AI threats surge as security teams shrink
A new report reveals an increasing disconnect between cybersecurity and compliance priorities and organizational capacity to address them.
The study from Secureframe, based on a survey of 255 security, compliance, and IT professionals, finds security teams are carrying unprecedented responsibility with insufficient resources, manual compliance work is consuming critical time, and the absence of verifiable security credentials is directly impacting revenue.
While 93 percent of organizations rank security as a top priority, 68 percent have one or fewer full-time cybersecurity employees. At the same time 55 percent cite AI-powered attacks as a top concern for 2026, while 33 percent are already using AI tools to streamline their compliance operations.
"Our research confirms what forward-thinking security leaders already know: reactive compliance approaches are exponentially more expensive than proactive programs," says Shrav Mehta, founder and CEO of Secureframe. "The gap between urgency and capacity is creating real business consequences, from lost deals to increased risk exposure. Organizations can no longer afford to treat security as a shared side responsibility."
What’s also interesting is that compliance is increasingly key to the wider business. 61 percent report that achieving compliance has been required to win or renew contracts, while 47 percent say lacking certification has delayed sales cycles. 40 percent are pursuing certification specifically to reach enterprise customers, 38 percent have lost revenue or competitive bids due to lack of certification and 33 percent face external pressure from investors and partners to demonstrate security maturity. Despite this, however, nearly 70 percent rely on time-consuming security questionnaires and RFPs (Request For Proposal) to prove their security posture, while only 20 percent provide proactive visibility through dashboards or trust centers.
There’s added complexity too, 52 percent of organizations maintain compliance with more than one framework, with larger companies averaging 3.2 frameworks compared to 1.6 for smaller organizations. This complexity, combined with limited staffing, makes automation essential rather than optional.
The full report is available on the Secureframe site.
Image credit: BiancoBlue/depositphotos.com
