Budgets for AI-related cybersecurity are increasing at most enterprises and now make up more than 11 percent of total cybersecurity spending, according to a new research report from Information Services Group (ISG) (Nasdaq: III), a global AI-focused technology research and advisory firm.
The ISG Market Lens™ 2026 Cybersecurity Report, published today, draws on survey data and adoption patterns observed in ISG advisory engagements that show organizations see AI as their biggest security threat and believe they are not spending enough to address AI-related risks.
A survey conducted in April and May 2026, covering primarily large enterprises in the Americas and Europe, found that 74 percent of respondents have increased their investment in AI-specific tools and solutions and 69 percent increased their budget to monitor and detect AI-specific threats. Emerging AI threats was most often cited as the top security risk of the next two years, continuing a trend found in a 2023 ISG survey, but 58 percent of respondents said their current budgets for AI-related cybersecurity are insufficient.
“Enterprises are struggling to keep up with AI-based security threats,” said Alex Bakker, ISG distinguished analyst and co-author of the report. “They need to overcome skills shortages and growing infrastructure complexity while balancing innovation with legacy technology requirements. The cyber criminals they compete with have none of those constraints, and AI is making the gap even bigger.”
The survey finds that overall enterprise cybersecurity budgets increased by an average of 5 percent from 2025 to 2026. Organizations increasingly combine internal security resources with outside partners, especially managed security service providers (MSSPs): The average enterprise spent half its budget on internal investments, nearly 34 percent on MSSPs and just over 17 percent on external consulting and project-based support.
Many organizations still fear the security implications of AI even as they continue to adopt the technology. Most respondents have moved beyond pilots, with 64 percent using AI in limited production and 24 percent in widespread deployments. However, 65 percent of enterprises are only moderately confident of the security of AI. A majority (58 percent) say their current security systems only partially account for AI-related risks.
As AI adoption grows, enterprises are taking more steps to protect data and systems. More than two-thirds have established access controls over AI tools, and 61 percent have implemented safeguards against data leakage. Three-quarters of respondents said they evaluate AI tools for data privacy and security risk. More than one-third have comprehensive governance frameworks covering most AI activities, while 59 percent have partial frameworks. In most cases, these frameworks cover data privacy and protection, acceptable use and ethical guidelines. Only 38 percent with a framework said it covers AI explainability and transparency.
AI is expanding and changing the role of enterprise security teams. One-third of respondents said they have seen significant growth in their scope of work, and 5 percent report a transformational change. Many security teams have a central role in AI delivery, with one-third acting as co-owners with data, IT and engineering organizations, giving them decision rights over AI use cases. About half of security teams report they have expanding roles in policy development, user education, vendor risk review and data loss prevention and monitoring.
“Security teams are becoming involved earlier in strategic decisions on AI use cases and are assuming joint responsibility for governance,” said Doug Saylors, partner and head of ISG Cybersecurity, Cloud and Infrastructure. “AI is adding complexity to cybersecurity needs and increasingly requiring enterprises to seek outside partners to address diverse emerging threats.”
MSSPs remain critical to cybersecurity as AI introduces new risks and vulnerabilities, the research finds. Threat complexity, lack of skills or staff and the need for 24-hour monitoring are the top reasons for outsourcing. One-third of organizations responding to the survey said AI has increased their reliance on outsourcing providers for advanced security capabilities, while an equal number report no change. Only 20 percent said AI is reducing their reliance on outsourcing by enabling more automation of cybersecurity.
Additional information on the ISG Market Lens Cybersecurity report is available here.
About ISG
ISG (Nasdaq: III) is a global AI-centered technology research and advisory firm. A trusted partner to more than 900 clients, including 75 of the world’s top 100 enterprises, ISG is a long-time leader in technology and business services that is now at the forefront of leveraging AI to help organizations achieve operational excellence and faster growth. The firm, founded in 2006, is known for its proprietary market data and research, in-depth knowledge and governance of provider ecosystems, and the expertise of its 1,500 professionals worldwide working together to help clients maximize the value of their technology investments.
View source version on businesswire.com: https://www.businesswire.com/news/home/20260630798378/en/
Media gallery
