09 February 2026
A recent survey by Storyblok uncovers a concerning gap between security confidence and actual incident rates among medium and large enterprises. Despite most organizations reporting frequent security breaches, many remain confident in their internal defenses. 
The survey, which polled 300 senior security professionals in leadership or decision-making roles, highlights the increasing pressure from artificial intelligence and a persistent skills shortage as major challenges impeding effective security management.
The findings reveal that nine out of ten respondents experienced at least one security incident in the past year. Alarmingly, 17% reported incidents occurring weekly, and nearly a third faced monthly breaches. Only a small fraction, 10%, claimed to have had no security issues over the same period. Interestingly, despite these figures, a significant majority—76%—rated their company's overall security as above average, with just 5% considering it below industry standards. This disconnect suggests a degree of complacency or overconfidence that could be perilous as threats evolve.
AI's influence on security practices is increasingly evident. Sixty-five percent of respondents indicated that they need to rapidly upgrade their security monitoring and threat detection systems in response to AI-related concerns. More than half expect identity and access management to become more complex in the coming year, while an equal proportion emphasized the necessity of stronger data protection and privacy controls.
The survey also identified primary AI-specific risks, with 59% of security leaders citing AI exploitation by malicious actors as the top concern. Protecting sensitive data used by generative AI technologies and navigating compliance and regulatory risks linked to AI both ranked at 53%. These risks underscore the need for organizations to adapt quickly to the new threat landscape driven by artificial intelligence.
A glaring issue highlighted by the survey is the shortage of qualified security professionals. Half of the respondents pointed to the lack of skilled experts as the biggest obstacle to enhancing their security posture. Other significant barriers included the complexity of legacy systems (cited by 46%), regulatory uncertainties (45%), and budget limitations (42%). This skills gap hampers the deployment of advanced monitoring tools, delays incident response, and restricts progress in AI governance and security controls.
Website security also remains a critical concern. Only 49% of organizations felt fully prepared for a potential security incident affecting their online presence. Nearly 40% reported that security issues had impacted their content strategies over the past year, leading to disruptions in publishing workflows, campaign scheduling, and governance processes. When considering future investments, the majority prioritized data encryption and privacy (62%), followed by user authentication and access controls (56%), and AI-powered security tools (51%).
Broader threat perceptions showed hackers and malware as the most significant risks (54%), with human error by employees close behind (47%). Respondents also expressed concern about new risks introduced by AI, which 45% identified as a growing threat.
Security considerations are increasingly shaping corporate strategies. Sixty percent of respondents said their ability to scale security operations in line with business growth is a major concern. Managing employee and customer data across different countries was highlighted by 58%, reflecting cross-border compliance challenges. Additionally, nearly half (49%) expressed apprehension about working securely with new vendors and partners, emphasizing supply chain and third-party risks.
Looking ahead three to five years, the survey predicts that the biggest threats will stem from the rising adoption of AI (55%). Cloud adoption complexities and expanding global regulatory landscapes also pose significant challenges, with 49% and 45% of respondents respectively citing these factors.
Dominik Angerer, CEO and co-founder of Storyblok, emphasized the disconnect between awareness and action. “While security teams are aware of the growing threats from AI, recognizing the problem and effectively addressing it are two different things. Our research shows that legacy systems, skills shortages, and outdated websites remain vulnerabilities that threaten not only security but also day-to-day business operations, content strategies, and long-term growth objectives. Despite many professionals rating their security as 'above average,' 90% have experienced at least one incident in the past year. This complacency poses a serious risk, underscoring the urgent need for businesses to upgrade their technological infrastructure as both a commercial and security priority,” Angerer said.
