What adjustments are you planning to make to your org’s cyber budget for 2026 (if any)?

Similar response to the other comment - our focus is around value realisation rather than spend. We will invest in areas that help us to move to or maintain our risk appetite by increasing the effectiveness of our controls. The investment won't be net new budget alone but a combination of freeing up budget from low value activities and some additional spend particularly in areas to support us where we are taking on additional services or service coverage.

Every year brings its own set of challenges, and 2026 is shaping up to be no different. When it comes to cyber budgeting, we’re approaching it through our usual planning cycle—grounded in business priorities, regulatory shifts, and the evolving threat landscape. One thing we always recommend is conducting a fresh Threat Landscape Assessment. It helps clarify which risks are worth tackling head-on and which ones might be acceptable based on impact and feasibility. From there, budget decisions become a lot more targeted and defensible.

For 2026, our cybersecurity budget planning is driven by value optimization rather than linear growth. Leveraging Gartner’s cost optimization frameworks, we’re focusing on reallocating spend toward initiatives that directly support business resilience and measurable risk reduction, rather than simply increasing the budget.

A few concrete adjustments include:

Rationalizing toolsets: We’re consolidating overlapping security solutions, especially in endpoint and identity protection, using Gartner’s ‘Converged Platforms’ and ‘Cybersecurity Mesh Architecture’ models to simplify management and reduce license costs.

Outcome-based prioritization: Budget is shifting toward controls that can demonstrate quantifiable impact (e.g., improvements in MTTD/MTTR, risk quantification outcomes, or compliance automation).

Increased automation investment: Spending slightly more on automation and SOAR capabilities to reduce manual effort and dependence on headcount growth — long-term cost efficiency is the target.

Vendor and contract optimization: Reviewing all vendor relationships using Gartner’s Total Cost of Ownership (TCO) model, ensuring we’re not overpaying for features we don’t use.

Strategic reductions: We’re cutting non-essential ‘feel-good’ security spend (awareness tools with limited engagement, redundant consulting engagements, etc.) and reinvesting in metrics-driven initiatives like continuous controls monitoring and threat exposure management.

In short, the 2026 budget is not about spending more — it’s about spending smarter, aligning every dollar to risk reduction and business enablement.