Top 10 insights from Forrester’s 2026 Cybersecurity Budget Report

“With volatility now the norm, security and risk leaders need practical guidance on managing existing spending and new budgetary necessities,” states Forrester’s 2026 Budget Planning Guide.

The research firm’s planning guide for next year provides security leaders with new insights into how their clients are allocating budgets, which gives a helpful overview of the next 12 months of cybersecurity spending.

Implicit in the guide is the need for new technologies that enable organizations to be more adaptive to threats and take action on them before they become breaches. There’s also a strong focus on getting a head start on new technologies, anticipating the severity of threats new developments in AI, generative AI (genAI), deepfakes, and all other forms of weaponized technologies can pose to an organization.

Software is a solid 40% of cybersecurity spending, exceeding hardware at 15.8%, outsourcing at 15% and surpassing personnel costs at 29% by 11 percentage points. Meanwhile, security leaders face escalating threats, with generative AI attacks executing in milliseconds, a stark contrast to the average Mean Time to Identify (MTTI) of 181 days, according to IBM’s latest Cost of a Data Breach Report.

A fast-changing threatscape is changing spending priorities

Three converging threats are flipping cybersecurity on its head. What once protected organizations is now working against them. Generative AI (gen AI) is enabling attackers to craft 10,000 personalized phishing emails per minute using scraped LinkedIn profiles and corporate communications. NIST’s 2030 quantum deadline threatens retroactive decryption of $425 billion in currently protected data. Deepfake fraud that surged 3,000% in 2024 now bypasses biometric authentication in 97% of attempts, forcing security leaders to reimagine defensive architectures fundamentally.

Top ten insights from Forrester’s 2026 cybersecurity budget benchmarks

1.     Software now claims 40% of cybersecurity budgets, surpassing personnel spend. Forrester’s budget planning guide reports that software now accounts for approximately 40.2% of cybersecurity spending, eclipsing combined hardware and outsourcing budgets. It’s noteworthy that software spending is surpassing personnel costs by 11 percentage points.

2. Security budgets are accelerating, with 55% of global security and tech leaders forecasting significant increases next year. A robust 15% anticipate their budgets jumping more than 10%, and another 40% project hikes between 5% and 10%. Regional outlooks vary sharply: APAC is most bullish, with 22% expecting double-digit growth, compared to a cautious 9% in North America and just 12% in EMEA. However, nearly half (45%) remain reserved; 30% predict minimal budget bumps of 1%–4% or barely keeping pace with inflation, while another 10% expectSource: Forrester Budget Planning Guide 2026: Security and Risk no change, and 5% foresee cuts.

3. Cloud security, on-prem tech, and security awareness training are set to lead cybersecurity spending in 2026. Decision-makers are doubling down on cloud security, with 12% boosting budgets in this area by 10% or more, 11% doing the same for new on-premises solutions, and another 10% ramping up security awareness programs. Notably, investments in on-premises security technology appear twice among the top priorities, as 36% plan at least a 5% increase for both new deployments and upgrades to existing infrastructure. The numbers reflect an uneven global adoption of cloud strategies, driven by persistent concerns around cost, security, and data sovereignty. APAC is exceptionally bullish. 78% of companies there plan increased spending on new on-prem security, outpacing EMEA by 10% and North America by 8%.

4. Forrester recommends that security leaders broaden AI and ML security throughout the enterprise in 2026 as generative AI moves from standalone apps to essential business systems. Productivity suites, CRM platforms, and service tools now embed genAI natively, transforming workflows and widening potential attack surfaces. Enterprises urgently need comprehensive protection across AI models, data, applications, and user identities to counter risks such as model vulnerabilities, data leakage, and prompt jailbreaking. Hyperscalers like Google Cloud and Microsoft are responding quickly, while cybersecurity incumbents, notably Palo Alto Networks with its Protect AI acquisition, actively expand their footprint. Meanwhile, innovative startups, including Knostic and CalypsoAI, both featured at RSA’s Innovation Sandbox, target niche but critical genAI security gaps. Enterprises investing strategically now will securely scale genAI deployments and establish a clear competitive advantage.

5. Standalone SSE spending will sharply decline in 2026 as enterprises shift to unified SASE platforms, streamlining security operations and accelerating Zero Trust initiatives. Initially positioned to fill security gaps left by SD-WAN deployments and the surge in remote work, standalone SSE and isolated ZTNA solutions have now reached their functional limits. Leading companies increasingly adopt integrated platforms like Cato Networks’ cloud-native SASE, which consolidates SD-WAN, ZTNA, SWG, CASB, and firewall capabilities within a single, unified framework. As I’ve noted in VentureBeat, CISOs who pivot to unified SASE platforms benefit from simpler integration, superior AI-driven threat detection, and significant operational efficiencies that isolated solutions cannot deliver. Organizations proactively embracing integrated SASE from providers like Cato Networks will immediately enhance security resilience, improve operational agility, and significantly reduce vendor complexity.

6. Forrester predicts that by 2026, security leaders will seize a critical advantage by accelerating the adoption of post-quantum cryptography (PQC). With NIST’s landmark release of three core PQC standards in August 2024, organizations now have clear guidance to protect their data and applications against emerging quantum threats. Most governments align with NIST timelines, targeting legacy encryption deprecation by 2030, while Australia’s ASD urges adoption of approved PQC algorithms even sooner. Enterprises should immediately focus efforts on securing their most sensitive asymmetric cryptography, covering data at rest, data in transit, and data actively used within applications. Comprehensive cryptographic discovery and inventory tools provide the visibility required to assess readiness. Strategic partnerships with cryptoagility innovators, including Entrust, IBM, Keyfactor, Palo Alto Networks, QuSecure, SandboxAQ, and Thales, enable organizations to define a clear, secure migration path. Organizations acting decisively now will confidently navigate the quantum transition and fortify their competitive edge.

7. Machine identity management will become essential by 2026 as automated identities multiply rapidly across the IT infrastructure. Apps, AI agents, IoT devices, containers, cloud environments, and infrastructure scripts now generate identities faster than humans can manually track or manage. Enterprises urgently require solutions capable of managing these identities throughout their lifecycle, automating key rotations, and enforcing role-based access. Leading vendors, including Akeyless, BeyondTrust, CyberArk, Delinea, HashiCorp, Keyfactor, AppViewX, and emerging startups like Aembit, Astrix, Clutch, Entro, and Oasis Security, offer robust platforms to meet this challenge.

8. There will be a significant reallocation away from standalone interactive application security testing (IAST) in 2026, as operational hurdles continue to limit adoption. Originally designed to blend the runtime accuracy of dynamic application security testing (DAST) with static application security testing’s (SAST) code-level insights, standalone IAST has proven overly complex. Forrester recommends shifting budgets toward integrated IAST and DAST platforms, such as those from Invicti and HCLSoftware, that simplify deployment. Alternatively, APIs, microservices, and containers provide more transparent and consistent returns.

9. Consolidation of endpoint security and SIEM tools will accelerate in 2026. As extended detection and response (XDR) platforms gain momentum, security leaders have a clear opportunity to reduce agent sprawl, improve analyst efficiency, and lower the total cost of ownership. Vendors, including Microsoft, CrowdStrike, and Palo Alto Networks, now embed critical SIEM functions such as detection, correlation, third-party data ingestion (particularly from cloud, identity, and email), and response directly within their XDR offerings. While these integrated solutions currently don’t fully match standalone security analytics platforms, they deliver compelling advantages: simplified deployments, centralized threat context, and measurable operational savings. Organizations consolidating around unified XDR solutions today will streamline security operations and achieve faster, higher-quality threat detection.

10. By 2026, rapidly evolving generative AI will make deepfakes virtually indistinguishable from authentic media, rendering simplistic identity checks obsolete. Enterprises must proactively deploy sophisticated detection platforms using advanced ensemble modeling—spectral analysis, image artifacts, skin tone consistency, lighting anomalies, audio echo patterns, and device reputation, to ensure trusted employee verification and transaction authentication. Vendors such as GetReal Security, Sensity, and Reality Defender already offer real-time risk scoring, transparent reasoning, and integrated case management. Early adopters will safeguard identity security, sustain customer trust, and remain resilient against future deepfake threats.