The surge-and-spend era of enterprise cybersecurity is over. What is replacing it is more interesting: a market settling into maturity, where budgets are still growing but more carefully, stacks are stabilizing rather than expanding, and the confidence that once held legacy controls in place is quietly eroding.

According to ETR's 2026 Annual State of Security Study, cybersecurity budgets continue to grow but at a slower rate, AI security has become the top spending priority for the first time, and the era of vendor stack expansion has reversed. The survey gathered responses from over 500 technology leaders in the ETR Community, a vetted research panel of enterprise tech and security practitioners drawn from organizations of all sizes across industries. The results show a cybersecurity market that is not pulling back, but is becoming more measured in how it grows. Budgets continue to move upward, AI-related security has become the top priority, and hybrid operating models are replacing fully in-house approaches. At the same time, vendor stack expansion is slowing, confidence in established controls is declining, and security leaders are becoming more selective about where new dollars go.

The through-line connecting every finding in this year's survey is discipline. The simplest read: security remains mission-critical, but the era of unchecked tool growth is fading.

Key Findings

• Organizations planning security budget increases of 10% or more fell from 40% (2024) to 26% (2026), while the 1–5% increase band jumped from 17% to 25%, the largest single gain of any tier

• LLM and GenAI protection ranked as the top forward-looking budget priority for the first time in 2026, surpassing cloud security (59% vs. 54% intent to increase)

• 54% of organizations are already spending on AI security tools or plan to within six months, up 10 points from 43% in 2025

• 37% of organizations have AI agents deployed or in active testing for security use cases, up from 27% in 2025; 20% have no agent-specific security controls in place

• Organizations expecting to increase their cybersecurity vendor count fell from 51% (2024) to 35% (2026); "stay the same" rose from 37% to 52%

• Pure in-house cybersecurity dropped from 19% (2024) to 11% (2026), the largest directional move in the dataset

• Of 10 named security strategies, seven declined year over year; AI-based behavioral anomaly detection was the only meaningful gainer

• Microsoft ranks first in the security rebuild scenario at 20%; CrowdStrike leads the innovation ranking at 43%; Wiz leads new evaluations at 6%, doubling since last year

Security Budgets Are Still Growing, Just More Slowly

Cybersecurity is not facing the kind of budget retreat seen in other areas of enterprise technology. But the pattern of growth is changing.

The $100K–$499K range remains the largest single cybersecurity spending category at 21% in 2026. The middle of the market is compressing, however: the $1M–$2.4M spending band saw the largest year-over-year drop among all listed tiers, falling from 18% to 15%. Meanwhile, the $25M–$100M+ tier ticked up from 7% to 10%, suggesting that security spend is migrating upward for larger or more complex organizations. Sub-$500K spending combined accounts for only about a third of respondents.



Separate from current spend levels, the survey asked respondents how they expect their budgets to change in the coming year. Organizations planning increases of 10% or more fell from 40% in 2024 to 26% in 2026. The one-to-five percent increase band jumped from 17% to 25%, the largest single gain of any tier across all three years. Flat budgets held steady at 15%, and decreases remain minimal.

This is not a story of budget cuts. It is a story of normalization. The aggressive jumps of recent years are giving way to smaller, steadier increases. For security vendors, that shift matters: buyers may still have money to spend, but they are less likely to approve broad expansion without a clear business case. The question is no longer just how much to spend, but how to defend every dollar of it.

What Are Security Leaders Prioritizing in 2026?

AI is now one of the biggest forces reshaping cybersecurity budgets, and the priority rankings reflect that.

Identity security scores highest across all program priority categories in 2026, a result consistent with the broader data: identity is the attack surface that never stops expanding, and the survey's agentic AI findings reinforce exactly why organizations remain focused on it. But the fastest-moving category in the dataset is AI-focused security, which recorded the largest year-over-year gain and has narrowed the gap with second-place data security. Among trending areas, security for generative AI carries the highest planned evaluation rate, followed closely by LLM security.

On forward-looking budget intent, LLM and generative AI (GenAI) protection dethroned cloud security as the top area for the first time in 2026. Intent to increase budget for LLM and GenAI protection rose from 50% to 59%, while cloud security fell from 58% to 54%. Zero trust tools were the second-fastest riser, increasing from 35% to 39%. Detect and response slipped slightly from 47% to 45%.

That ranking has a clear logic. As enterprises adopt GenAI and large language models, security leaders are being asked to solve new problems: data exposure in prompts, model usage governance, non-human identity management, and agentic AI controls. Cloud security did not disappear from the list. It just got company it was not ready for.

AI Security Spending Has Crossed the Tipping Point

Spending intent has shifted decisively, but actual tool deployment tells a more nuanced story.

54% of organizations are already spending on AI security tools or plan to do so within the next six months, up 10 points from 43% in 2025. That majority threshold marks a meaningful transition: AI security is no longer an emerging budget category. It is a mainstream one.

But deployment depth lags. 39% of organizations still have AI tools in fewer than 10% of their security stack. The fastest-growing adoption tier is 10–25% coverage, which rose from 26% in 2024 to 35% in 2026. The upper end of the distribution, where AI tools are deeply embedded across the stack, has not moved significantly.

The implication is that most organizations have started but not scaled. They have made the budget commitment and acquired the initial tooling, but the work of embedding AI-driven capabilities throughout the security program is still underway. When organizations think about what their AI and LLM security strategy most needs to protect, data and identity rank as critical priorities. Observability, cloud, and network controls rank lower. That focus is consistent with where AI-related risk is actually concentrating.

How Are Organizations Securing Agentic AI?

Agentic AI is moving quickly from vague interest to active testing, and the controls are not keeping up.

In 2025, 27% of organizations had AI agents deployed or in active testing for security use cases. By 2026, that share rose to 37%. Conviction is rising alongside deployment: 68% of security leaders rate AI agents a four or five out of five for importance to cybersecurity's future, up from 62% in 2025. Less than one percent rate it a one.

But governance remains nascent. 20% of organizations have no agent-specific security controls in place. Only 3% have reached broad production deployment, while 53% are still in pilot phases. There is also no clear consensus on approach: a single centralized control plane (26%), case-by-case risk tiering (25%), and identity-centric governance (23%) sit within three points of each other. No model has pulled ahead.

This fragmentation matters. Agentic AI introduces security questions that traditional controls were not built to answer. These systems may access data, trigger workflows, make decisions, and act across environments, making identity, visibility, and privilege management essential.

The top risks reflect that reality. Security leaders cited agents acting outside their intended context (57%) and agents being over-privileged (56%) as the leading concerns. The hardest deployment problems mirror them: lack of visibility into what agents accessed (57%) and controlling non-human identities (56%), meaning the service accounts, API keys, bots, and AI agents that authenticate to systems the same way human users do but without the same oversight. Approval workflows for high-impact actions ranked last at 25%. That last finding deserves attention: the control most capable of catching an agent before it does something harmful is also the one least likely to be in place.

In plain terms, security teams are worried that AI agents may have too much access, too little oversight, and unclear accountability. And the data confirms those worries are grounded.

Data Leakage Is Not Just A Shadow AI Problem

Shadow AI remains a major concern, but sanctioned AI tools carry real risk too.

31% of respondents said shadow AI usage outside approved tools is the greatest data damage risk, the highest single response by nine points. But sanctioned-AI-leakage concerns total 41% combined: poor model output filtering (18%), prompt injection (13%, where malicious instructions embedded in a model's input manipulate its behavior), and over-broad retrieval (10%, where AI systems access more data than a given task requires). That is nearly level with the share attributable to unsanctioned AI, and it involves tools the organization approved, deployed, and encouraged employees to use.

Blocking unauthorized AI tools may reduce some exposure, but it will not solve the data leakage problem. Risk also lives inside the tools security teams have already authorized.

Prompt Input Control Is the Hardest Data Security Problem

Security leaders were asked to name their most difficult data security challenge. The answer was not close.

36% identified preventing sensitive data from entering AI prompts as the hardest problem, exactly twice the next concern at 18%. Data discovery and classification, which is the core use case for Data Security Posture Management (DSPM), ranked last among listed challenges at 9%.

That gap matters because the two capabilities address different layers of the same problem. DSPM tells organizations where sensitive data lives. Prompt input control stops that data from being fed into a model. Both are necessary for a complete AI data security posture, but organizations are prioritizing the moment of exposure over the classification work that would make prevention possible.

DSPM's low ranking is a recurring pattern in the 2026 data. It also ranks last among hyperscaler security feature preferences at 23%, the lowest of seven listed capabilities. A tool designed to find and classify sensitive data before it becomes a problem is consistently ranked below tools designed to detect or respond after exposure has occurred. Security leaders know prompt-level data exposure is the problem. The foundational work required to solve it appears underweighted.

Hyperscalers Are Judged on Visibility and Control

When security leaders evaluate the built-in security capabilities of major cloud providers, referred to here as hyperscalers (primarily AWS, Microsoft Azure, and Google Cloud), the features that matter most are not the ones protecting data. They are the ones providing visibility and control over what is happening.

Compliance and audit reporting leads at 48%. Strong identity integration for non-human identities follows at 44%. Unified policy and enforcement comes in at 40%, and built-in agent controls at 39%. Those four capabilities span just nine percentage points and all address the ability to see, govern, and audit AI and agent behavior.



The bottom three sit 10 or more points lower: usage controls or kill switches for AI agents (29%), model and data isolation (28%), and native DSPM and sensitive data controls integration (23%). Two of the bottom three are data-layer protections, with DSPM, the capability most directly positioned to prevent sensitive data from being exposed in the first place, ranking last.

The pattern across the survey is consistent: organizations are investing more in detection and governance than in prevention and classification. That posture may reflect where mature tooling currently exists, but it describes a gap that grows harder to close the further AI deployment extends.

Are Organizations Still Adding Cybersecurity Vendors?

For years, cybersecurity teams responded to new threats by adding new tools. The 2026 data suggests that pattern is fading.

In 2024, 51% of organizations expected to increase their cybersecurity vendor count. By 2026, that dropped to 35%, a 16-point decline in three years. The share expecting vendor count to stay the same rose from 37% to 52%. Intent to decrease vendors remained low, ticking from 9% to 10%.

Organizations are not aggressively cutting vendors. They are slowing additions.



Among those still adding vendors, the rationale is also shifting. New threats remain the top driver but fell from 37% in 2024 to 29% in 2026. The best-in-breed rationale dropped from 35% in 2024 to 21% in 2026, a meaningful signal that platform-led strategies are gaining ground. The fastest-growing reason for adding vendors: scaling difficulties with a single vendor, jumping from 5% to 13%, a watch item as consolidation matures.



When organizations do cut vendors, simplification is the main driver. Consolidating legacy and point solutions onto fewer vendors was cited by 45% in 2026. Reducing integration requirements followed at 26%. Budget pressure is real but not the primary force: it landed at 21%. The market signal is clear. Security buyers are not looking for more tools by default. They are looking for cleaner architectures, fewer integration headaches, and platforms that reduce operational drag.

Confidence In Established Controls Is Eroding

One of the more striking findings is the broad decline in confidence across established security strategies.

Of 10 named security strategies, seven declined year over year. Employee training fell the most, dropping 10 points from 72% to 62%. Identity and Access Management declined from 65% to 63%. Privileged Access Management fell from 65% to 62%. Data Loss Prevention tools dropped from 59% to 56%, and role-based access controls fell from 58% to 55%. The entire top five lost ground simultaneously.

The one meaningful gainer: AI-based behavioral anomaly detection, up from 20% to 25%. It is the only AI-native control on the list, and the only one moving in a positive direction.



This is not a story about organizations abandoning foundational controls. It is a story about security leaders questioning whether legacy approaches can keep pace with modern threats, AI-enabled attacks, and more complex access environments. Employee training, IAM, PAM, DLP, and role-based access controls are still deployed. But confidence that they are enough is slipping.

Zero Trust Is Deepening Through The Middle

Zero trust adoption is expanding, but not evenly across the distribution.

The share of organizations with no zero trust tools at all dropped from 12% to 8%. The early adoption tier, covering organizations with zero trust in one to 25% of their stack, remains the modal response at 44%, nearly flat from 45% in 2025. The growth is in deeper implementation: the 26–50% bucket rose from 24% to 27%, and the 51–75% bucket rose from 12% to 16%. Those two tiers gained seven points combined.



Organizations at the top of the distribution, where 76–100% of tools operate on zero trust principles, barely moved. Zero trust is not simply spreading to first-time adopters. It is deepening among organizations that have already started. The hard work now is expanding coverage across more of the stack, not just introducing the concept in isolated areas. Zero trust is no longer a question of whether to adopt. It is a question of how far to push it.

Hybrid Security Models Are Winning

Pure in-house cybersecurity has been declining for three consecutive years, and the pace is accelerating.

In 2024, 19% of organizations reported handling cybersecurity entirely in-house. By 2026, that share fell to 11%, the largest directional move in the entire dataset. Fully outsourced cybersecurity remains minimal at around 3%. The shift went instead to hybrid models: mostly in-house with some outsourcing, an even combination of both, and mostly outsourced with some in-house.



The eight points that left the fully in-house category distributed roughly equally across all three hybrid approaches. No single hybrid model captured most of the shift. That diffusion makes sense: AI security, agentic AI controls, cloud environments, identity governance, and vendor consolidation all require expertise that is not practical to maintain fully in-house. Hybrid models give organizations flexibility to retain strategic control while using external partners for scale, specialization, or operational coverage.

Geopolitical Pressure Is Moving Budgets, Not Threat Perception

Geopolitical tensions are influencing security spending, but the effect is measured and concentrated at the lower end of the budget impact scale.

47% of organizations report increased cybersecurity spending due to geopolitical pressures in 2026, up from 43% in 2025. But most of that shift flows into moderate increases, not significant ones. Significant increase intent moved just one point, from 12% to 11%. The majority, 51%, still report no change in spending due to geopolitical factors, remaining the largest single response.



The threat experience side is equally steady. 39% of organizations report experiencing an increase in geopolitically-linked cyber threats in 2026, while 38% report no direct experience but say they are preparing. The two groups are nearly equal in size, and no bucket in either chart moved more than one point year over year.



That stability is itself a finding. Despite a period of elevated geopolitical visibility, the share of organizations reporting actual threat impact has not grown. Spending rose modestly while experienced impact held flat. Organizations are buying insurance against a risk that has not yet materialized at scale, and calibrating spend accordingly.

Vendor Perception Is Concentrating Around Leaders

The survey asked respondents: if you were rebuilding your security stack from scratch, which vendor would you prioritize? Microsoft ranks first at 20%, up from 15% in 2025. CrowdStrike holds second at 15%, and Palo Alto Networks rounds out the top three at 11%, up from 7%. All three grew year over year. The share prioritizing specific features over any vendor fell from 18% to 11%, a further signal that vendor relationships are consolidating around a smaller set of trusted names.



In a separate write-in question asking respondents to name the most innovative cybersecurity vendor, CrowdStrike leads by a wide margin, cited by 43%. Microsoft and Palo Alto form a strong second tier, both rising to 34%. The gap between CrowdStrike's innovation perception and its rebuild-scenario share is worth noting: being seen as the most innovative vendor and being selected as the first investment in a rebuild are different decisions, and organizations are making them differently.

Among vendors respondents plan to evaluate for the first time, Wiz leads at 6%, doubling since last year. In a mature market where most organizations already have their core vendors selected, 6% first-time evaluation intent is meaningfully high. Fortinet and Zscaler follow, with CrowdStrike and Abnormal Security also landing in the top five. Most major vendors show higher evaluation interest in 2026 than 2025. New evaluation activity and stack stabilization can coexist: organizations are holding their current vendor relationships steady while selectively testing what might replace or supplement them at the margins.

What Security Leaders and Vendors Should Take Away

The 2026 data describes a market that has cleared a phase. The rapid expansion of tools, vendors, and budgets that defined the prior several years is giving way to something more deliberate.

Budgets are still growing, but at measured rates. Stacks are stabilizing, with consolidation outpacing addition. Legacy controls are losing ground in perceived effectiveness. AI security has crossed from a category to watch into a category to fund, deploy, and govern. And a sharper set of problems is coming into focus: controlling what AI agents can access, preventing sensitive data from entering prompts, and governing non-human identities at scale.

For security leaders, the discipline the data describes points to clear priorities. Renewal timing and vendor evaluation need to happen before contract pressure forces the decision. The internal case for any platform has to account for all items in a bundle, not just the ones in active use. AI infrastructure growth needs to be modeled carefully, because licensing transitions and deployment scale can outpace planning assumptions faster than expected. And DSPM and data classification, despite ranking last across multiple survey questions, are foundational to the prompt input control problem that ranks first.

For cybersecurity vendors, the path forward requires proving measurable risk reduction rather than capability breadth, reducing operational complexity rather than adding to it, addressing agentic AI governance with clear identity and visibility models, and making integration and consolidation part of the value story. Buyers are no longer asking what new tool they need. They are asking what architecture will help them stay secure, govern AI, manage complexity, and keep pace with threats without adding more burden to their teams.

That is a better question. It is also a harder one. The organizations and vendors that navigate this phase well will be the ones that treat discipline not as a constraint, but as a strategy.

To look at more of the findings from this study, visit the 2026 State of Security Study page where you can have the key takeaways emailed to you.

This article draws on findings from our Annual State of Security Study, with responses from 517 security-specific technology leaders, including 94 from Global 2000 organizations. ETR is an independent market research firm; this survey is not sponsored by or affiliated with any vendor.