What adjustments are you planning to make to your org’s cyber budget for 2026 (if any)?

Budget or BudgetingSecurity Strategy & Roadmap
211 viewscircle icon1 Upvotecircle icon2 Comments
Sort by:
CISO in Bankinga day ago

Every year brings its own set of challenges, and 2026 is shaping up to be no different. When it comes to cyber budgeting, we’re approaching it through our usual planning cycle—grounded in business priorities, regulatory shifts, and the evolving threat landscape. One thing we always recommend is conducting a fresh Threat Landscape Assessment. It helps clarify which risks are worth tackling head-on and which ones might be acceptable based on impact and feasibility. From there, budget decisions become a lot more targeted and defensible.

Director of Information Security2 days ago

For 2026, our cybersecurity budget planning is driven by value optimization rather than linear growth. Leveraging Gartner’s cost optimization frameworks, we’re focusing on reallocating spend toward initiatives that directly support business resilience and measurable risk reduction, rather than simply increasing the budget.

A few concrete adjustments include:

Rationalizing toolsets: We’re consolidating overlapping security solutions, especially in endpoint and identity protection, using Gartner’s ‘Converged Platforms’ and ‘Cybersecurity Mesh Architecture’ models to simplify management and reduce license costs.

Outcome-based prioritization: Budget is shifting toward controls that can demonstrate quantifiable impact (e.g., improvements in MTTD/MTTR, risk quantification outcomes, or compliance automation).

Increased automation investment: Spending slightly more on automation and SOAR capabilities to reduce manual effort and dependence on headcount growth — long-term cost efficiency is the target.

Vendor and contract optimization: Reviewing all vendor relationships using Gartner’s Total Cost of Ownership (TCO) model, ensuring we’re not overpaying for features we don’t use.

Strategic reductions: We’re cutting non-essential ‘feel-good’ security spend (awareness tools with limited engagement, redundant consulting engagements, etc.) and reinvesting in metrics-driven initiatives like continuous controls monitoring and threat exposure management.

In short, the 2026 budget is not about spending more — it’s about spending smarter, aligning every dollar to risk reduction and business enablement.

Content you might like

Are you confident your org is tracking/reporting the right cyber metrics?

Completely confident (we’re tracking all necessary metrics)17%

Very confident (only minor improvements needed)53%

Mostly confident (some gaps to be addressed)23%

Sort of confident (significant room for improvement)8%

Not confident (major changes required)

View Results

New privacy laws continue to pass by state/by country.  For companies operating in multiple states and/or internationally, is data localization adding additional costs to your privacy program?

Yes, increased headcount19%

Yes, increased vendor/tool costs58%

Yes, both increased headcount and vendor/tool costs17%

No, no change5%

View Results

When it comes to running phishing simulation campaigns. What is the best practice on how often they should be run and at what cadence should phishing simulation emails be sent out? Some organizations only run a campaign once per quarter sending out a simulated phishing email about once per week while other organizations run continuous campaigns sending out phishing simulations about once every 2 weeks. What are other organizations doing and what is the best practice?

Read More Comments

How is AI implementation impacting your organization’s cyber insurance premium or coverage so far?