity followed at 49%, and growing global regulatory and compliance requirements at 45%.

Dominik Angerer, CEO and co-founder of Storyblok, said the results highlight a gap between awareness and execution in security teams.

"It will not come as a surprise to many that new threats from AI are top of mind for security professionals. However, recognising the problem and adapting to it are very different propositions. Our research shows that legacy systems, skills shortages and outdated websites are all areas of vulnerability for many businesses. This goes beyond the immediate potential damage of a hack but also hinders day-to-day business operations like content strategies, as well as long term strategic goals, such as scaling internationally.
"On one hand the vast majority of professionals say that their security operations are 'above average', on the other 90% say they have had at least one security incident in the past year. Complacency is a real risk factor. This is why it is critical that businesses look at upgrading their tech infrastructure as both a commercial and a security necessity," said Angerer.
Related stories
OT cyber threats shift from spying to disruption in 2025
LockBit 5.0 ransomware targets Windows, Linux, ESXi
Veriff & Data Zoo partner to combat AI identity fraud
CompTIA launches SecAI+ to tackle AI security skills
Proofpoint revamps global partner network for AI era

Top stories

AI-driven phishing surge dominates 2025 cyberattacks
Tailscale unveils Aperture to govern workplace AI use
Palo Alto warns on earnings as guidance disappoints
Gr4vy adds Sardine tools to unify fraud & payments
AI & endpoints reshape global information governance