Survey: Security spending to increase sharply in 2026

2026 cybersecurity budgets: AI investments, staffing challenges, and rising risk appetite

Takeaways:

• Cybersecurity budgets are set to increase sharply in 2026, with over half of large U.S. organizations planning significant spending boosts to address evolving threats.
• AI-driven initiatives such as fraud prevention, predictive analytics and enhanced threat detection is a top concern.
• Despite increased investment, organizations are increasingly willing to accept higher risk to drive productivity and innovation.

The good news for cybersecurity teams heading into 2026 is that despite a lot of economic uncertainty, cybersecurity budgets are expected to rise. A survey of 310 C-suite security leaders at U.S. organizations with at least $1 billion in revenue finds nearly all (99%) lead organizations that plan to increase cybersecurity budgets in the next few years, with well over half (54%) planning for significant increases of 6% to 10% as they brace for future threats.

A full 70% of respondents also say their organizations are already dedicating more than 10% of their budgets to cybersecurity initiatives involving artificial intelligence (AI), with the primary focus being on proactively identifying and stopping threats with fraud prevention (57%), predictive analytics (56%) and enhanced detection (53%).

The impact those AI investments will have on cybersecurity staffing is still unclear, but in the short term at least staffing shortages remain a significant issue. The survey finds more than half of leaders (53%) still view a lack of qualified candidates as a high-impact challenge, forcing them to increase compensation (49%), boost internal training (49%) and rely more on external partners (25%) such as managed security service providers (MSSPs).

Most already rely extensively on third-party partners, with IT services providers (67%) topping the list, followed by consulting firms (47%) and MSSPs (45%). Nearly half (47%) said investments in partners will see the biggest increases over the next two to three years, followed closely by cloud security (45%).

Much of the pressure C-suite executives are feeling appears to be attributable to a surge in cyberattacks that occurred over the past 12 months, with 83% of respondents reporting a rise. The top types of cyberattacks reported include phishing (51%), denial-of-service (49%) and ransomware (39%).

The top concerns all involve the use of AI to boost these attacks, with 55% concerned AI will be used to augment social engineering attacks compared to 50% that are concerned about malware and ransomware attacks driven by AI. Only 35% and 46% of respondents, respectively, rated their defenses as being high when it comes to thwarting these types of attacks. Well over a third (38%) said AI-powered attacks will be a major challenge in the next two to three years.

A full 60% said they have also taken note of a significant proliferation of non-human identities, with 43% planning to make identity and access management (IAM) a much higher priority over the next two to three years.

Of course, with increased spending comes greater responsibility and accountability. Business leaders are clearly willing to invest in cybersecurity, but a recent Gartner survey also found that 90% of non-executive directors (NEDs) lack some level of confidence in the value of  cybersecurity. The Gartner report also notes that many of those same survey respondents are encouraging organizations to take on more risk when adopting emerging technologies, especially when it comes to AI investments.

As a result, cybersecurity teams can expect that investments in cybersecurity will rise in the new year. At the same time, organizations are likely to accept greater levels of risk in pursuit of increased productivity—regardless of the potential consequences.

Maximize your protection and cyber resilience with the BarracudaONE AI-powered cybersecurity platform. The platform protects your email, data, applications, and networks, and is strengthened by a 24/7 managed XDR service, unifying your security defenses and providing deep, intelligent threat detection and response. Manage your organization’s security posture with confidence, leveraging advanced protection, real-time analytics and proactive response capabilities. Robust reporting tools provide clear, actionable insights, helping you monitor risks, measure ROI and demonstrate operational impact. Don’t miss the opportunity to get a demo of the platform from our cybersecurity experts.