Building your 2026 cybersecurity spending guide

If you’re planning your organisation’s cyber budget for 2026, we’re here to help you find your way through the maze of new regulations, new attacks, and emerging technologies. 

We’ve dug into three heavyweight sources to create a coherent map that you can follow. 

According to Gartner, global spending on information security and risk management is projected to reach $213 billion in 2025, up from $193 billion in 2024, driven by investment in cloud-delivered protection, identity security, and integrated threat detection.

IDC forecasts the global cybersecurity market will expand by around 12.2% in 2025, reaching roughly $377 billion by 2028 – as organisations accelerate digitalisation and cloud transformation programmes.

The World Economic Forum’s Global Cybersecurity Outlook 2025 adds strategic context:

• 66% of organisations say AI will have the biggest impact on cybersecurity in the year ahead.
• Only 37% have processes to assess the security of AI tools before deployment.
• 54% identify supply-chain vulnerabilities as their top ecosystem risk, and nearly 60% say geopolitical tensions now shape cyber strategy.

Together, these insights explain why 2026 budgets are shifting toward software supply-chain trust, third-party assurance, and AI governance – all areas where strategy must guide spend.

Where are the biggest shifts in cybersecurity spending? 

Spend is rebalancing. According to Gartner, global spending on information security and risk management is set to reach around $213 billion in 2025, up from $193 billion in 2024. Within that total, security software remains the fastest-growing segment, fuelled by cloud-delivered controls and AI-driven automation, while security services continue to expand as organisations grapple with skills shortages and regulatory complexity.

IDC’s research reinforces that although the US and Western Europe dominate total spend, the fastest growth is happening in the Middle East and other regions; which aligns with the Gulf’s regulated cloud build-out, and operational tech and critical-infrastructure needs

What are boards asking for (and why)? 

The WEF points to changing board context. Supply-chain vulnerabilities are the top ecosystem concern; about 60% say geopolitics shapes cyber strategy; and AI adoption is outpacing assurance. 

So 2026 budgets should fund software supply-chain trust, third party assurance, and AI governance. There’s a lot of strategy in the mix there – and tooling needs to be layered on top to enable your organisation to execute on strategy. 

On making brave decisions 

Moving spend into new areas isn’t easy. But making bold decisions based on careful research could give your organisation a competitive edge. 

When we interviewed Dr. Srijith Nair (CISO at Careem), he told us:

“Saying yes to things and opportunities that you are scared of is a sure-fire way to learn something interesting, especially about yourself.”

He was sharing what he wished he’d known earlier in his career; but it’s good advice for budget season too. The coming year will reward CISOs who back brave shifts – into CNAPP, AI governance, and managed outcomes – even if it means shaking up familiar spend patterns. 

Collaboration and the human factor drive resilience 

When we spoke to Paulino Calderon (Co-Founder at Websec) for the blog, he said: 

“The amount of experience and knowledge we can gain if the information is freely available is mind-blowing.”

And 2026 budget decisions should, in an ideal world, support that knowledge-sharing – with investments in open standards, shared SBOM data, and community tooling that really can pay resilience dividends (especially for supply-chain security). 

When you’re defending your ask in the boardroom, remember it’s about more than numbers. This is where your human factor comes in. Own your skills, knowledge, and research; and let go of imposter syndrome so you can be the best possible advocate for your team and strategy. 

Anchor your plan to the big numbers (Gartner’s $240bn in 2026 and IDC’s double-digit growth toward $377bn by 2028) to show your trajectory tracks global trends. Then use the WEF narrative to explain why: supply-chain fragility, geopolitics and AI are redefining resilience. Build a budget that secures identity and data as the control plane, shifts security left in the cloud, outsources what you can’t staff, and bakes AI governance into the enterprise.