By 
Cybersecurity Budgets Surge as AI Takes Centre Stage
Exabeam, a global leader in intelligence and automation for security operations, has released a new multinational report highlighting a growing disconnect between rising cybersecurity investments and how their value is measured and justified.
RELATED: 5 AI trends profoundly benefiting business bottom lines
Titled From Adoption to Accountability: The New Economics of AI in Cybersecurity, the report is based on a survey of 750 IT and security decision-makers from organizations with more than 500 employees across 12 countries.
The findings reveal a striking paradox: while cybersecurity budgets are expanding at unprecedented levels, security leaders are advancing rapidly with AI adoption but lagging in proving its business impact and aligning investments with executive expectations.
AI Drives Budget Growth—but Also Faces the Sharpest Scrutiny
According to the report, 95% of organizations plan to increase cybersecurity budgets in 2026, with nearly three-quarters expecting double-digit growth. AI has emerged as the single biggest driver of these increases, cited by 44% of respondents.
However, AI also occupies a contradictory position in budget planning. The same proportion of leaders (44%) say AI would be the first investment to be reduced if budgets tightened, while 32% describe it as the most difficult area to justify to boards and business stakeholders.
Commenting on the findings, Steve Wilson noted that security leaders are under pressure to invest in AI without clear frameworks to demonstrate success. He warned that relying on pre-AI metrics to assess AI-driven security transformation is increasingly ineffective, particularly when communicating value at board level.
AI Reshapes Where Cybersecurity Money Is Spent
The report shows a fundamental shift in how cybersecurity budgets are allocated. Rather than expanding headcount, organizations are prioritising technology-led transformation. AI and automation lead spending priorities (44%), followed by cloud infrastructure expansion (33%) and broader enterprise AI adoption (32%).
This trend reflects how AI is redefining security operations, with organizations betting heavily on automation and advanced analytics to manage growing threat complexity.
The Measurement Gap Undermines Board Confidence
Despite strong internal confidence—87% of security leaders believe their investments deliver business value—many struggle to convince executives. Thirty percent of respondents cite poor board-level understanding of how cybersecurity investments strengthen business resilience as their biggest challenge.
While 63% of organizations report using quantified return-on-investment measures and 59% rely on outcome-based metrics, boards still fail to clearly connect security spending with reduced business risk. The report concludes that the problem is not a lack of data, but a mismatch between technical security metrics and the business-focused indicators executives rely on for decision-making.
Kevin Kirkwood explained that traditional indicators such as mean time to resolution no longer tell the full story in AI-assisted environments. He stressed the need for new measurement models that demonstrate tangible reductions in risk and improvements in business resilience, rather than just faster incident response.
Regional Differences Highlight Varied AI Strategies
The study also reveals significant regional variations in AI adoption. Saudi Arabia stands out as the most aggressive adopter, with 75% of organizations reporting that AI is already improving security operations. This contrasts sharply with Japan (27%) and the Netherlands (30%).
These differences reflect broader strategic priorities. Saudi Arabia’s results align with national digital transformation ambitions, while European and Asian organizations tend to take a more cautious approach, focusing on workforce implications and careful evaluation before scaling AI deployment.
Turning Budget Abundance into Sustainable Value
The report concludes that while cybersecurity is currently enjoying a period of strong budget growth, this creates new risks. Heavy investment in AI without clear, board-level value justification is unsustainable, particularly if economic conditions tighten.
To secure long-term support, organizations must move beyond deployment alone. The most resilient security teams will be those that develop new frameworks for measuring AI impact, adopt outcome-driven metrics linked directly to business resilience, and communicate results in language that resonates with boards and CFOs.
