New research from Exabeam reveals 93% of UKI organisations are increasing cybersecurity budgets with 68% expecting double-digit growth. The research report, From Adoption to Accountability: The New Economics of AI in Cybersecurity, highlights the gap between cybersecurity investment and the required budget that organisations will face in 2026.
Based on a survey of 750 IT decision-makers responsible for security in organisations with 500+ employees across 12 countries, the research reveals a critical paradox. While cybersecurity budgets surge with unprecedented growth, security leaders race ahead on AI transformation while falling behind on measurement, justification, and strategic alignment.
According to the study, 93% of organisations in the UKI are increasing cybersecurity budgets in 2026, with 68% seeing double-digit growth. However, AI simultaneously holds three contradictory positions in budget planning: it is the top driver of increases (51%), the first investment that would be cut if budgets tightened (43%), and the most challenging spend to justify to business stakeholders (28%).
Security leaders are getting mandates to invest in AI, but nobody has given them a way to prove it is working. You cannot measure AI transformation with pre-AI metrics. The problem is not that security teams lack data. They are drowning in it. The issue is they are tracking the wrong things and speaking a language the board does not understand.
Unprecedented Budget Growth Driven by AI Transformation
Cybersecurity investment trends in 2026 represent a significant shift for the UKI, with AI and automation emerging as the primary catalyst for budget expansion (51%), followed by cloud infrastructure growth (36%). This surge being channelled into technology, rather than headcount, signals how the AI era is fundamentally shifting security operations.
The Value Demonstration Gap Creates Vulnerability
While 93% of security leaders in the UKI express confidence that their investments are delivering business value, 26% cite a lack of board understanding of the link between cybersecurity investment and business resilience as their biggest challenge in defending spend. The disconnect reveals a critical vulnerability: 62% report using operational metrics and 58% use outcome metrics, yet boards still do not understand the connection between security investments and business risk.
In AI-assisted environments, traditional metrics like mean time to resolution becomes almost automatic, so speed alone does not prove risk has been reduced. We need new ways to measure security effectiveness that actually show business impact, because boards do not fund faster ticket closure, they fund measurable risk reduction and business resilience.
