Salesforce 4th Edition of the 'State of IT: Security' Report

In an era where artificial intelligence is rapidly being integrated into business processes, ensuring data security and protecting IT infrastructures has evolved from being merely a technical responsibility to becoming a strategic priority. The fourth edition of Salesforce’s State of IT: Security report highlights this transformation through insights gathered from interviews with more than 4,000 IT and security leaders worldwide. The report reveals four key trends reshaping corporate security strategies.

1. Security Budgets Are Rising, and Risk-Based Approaches Take Priority

In 2020, only 8.6% of IT budgets were allocated to security, but by 2024 this figure has increased to 13.2%. 75% of the organizations surveyed plan to further increase their security investments in the coming year.

This growth is driven not only by the increasing number of threats but also by the reputational damage, legal penalties, and erosion of customer trust caused by data breaches.

Security budgets are now at the center of executive agendas, not just the domain of IT departments. Organizations aim to develop proactive security strategies with risk-based approaches.

2. Trust Is Becoming a Competitive Advantage

64% of consumers believe that companies do not adequately protect their personal data. Additionally, 61% state that data privacy has become more critical than ever with the rise of AI technologies.

This landscape has made security not just the responsibility of IT, but also a shared priority for marketing, legal, and customer experience teams.

Organizations must manage not only data but also customer trust when leveraging AI. They should turn trust into a competitive advantage by building transparency-driven data policies.

3. Regulations Are Expanding, and Compliance Processes Are Becoming More Complex

68% of IT leaders report that rapidly changing regulations are making compliance processes more challenging. Regional data protection laws and industry-specific regulations require multilayered governance, particularly for companies operating on a global scale.

Furthermore, 43% of security leaders admit they are not yet prepared for new regulations that will be designed specifically for AI.

Organizations need to prepare not only for existing legal requirements but also for AI-driven regulations on the horizon. This preparation demands transformation of both technological infrastructure and governance models.

4. AI Is Both a Security Tool and a Risk Factor

80% of respondents state that AI significantly supports security teams in areas such as threat detection, automated response, and vulnerability identification.

At the same time, AI itself creates new security risks. Model manipulation, protection of training data, algorithmic transparency, and misuse are among the emerging threats.

Integrating AI into security processes is no longer sufficient — organizations must also implement new security layers to protect AI technologies. The concept of “Secure AI” is becoming a cornerstone of security strategies.

The State of IT: Security report clearly demonstrates that security has evolved beyond a purely technological issue to become an ethical, governance, and strategic concern. To secure a strong position in the digital security era, organizations should focus on:

• Optimizing security budgets with risk-based plans,

• Strengthening customer trust through transparent data policies,

• Developing flexible processes that can adapt to dynamic regulations,

• Building security architectures that manage AI as both an opportunity and a threat.

Strategic actions in these areas will help organizations become more resilient, trustworthy, and competitive in the age of artificial intelligence.