Receive valuable insights directly to your inbox! Join our weekly newsletter to get the latest updates on enterprise AI, data, and security trends. Sign up now
Amidst the current era of volatility, security and risk leaders are facing the challenge of managing existing expenses and adapting to new budgetary demands, as highlighted in Forrester’s 2026 Budget Planning Guide. The guide indicates a significant shift in how organizations allocate resources for cybersecurity.
According to Forrester, software now dominates cybersecurity spending, accounting for 40% of the budget, surpassing hardware (15.8%), outsourcing (15%), and personnel costs (29%) by 11 percentage points. As organizations combat gen AI attacks that operate within milliseconds, the Mean Time to Identify (MTTI) stands at 181 days, as reported in IBM’s latest Cost of a Data Breach Report.
The landscape of cybersecurity is evolving rapidly, with three major threats reshaping the industry. Gen AI enables attackers to create personalized phishing emails at a rapid pace, while NIST’s quantum deadline poses a risk of retroactive decryption of valuable data. Additionally, deepfake fraud has seen a significant increase, bypassing biometric authentication in 97% of attempts, prompting security leaders to rethink their defensive strategies.
Software now commands 40% of cybersecurity budgets in 2025, representing an 11 percentage point premium over personnel costs at 29%, as organizations layer security solutions to combat gen AI threats executing in milliseconds. Source: Forrester’s 2026 Budget Planning Guide
AI Scaling Hits Its Limits
Power caps, rising token costs, and inference delays are reshaping enterprise AI. Join our exclusive salon to discover how top teams are:
- Turning energy into a strategic advantage
- Architecting efficient inference for real throughput gains
- Unlocking competitive ROI with sustainable AI systems
Secure your spot to stay ahead: https://bit.ly/4mwGngO
Enterprise security teams managing 75 or more tools lose $18 million annually to integration and overhead costs alone. The average detection time remains at 277 days, while attacks execute within milliseconds.
Gartner predicts that interactive application security testing (IAST) tools will experience an 80% decline in market share by 2026. Security Service Edge (SSE) platforms, originally intended for streamlined convergence, have added to the complexity they aimed to solve. Standalone risk-rating products flood security operations with alerts lacking actionable context, leading analysts to spend 67% of their time on false positives, as per IDC’s Security Operations Study.
The operational challenges are evident, with analysts requiring 90 seconds to evaluate each alert while receiving 11,000 alerts daily. Each additional security tool deployed reduces visibility by 12% and increases attacker dwell time by 23 days, as indicated in Mandiant’s 2024 M-Trends Report. Complexity has become a significant vulnerability for enterprises in terms of cybersecurity.
Platform vendors have been promoting consolidation as a solution to the chaos caused by application and tool sprawl. George Kurtz, CEO of CrowdStrike, emphasized the importance of execution in competing with platformization in today’s dynamic market conditions. CrowdStrike’s Charlotte AI automates alert triage, saving SOC teams over 40 hours weekly by accurately classifying millions of detections, driven by Falcon Complete’s expertise.
“We couldn’t have achieved this without our Falcon Complete team,” said Elia Zaitsev, CTO at CrowdStrike. “They handle triage as part of their workflow, managing millions of detections manually. This high-quality dataset enables over 98% accuracy. With Charlotte AI, we empower defenders, enhancing efficiency to keep pace with attackers in real-time.”
CrowdStrike, Microsoft’s Defender XDR with MDVM/Intune, Palo Alto Networks, Netskope, Tanium, and Mondoo now offer bundled XDR, SIEM, and auto-remediation, transforming SOCs from reactive to proactive in threat neutralization.
Security budgets surge 10% as gen AI attacks outpace human defense
Forrester’s guide reveals that 55% of global security technology decision-makers anticipate significant budget increases in the upcoming year, with 15% expecting jumps exceeding 10%. This surge in spending reflects the asymmetric battlefield where attackers leverage gen AI to target employees with personalized campaigns crafted from real-time data.
As attackers exploit the advantages of adversarial AI, speed, stealth, and highly personalized attacks pose a significant threat. Mike Riemer, Field CISO at Ivanti, highlights the shift as defenders begin to leverage AI for cybersecurity purposes.
Caption: 55% of security leaders expect budget increases above 5% in 2026, with Asia Pacific organizations leading at 22% expecting increases above 10% versus just 9% in North America. Source: Forrester’s 2026 Budget Planning Guide
Regional disparities in spending indicate variations in threat landscapes and the corresponding responses by CISOs. Asia Pacific organizations lead with 22% expecting budget increases above 10%, compared to 9% in North America. Cloud security, on-premises technology, and security awareness training are the top investment priorities globally.
Software dominates budgets as runtime defenses become critical in 2026
The protection of the inference layer in AI model development is becoming increasingly crucial, representing the new frontline in cybersecurity. Inference layers are vulnerable to various threats that demand rapid responses, highlighting the importance of strengthening defenses precisely at the critical moment of AI model inference.
Forrester’s latest CISO spending guide underscores a significant shift in cybersecurity spending priorities, with cloud security leading spending increases at 12%, followed by investments in on-premises security technology at 11%, and security awareness initiatives at 10%. These priorities reflect the urgency felt by CISOs to enhance defenses specifically at the crucial stage of AI model inference.
“At Reputation, security is integrated into our core architecture and rigorously enforced at runtime,” said Carter Rees, Vice President of Artificial Intelligence at Reputation. “The inference layer, where an AI model interacts with people, data, or tools, is where we apply our most stringent controls. Every interaction undergoes authenticated tenant and role contexts, verified in real-time by an AI security gateway.”
Reputation’s proactive and reactive defense approach has become a standard, combining strict controls with behavioral anomaly detection. “Real-time controls take immediate action,” Rees explained. “Our prompt firewall instantly blocks unauthorized inputs, restricting tool and data access based on user permissions. Behavioral detectors proactively identify anomalies as they occur.”
This robust runtime security approach extends to customer-facing systems, where AI pulls from approved sources and transparently cites its references, ensuring alignment with tenant and context.
Quantum computing’s accelerating risk
Quantum computing has transitioned from a theoretical concern to an immediate enterprise threat, with the emergence of “harvest now, decrypt later” attacks. These attacks store encrypted data for future decryption using quantum processors, posing a risk to widely used encryption methods. The adoption of Post-Quantum Cryptography (PQC) standards by 2030 is crucial for protecting sensitive data from quantum-enabled decryption.
Forrester recommends prioritizing PQC adoption, leveraging cryptographic tools and partnering with providers specializing in cryptoagility. CISOs must update encryption strategies to avoid vulnerabilities and obsolescence in the face of quantum computing advancements.
Explosion of identities is fueling an AI-driven credential crisis
The proliferation of machine identities surpasses human users, leading to a credential crisis beyond human management capabilities. Forrester emphasizes scaling machine identity management as essential to mitigating emerging threats. Gartner forecasts a significant increase in identity security spending, highlighting the growing importance of AI-powered credential intelligence in enterprise security.
Traditional endpoint approaches are inadequate to address the rising adversarial AI attacks. Ivanti’s AI-driven Vulnerability Risk Rating (VRR) enables organizations to patch vulnerabilities more efficiently, reducing cyber risk and mitigating the impact of attacks.
“Combining AI with Unified Endpoint Management (UEM) is increasingly essential,” said Daren Goeson from Ivanti. “Endpoint devices are essential to modern business operations, but their proliferation increases vulnerability. A comprehensive approach combining UEM with AI-powered tools significantly reduces cyber risk and attack impact.”
Forrester advises security leaders to divest legacy security tools, focusing on integrating platforms that enhance visibility and streamline management. Solutions like Unified Secure Access Service Edge (SASE) and integrated Third-Party Risk Management platforms offer essential consolidation, while automated remediation capabilities are critical for real-time threat neutralization.
CISOs must consolidate security at AI’s inference edge or risk losing control
Consolidating security tools at the inference edge is crucial for the future of cybersecurity, especially in the face of intensifying AI threats. “For CISOs, the playbook is crystal clear,” Rees concluded. “Consolidate controls decisively at the inference edge. Introduce robust behavioral anomaly detection. Strengthen Retrieval-Augmented Generation (RAG) systems with provenance checks and defined abstain paths. Above all, invest heavily in runtime defenses and support the specialized teams who operate them. Execute this playbook, and you achieve secure AI deployments at true scale.”
