Organizations are spending more on cybersecurity than ever, but breaches aren’t slowing down. A new Expert Insights survey of 250 US security leaders found that 77% of organizations are increasing their cybersecurity budgets in 2026, yet 63% experienced at least one significant breach in the past 12 months.
The CISO Confidence and Investment Trends 2026 report highlights a persistent gap between investment and outcomes: confidence in cyber defenses is rising, but real-world incidents tell a different story.
The study also highlights growing operational pressure on cybersecurity teams. 67% of CISOs report increased workloads, while 60% say they have experienced professional burnout within the past year. This is a concerning statistic that validates how many in the industry are feeling. While burnout isn’t anything new, it certainly isn’t going away.
However, 40% of CISOs say their cybersecurity budget will still be insufficient to address emerging threats, particularly as attack techniques evolve and AI adoption accelerates.
While 90% of cybersecurity leaders say they are confident in their organization’s security controls, only 47% describe that confidence as strong, indicating that many teams remain cautious about their real-world resilience.
“Rising security investment doesn’t automatically translate into improved resilience,” said Expert Insights CEO Craig MacAlpine, commenting on the report’s findings. “What matters is whether organizations are reducing complexity and operational risk, not simply adding more tools into already noisy environments.”
AI Threats Rise as Adoption Outpaces Governance
Artificial intelligence (AI) is also playing a growing role on both sides of the cybersecurity landscape.
The research shows that 79% of organizations report defensive benefits from AI and machine learning tools, including faster threat detection and improved operational efficiency for security teams.
However, 96% of respondents say they are concerned about AI-related cyber threats in 2026, including AI-enabled phishing attacks, prompt injection techniques, and synthetic identity fraud.
Despite these concerns, governance remains immature. 64% of organizations say they lack effective governance or technical controls for generative AI, rising to 76% among organizations that experienced a breach.
While 88% of CISOs say they feel valued within their organizations and 90% report that cybersecurity has a respected voice at the board level, the report concludes that long-term cyber resilience will depend on improving governance, reducing complexity, and supporting the people defending the enterprise, not just increasing technology investment.
The report, produced by Expert Insights in association with Sapio Research, surveyed 250 senior cybersecurity leaders across US organizations in December 2025 to understand how cyber budgets, threats, and leadership priorities are evolving.
