KPMG survey shows banks racing to adopt AI and boost cyber defense

KPMG’s latest banking read is less about experimentation than about discipline. Banks are moving hard into AI and digital change, but the firms that win work will be the ones that can prove speed, control, and resilience at the same time.

Speed now comes with guardrails

The clearest signal in KPMG’s 2025 Banking Survey: Technology is that AI has moved from a side project to a core operating issue. The survey covered 200 U.S. banking executives across large institutions, regional banks, and community banks, and it shows a sector that is pushing to improve online and mobile experience while rewiring its risk posture at the same time.

That tension is the real story for people inside KPMG. Banks want faster delivery, but they are not relaxing the controls around it. For consultants, auditors, and advisory teams, that means clients will keep asking for help that is practical, defensible, and tied to business outcomes, not just strategy decks.

Where the money is going

KPMG says 96% of institutions are sharpening online channels and 95% are sharpening mobile channels. That is the front door work, the part customers notice immediately. But behind that push, 61% place GenAI among their top investment priorities and 57% say it is critical to long-term relevance.

The spending pattern tells the same story. In KPMG’s AI Quarterly Pulse Survey Banking Q1 2026, average projected AI spend reached $177 million, up from $133 million in Q4 2025. Of that AI budget, 80% is going to cyber or data security, 75% to operations, and 75% to customer experience.

For KPMG teams, that is a major clue about where client demand will land in the next few quarters. Banks are not just buying shiny use cases. They are buying help with workflows, controls, data governance, and the operational work needed to make AI stick.

Pilots are giving way to real deployment

KPMG says more than 80% of institutions already have active pilots or live use cases in cybersecurity and fraud, and more than 90% report similar progress in fraud detection. That matters because it shows banks are past the “should we try it?” phase in several critical areas.

The next question is what happens when the pilot becomes a permanent part of the control environment. That is where audit, advisory, and tax work starts to overlap more visibly. Audit teams need to understand the systems and controls behind the model. Advisory teams need to translate the technology into business cases and governance. Tax teams need to understand how digital operating models and automated processes affect reporting and structure.

The broader market is moving fast, but not evenly

KPMG’s Global tech report 2026 widens the frame. It is based on surveys of 2,500 tech executives worldwide, including 760 financial services technology leaders, and 89% of those financial services respondents identify as innovators or fast followers. That sounds encouraging, but KPMG’s own report also suggests the industry is not remotely finished.

Across the broader tech sample, 50% of executives expect to reach top tech maturity in 2026, but only 11% say they are there today. KPMG also says 74% report that their AI use cases deliver business value, yet only 24% achieve ROI across multiple use cases. In practice, that means many firms can point to wins, but fewer can show that the wins scale across the enterprise.

For KPMG professionals, that is where the work becomes more valuable. Clients will pay for help moving from isolated success to repeatable execution, especially when the pressure is to scale quickly without creating new risks or adding complexity.

Why cyber is now inseparable from AI

KPMG’s Cybersecurity considerations 2026 report makes clear that the threat landscape is not standing still. It is shaped by AI, geopolitics, regulatory pressure, supply-chain disruption, non-human identities, hyperconnectivity, and quantum decryption risk.

One of the most important shifts is identity. KPMG says non-human identities such as AI agents, service accounts, and machine credentials now outnumber human users. That changes how banks think about access, monitoring, and trust, because the security perimeter is no longer built only around employees.

This is where the CISO’s role becomes more strategic. KPMG argues the job is no longer just about managing risk. It is about turning cyber risk into trust, resilience, and better organizational performance. For KPMG staff working with financial institutions, that raises the value of people who can talk fluently about both technology and control design.

Boards are being pulled into the details

KPMG’s January 2026 board agenda paper for banking and capital markets shows how far this has moved up the chain. The paper says boards should reassess strategy, understand AI risks and opportunities, review data governance, and assess whether cybersecurity governance is keeping pace.

It also says volatility, regulatory change, AI, elevated cybersecurity risk, and geopolitical tension will intensify pressure on management and boards in 2026. Just as important, it points to the board’s role in explaining business-model disruption and AI’s impact on the workforce.

That matters inside KPMG because it changes who gets pulled into the room. The strongest teams will be the ones that can move between technical detail and board-level judgment, especially when the client wants proof that new technology is making the business stronger rather than simply faster.

What this means for KPMG teams

The message for KPMG people working in financial services is straightforward: the market is rewarding multidisciplinary judgment. Banks want faster output, but they also want evidence that AI and cyber spend are improving outcomes, protecting data, and fitting inside a regulated environment.

That raises the value of a few skills in particular:

• control design and testing around AI-enabled processes
• data governance and privacy risk assessment
• cybersecurity oversight, especially around non-human identities
• implementation support that turns pilots into operating models
• business translation that links technology to customer experience and cost

This is also the kind of work that can influence career trajectory. In a firm like KPMG, the people who can bridge audit, advisory, tax, and cyber are usually the ones who become harder to replace and easier to promote. The work is more demanding, but it is also closer to where client demand is moving.

The Microsoft expansion shows where the market is headed

KPMG’s June 9, 2026 expansion of its global relationship with Microsoft adds another layer to the story. The firms said they would use Microsoft Agent 365 to enhance KPMG’s Trusted AI framework and help clients manage, monitor, and secure AI agents at scale. KPMG member firms also plan to deploy Microsoft 365 Copilot across the global workforce.

That is a useful indicator of where banking clients are headed next. They are not only asking how to use AI. They are asking how to govern it, secure it, and make it part of daily work without losing control. For KPMG, the opportunity is not just to advise on the future. It is to help banks prove they can move fast and stay credible at the same time.