Most security leaders are concerned that cybersecurity budgets will not be sufficient to address evolving cyber risks in 2026, according to new research from Wiz.
A survey of more than 300 cybersecurity professionals found that while 88% expect security spending to increase next year, more than half (56%) believe those increases will still fall short of what is needed to counter the threats they face.
“A lot of the time, CISOs are put in an untenable position, because we have to protect the business from every threat that’s out there,” one CISO in the financial services industry told the survey.
Why Security Teams Still Aren’t Satisfied
While organizations plan to increase cybersecurity budgets in 2026, with 64% of respondents expecting budgets to grow by more than 5%, many security professionals believe their organizations are still underinvesting, relative to the pace and complexity of emerging cyber risks.
Wiz said this disconnect may stem from a gap between overall spending levels and measurable improvements in security outcomes.
“Budgets might be healthy—and rising—but confidence isn’t, especially among the biggest spenders,” Wiz said. “These doubts highlight the disconnect between spending and results that has long pressured the industry. CISOs are under growing pressure to demonstrate outcomes to organizational leadership and boards, but it is becoming increasingly difficult to show ROI on many of today’s most widely adopted security toolsets.”
Wiz recommended that CISOs build ROI frameworks that link security spending directly to risk reduction, helping ensure investments are focused on the threats and vulnerabilities with the greatest business impact.
What Security Budgets Look Like
Most cybersecurity budgets fall between $5 million and $10 million annually, according to the survey, with more than half of respondents (53%) reporting spend above $5 million. Budgets typically cover security tools, personnel, and third-party services.
Organizations in healthcare, technology, and financial services tend to spend the most per employee, with financial services likely to be the biggest spenders. Personnel is typically the biggest line item in the security budget, followed by managed security services, consulting, cloud security, and then traditional on-premises security products.
Even with budgets already at historically high levels, and concerns that funding will still fall short, most organizations expect cybersecurity spending to continue rising into 2026.
“These results indicate that CISOs are not being asked to do more with less, but rather to do more with more,” Wiz said. “This may reflect greater board-level awareness of cyber risk, or expectations that continued investment will be required as threats and costs rise.”
CISOs have also privately told Expert Insights that high-profile cyberattacks in 2025, particularly against retail and manufacturing organizations like Jaguar Land Rover, have made boards more receptive to increased cybersecurity spending.
