The Exabeam report, From Adoption to Accountability: The New Economics of AI in Cybersecurity, reveals a significant paradox within the cybersecurity landscape as organisations ramp up their budgets in 2026 yet struggle to justify investments in artificial intelligence (AI).
The global survey, encompassing 750 IT security decision-makers across 12 countries, indicates that 95% of organisations are increasing their cybersecurity budgets this year, with 74% experiencing double-digit growth attributed mainly to AI and automation.
While AI is the leading catalyst for budget expansion, accounting for 44% of the increase, it is also viewed as the first area to be cut when financial constraints emerge. Furthermore, 32% of security leaders report that they find it challenging to demonstrate the tangible value of AI investments to business stakeholders.
Commenting on the difficulty security teams face. “The problem isn’t that security teams lack data. They’re drowning in it. The issue is they’re tracking the wrong things and speaking a language the board doesn’t understand. Those are the budgets that get cut first,” asserted Steve Wilson, chief AI and product officer at Exabeam.
The report highlights a critical disconnect: while 87% of security leaders believe their investments yield substantial business value, 30% struggle to establish the link between cybersecurity expenditures and improved business resilience.
This gap poses a considerable vulnerability, especially in regions such as Asia, where cybersecurity spending is often scrutinised against strict regulatory demands.
CISOs in Asia are particularly impacted by regional disparities in AI adoption. Countries like Saudi Arabia lead with 75% of organisations reporting enhancements in security operations through AI, compared to just 27% in Japan. This discrepancy underscores differing national priorities in digital transformation efforts, with Asian and European organisations tending towards cautious evaluation of AI initiatives.
Kevin Kirkwood, CISO at Exabeam, emphasised the importance of new metrics for evaluating security effectiveness in AI-integrated environments, stating, “Speed alone doesn’t prove risk has been reduced.”
He called for a shift towards metrics that demonstrate real risk reduction and business resilience, rather than merely measuring operational efficiency.
As Asia's cybersecurity landscape evolves, the challenge for CISOs will be to adapt and refine their measurement frameworks to effectively communicate the impact of their investments in AI.
With the cybersecurity sector experiencing unprecedented budget increases, those who can articulate the business value and long-term benefits of AI will secure their funding amidst potential economic shifts.
