The 2026 CISO Budget Benchmark

Bigger Budgets, Smaller Confidence

Eighty-five percent of organizations increased their cybersecurity budgets this year, and nearly nine in ten expect to grow them again in 2026. Yet more than half of security leaders still believe their organizations aren’t investing enough to manage risk effectively.

CISOs are being asked to do more with more and are under new pressure to prove that rising spend translates into measurable outcomes.

Cloud and People Dominate the Spend

People remain the single largest budget line, consuming roughly one-quarter of total cybersecurity investment. At the same time, cloud security is consuming more of every dollar and every hour, with 88% of respondents planning to increase their team’s focus on the cloud in the next two years.

The result is a balancing act between growing labor costs and rising cloud complexity, making efficiency and visibility top priorities for 2026 planning.

Tool Sprawl Has Hit a Breaking Point

Fifty-eight percent of organizations now run more than 25 security tools, and larger enterprises often run 50 or more. Nearly half of CISOs say cloud complexity and tool sprawl are actively holding back their security programs.

Leaders are shifting focus from expansion to rationalization, seeking integrated platforms that improve visibility, simplify operations, and reduce waste.

AI Is Rewriting the Budget Conversation

Ninety-nine percent of CISOs agree that AI will transform cloud security, but most say they’re still adapting to its impact. The majority are increasing automation and visibility investments to keep pace, while early adopters are exploring AI-powered threat detection, risk scoring, and policy enforcement.

AI is now both a budget line and a boardroom topic, and CISOs are positioning security as a key enabler of responsible AI adoption across the business.