TL;DR

New AWS research reveals companies globally plan to increase technology spending, with 97% planning higher cloud spend and 90% boosting cybersecurity budgets. However, concerns persist as 39% cite compliance and security frameworks as biggest risk priorities, whilst 80% of organisations reported at least one data breach in the past year affecting both on-premises and cloud infrastructure.

Spending Increases Across Technology Categories

AWS research has found companies globally are planning significant technology spending increases, with over nine in 10 planning to increase overall IT spend (93%), cloud spend (97%), and cybersecurity spend (90%).

The need to address security and infrastructure challenges is clear: three-fifths (59%) of applications today are cloud-based, and that proportion is set to rise to three in four (75%) within a year. This rapid shift places pressure on organisations to simultaneously scale infrastructure whilst maintaining security controls.

Divided Perceptions of AI Security

There’s a clear divide in how AI is perceived from a security perspective. Whilst 23% see AI as a security ally enabling more automated detection, 39% cite compliance and security frameworks as the biggest risk priorities over the next three years.

This divergence suggests organisations are grappling with AI’s dual nature: as both a potential solution to security challenges through improved detection capabilities, and as a source of new compliance and governance risks requiring oversight frameworks.

Public Cloud Confidence Despite Breach Rates

For the most part, AWS found participants agreed public cloud is better positioned to help them meet future needs, particularly compared with on-premises solutions. Over half agreed public cloud is better for security (56%) and regulatory compliance (51%), with four in five (81%) agreeing that public cloud exceeds their internal capabilities.

However, breach data reveals a more complex picture. Four in five organisations reported at least one data breach in the past year, affecting both on-premises infrastructure (78%) and public cloud (79%). This similarity suggests the risk comes from operational factors rather than the security of the environment itself.

Barriers to Cloud Adoption Persist

Despite confidence in public cloud capabilities, several hurdles remain preventing broader adoption. Integration issues with legacy applications and infrastructure represent a significant concern, raised by two-fifths (38%) of surveyed organisations.

Cost considerations (33%), digital sovereignty concerns (29%), and skills shortages (25%) also contribute to hesitation. These barriers highlight the operational challenges organisations face beyond technology selection—particularly the difficulty of migrating complex legacy systems and finding personnel with requisite expertise.

Trust Beyond Technical Capability

“Confidence in the public cloud is no longer defined only by technical capability, it depends equally on transparency, reliability, and responsible conduct,” AWS concluded in its report.

This shift reflects maturation in cloud adoption discussions. Organisations increasingly evaluate providers not just on features and performance, but on broader governance factors including data handling practices, compliance support, and incident response capabilities.

Looking Forward

The research highlights a paradox in enterprise technology strategy: whilst organisations recognise public cloud’s superior capabilities and plan increased investment, security concerns remain prominent and breach rates stay high.

This suggests that simply moving to cloud infrastructure doesn’t automatically solve security challenges. Instead, organisations must address operational security practices, skills gaps, and governance frameworks to realise the security benefits that cloud platforms theoretically offer.

As cloud adoption accelerates and AI integration expands, organisations will need to balance innovation speed with security rigour—requiring investment not just in technology, but in the processes, skills, and oversight mechanisms that determine actual security outcomes rather than theoretical capabilities.

Source: TechRadar