🍪 Cookie Notice

We use cookies to learn how you interact with our content, and show you relevant content and ads based on your browsing history. You can adjust your settings below. Here's our policy.

Cookie settings
Skip to main content

How AI-ready is your team? Take our AI Readiness Assessment to find out how you score — now live.

Security experts struggle to keep pace with AI threats as 90% report at least one security incident in the past year

PR
Try for Free

Storyblok is the first headless CMS that works for developers & marketers alike.

Laptop displaying a lock icon, document, and magnifying glass showing "90%" with exclamation mark, set against a blue background.
Laptop displaying a lock icon, document, and magnifying glass showing "90%" with exclamation mark, set against a blue background.
  • Storyblok survey of 300 senior security professionals reveals 65% businesses say they need to rapidly upgrade security monitoring and threat detection due to AI concerns
  • 17% say they experience a security incident at least once a week, 32% once a month, and only 10% report not having an incident in the past year
  • Lack of qualified security experts is cited by 50% of companies as the biggest barrier to improving security, followed by the complexity of legacy systems (46%) and regulatory uncertainty (45%)
  • 59% believe AI being exploited by malicious actors is the number one security concern, followed by protecting sensitive data used by gen AI (53%), and compliance and regulatory risks caused by AI (53%)

London, UK; January 2026: The vast majority of businesses are struggling to adapt and scale their security operations in the face of talent shortages and new threats from AI according to research released by enterprise CMS Storyblok.

Storyblok surveyed 300 senior security professionals in leadership or decision making roles at medium to large scale companies. The research underlines the challenges businesses now face in continuing to grow their operations while countering new security threats.

When asked to rank how they expected AI to impact company security practices in the coming year, 65% say they needed to upgrade security and threat monitoring, 54% identity and access management would become more complex, and 50% believe stronger data protection and privacy controls are required. However, meeting these demands is unlikely to be straightforward, with 50% responding that talent and skills shortages were a major barrier to improving security, followed by the complexity of legacy tech systems (46%), regulatory uncertainty (45%) and budget limitations (42%).

Website security remains a key area of concern. Only 49% of businesses say they were ‘fully prepared’ for a security incident and 39% reported a security issue impacting their content strategy in the past year. 62% cited data encryption and privacy as an area which needs to be prioritized for future website security investment, followed by user authentication and control (56%), and AI powered security tools (51%).

The top three security threats identified by businesses were threats from hackers and malware (54%), employee human error (47%), and AI introducing new risks (45%).

In relation to AI-specific security threats, 59% rated new AI tools being used by hackers as a major challenge, followed by protecting data used or generated by AI (53%), and compliance and regulatory risks caused by AI (53%).

When asked which parts of their company’s strategy was most affected by security concerns, 60% said being able to scale security operations in line with company growth, followed by handling employee and customer data across countries (58%), and working with new vendors and partners safely (49%).

Despite these concerns, 76% of businesses rated their company’s security as above average, with only 5% admitting it was below industry standards.

Looking ahead to threats in the next three to five years, increasing use of AI was unsurprisingly number one at 55%, followed by cloud adoption and multi-cloud complexity (49%), and growing global regulatory and compliance requirements (45%).

Dominik Angerer, CEO and Co-Founder of Storyblok, said: “It will not come as a surprise to many that new threats from AI are top of mind for security professionals. However, recognising the problem and adapting to it are very different propositions. Our research shows that legacy systems, skills shortages and outdated websites are all areas of vulnerability for many businesses. This goes beyond the immediate potential damage of a hack but also hinders day-to-day business operations like content strategies, as well as long term strategic goals, such as scaling internationally.

“On one hand the vast majority of professionals say that their security operations are ‘above average’, on the other 90% say they have had at least one security incident in the past year. Complacency is a real risk factor. This is why it is critical that businesses look at upgrading their tech infrastructure as both a commercial and a security necessity.”

About Storyblok

Storyblok is a headless CMS that enables marketers and developers to create with joy and succeed in the AI-driven content era. It empowers you to deliver structured and consistent content everywhere: websites, apps, AI search, and beyond.

Legendary brands like Virgin Media O2, Oatly, and TomTom use Storyblok to make a bigger, faster market impact. It’s Joyful Headless™, and it changes everything.

More to read