Where CFOs plan to spend – and what it means for cyber

Explore our weekly delivery of inspiration, insights, and exclusive interviews from the global BHMEA community of cybersecurity leaders.

Keep up with our weekly newsletters on LinkedIn — subscribe here. 

Build cyber resilience with our weekly delivery of perspective and inspiration from the global Black Hat MEA community. 

This week we’re focused on…

CFO budgets. Because cyber has to fight for attention in 2026. 

If you needed evidence that cybersecurity now sits inside a much bigger technology story, the latest CFO Priorities Survey 2025 from Jefferson Wells delivers it. Cyber is rising – but so is everything else, and especially AI. 

CISOs and security leaders: you’re competing for mindshare with transformation programmes, finance modernisation, and automation initiatives. Cyber definitely isn’t being ignored (it’s more of a priority than ever before, actually), but it’s not a guaranteed budget winner either. 

Here’s what the numbers tell us. 

AI dominates tech investment, but cyber is still in the top tier

When US-based CFOs were asked where they’ll invest in technology next year, one category towered above the rest:

• AI (69%)
• Financial reporting (56%)
• Automation (52%)
• Cybersecurity tools (43%) 

Cybersecurity is competing against technologies that promise efficiency, productivity gains, and faster reporting cycles. 

So if you’re a CISO and you want to win the investment conversation, cyber needs to sit in the same narrative: operational performance, automation readiness, transformation safety, and business uptime.

Which brings us to the insight that CFOs don’t plan to build internally…

CFOs plan to outsource cybersecurity (heavily)

When asked where they expect to rely on third party providers in 2025, CFOs chose cyber as a top category:

• AI (59%)
• Cybersecurity (51%)
• Tax support (41%)
• Technology transformation (40%) 

We think this is one of the most significant findings from the report – CFOs aren’t necessarily looking to scale cybersecurity talent in-house. They believe cyber requires specialisation and external firepower.

For CISOs, this is a strategic advantage. You can confidently advocate for the better MDR provider or the more mature cloud security partner.

And when CFOs select external partners, their priorities are focused on quality right now. Of those surveyed, 61% said they’d prioritise subject matter expertise, compared to 41% who said they’d prioritise price. 

How to position cyber higher in your organisation’s budget debate 

• Tie cybersecurity to transformation outcomes.
  If AI and automation lead the spending agenda, position cyber as how those initiatives stay online, stay compliant, and scale safely.
• Speak to operational resilience, not just risk.
  CFOs care about predictability, continuity, and cost avoidance. Translate cyber exposure into business hours lost, recovery costs, and supply chain impact.
• Lean into the outsourcing trend.
  Use the 51% outsourcing figure to support investments in specialist help. CFOs expect it.

Cyber may not top the CFO agenda, but it’s firmly in the running – and in 2026, it can win when it positions itself as the safety layer for transformation. CFOs are ready to spend, ready to outsource, and ready to back expertise over cost.

Read more: What CFOs really think about cyber risk