The gap between digital transformation ambitions and cybersecurity execution is growing. Organisations are doubling down on AI, cloud, and analytics to fuel growth, yet just 40% bring cybersecurity into the planning phase. The fallout is predictable: delayed initiatives, elevated risk, and eroded competitiveness in a world that is relentlessly digital-first.

New findings from IDC underline the urgency. Across 411 respondents in seven markets, the average time to respond to a cyber incident is more than four days, with full recovery stretching beyond a week—timelines that disrupt operations and chip away at customer trust. Despite widespread board oversight and budgets many deem “adequate,” outcomes lag execution. Where 24×7 monitoring, predefined playbooks, and AI‑assisted detection exist, organisations contain and recover faster. Meanwhile, persistent weaknesses in vulnerability remediation and third‑party risk management continue to widen exposure.

GenAI is amplifying familiar threats—phishing, data leakage, and governance blind spots—faster than most controls are evolving. Leading teams are prioritising automation, endpoint hardening, and employee awareness, but too few have an integrated risk framework for AI that spans policy, access, and continuous assurance.

Security must now move upstream—embedded early and enabled by expert teams, automation, and orchestration—so digital transformation accelerates rather than stalls.

Download the IDC report by filling out the form below: