Cybersecurity budgets have undergone multiple cycles of expansion and contraction over the last decade. After slow but steady increases for several years, the COVID-19 pandemic led to a boom in spending as work shifted to cloud-based systems and remote locations, making data and systems more vulnerable to attackers.
Then, with inflation, economic uncertainty and a growing focus on artificial intelligence (AI) in the last three years, cybersecurity budgets tightened, leading to less entry-level work for many cyber and tech professionals, while critical positions remained open.
Now, new research finds the tide might turn again in 2026, with CISOs and other cyber executives ready to work with bigger budgets and increased spending. In a survey of 300 C-suite and senior security leaders, services and consulting firm KPMG found that 98 percent of their respondents confirmed they received budget increases over the previous 12 months heading into the new year.
Additionally, 54 percent predict cybersecurity budget increases of 6 to 10 percent, with a significant portion of that spending earmarked for data security and privacy, identity and access management (IAM) and cloud security. These spending increases are a direct reaction to a growing number of threats and attacks, with 83 percent of respondents reporting more security incidents, including phishing, ransomware and AI-powered social engineering schemes.
"Leaders are moving beyond reactive defense and are actively investing to build a security posture that can withstand future shocks, especially from AI and other emerging technologies,” Michael Isensee, cybersecurity and tech risk leader at KPMG, noted in the report. “This isn't just about spending more; it's about strategic investment in resilience."
Cybersecurity experts and industry insiders see a spending increase as a necessary course correction after several years of tight budgets, less investment and organizations choosing to leave positions open.
“Cyber technology is particularly vulnerable to atrophy if it isn’t cared for and fed properly,” Hank Thomas, co-founder and CEO at Strategic Cyber Ventures, told Dice. “AI-powered threat actors and machine-on-machine cyber warfare are now a reality. It is of the utmost importance that cyber tactics, techniques and procedures as well as technology quickly innovate, collaborate with or, if needed, merge with other technologies to fill gaps in defensive capabilities. If you wait too long to do this, the value of your security solution could rapidly plummet toward zero.”
For cybersecurity and tech professionals, understanding security budget changes and fluctuations as 2026 gets underway will remain crucial in helping them assess what skills they need and identify what opportunities potential increases hold for their careers.
Bigger Budgets, AI Investments Mean More Hiring
While a significant number of cybersecurity jobs remain open in the U.S., hiring slowed in recent years as organizations left positions unfilled and allowed AI to absorb some entry-level work. Despite this, 53 percent of KPMG respondents reported that a lack of qualified candidates remains a challenge.
To ease that burden, CISOs and other leaders reported that they needed to either increase compensation (49 percent), boost internal training (49 percent), or rely more on external partners (25 percent), including MSSPs, to fill critical gaps.
This outlook suggests that CISOs and other security leaders are unwilling to give up staff or stop looking for talent even when budgets are tight due to the threats and risks their organizations face, said Seth Spergel, managing partner at Merlin Ventures.
“In some cases, an uncertain economy means reducing lower-value roles. But, generally speaking, there is still so much to do that few CISOs will willingly give up staff,” Spergel told Dice. “We see the growth opportunity around a hybrid model of talented cybersecurity practitioners being extended by AI capabilities. There are still very sensitive tasks and decisions that organizations cannot fully trust to AI, but we can now bring those human operators much more complete data very quickly with the help of these AI tools.”
Experts also note that while some cybersecurity hiring slowed because of AI, those with skills in generative and agentic AI technologies are seeing greater opportunities, especially as large organizations invest in virtual chatbots, tools and platforms.
“AI is increasing demand for higher-context roles involving agentic system design, advanced prompt engineering, context-based threat modeling and human-in-the-loop oversight of agentic systems,” Diana Kelley, CISO at Noma Security, told Dice. “This is why CISOs see AI changing the mix of skills and roles on their teams, not eliminating security organizations wholesale. Human judgment remains critical, especially where agentic AI systems interact with identity, access and production environments.”
In the coming 12 months, those cyber professionals who show a willingness to lead with an AI-first strategy are the ones who can take advantage of new opportunities and bigger budgets, said Robb Reck, chief information, trust and security officer at Pax8.
“AI isn't replacing cybersecurity professionals in 2026 – it's augmenting them. However, CISOs may still be hesitant to hire. Many companies are slowing hiring while they wait to see how AI agents will actually perform,” Reck told Dice. “The candidates who are getting hired? Those who lead with an AI-first mindset and can articulate how they'll drive transformation, not just use the tools. Security professionals who treat AI as something that will amplify their work rather than threaten it are the ones landing roles.”
Not everyone believes that budget increases will lead to more hiring. Rather than recruiting talent, Ram Varadarajan, CEO at security firm Acalvio, sees CISOs using those extra dollars to automate more systems to keep up with the pace of attacks and threats against networks.
“I don’t expect most CISOs to significantly grow their teams in 2026. Not because risk is shrinking, but because headcount no longer scales against the threat,” Acalvio told Dice. “The constraint isn’t budget or intent. It’s speed. When attacks unfold at machine pace, adding more humans doesn’t materially change outcomes. Teams will stay relatively flat while the nature of the work shifts.”
IAM, Cloud Remain Important Skills, Too
While AI captured most headlines in 2025, the KPMG survey makes clear that cybersecurity professionals who have skills related to cloud security and IAM remain important for CISOs and security executives.
Other studies have also shown that IAM is increasingly important at a time when non-human identities (NHI) proliferate and gain access to sensitive systems, networks and data. In turn, the increasing use of NHI can further expand the attack surface and give threat actors additional ways into an organization’s infrastructure.
“As is often the case, security teams are being asked to do more with the same number of people. Where I do see headcount growth is in cloud security and identity, while traditional SOC expansion is flattening,” Noma Security’s Kelly added.
The fact that NHIs, as well as other AI technologies, have legitimate uses that are also creating risks for organizations will add to the significant security issues that CISOs will continue to confront over the next 12 months, said Merlin Ventures’ Spergel.
“AI agents, while creating efficiencies and opportunities for cybersecurity executives, also create a whole load of new risks for organizations, and CISOs are still struggling to keep up with the evolving threats they bring. That’s going to keep them busy and pushing for budget for the foreseeable future,” he added.