Intelligence and automation enterprise, Exabeam, recently unveiled new findings from its multinational report, From Adoption to Accountability: The New Economics of AI in Cybersecurity.
The survey obtained responses from 750 IT decision-makers responsible for security in organizations with 500+ employees across 12 countries.
Cybersecurity budgets on the rise as AI alignment struggles to keep up with adoption
The report found that while cybersecurity budgets are increasing significantly, security leaders are accelerating AI transformation while falling behind on measurement, justification, and strategic alignment.
“Security leaders are getting mandates to invest in AI, but nobody’s given them a way to prove it’s working. You can’t measure AI transformation with pre-AI metrics,” said Steve Wilson, Chief AI and Product Officer at Exabeam.
“The problem isn’t that security teams lack data. They’re drowning in it. The issue is they’re tracking the wrong things and speaking a language the board doesn’t understand. Those are the budgets that get cut first. The window to fix this is closing fast.”
Contradictions in AI planning reveal gaps in strategic alignment
According to the survey, 95 percent of organizations plan to increase cybersecurity budgets in 2026, with 74 percent expecting to double their budgets.
At the same time, AI holds three contradictory positions in budget planning: 44 percent say AI is the top driver of budget increases, 44 percent say that it’s the first investment that would be cut if budgets tightened, and 32 percent say it’s the most challenging spend to justify to business stakeholders.
AI and automation are primary drivers of budget expansion in 2026. Cloud infrastructure growth and mainstream business AI adoption are also key drivers for budget expansion, according to 33 percent and 32 percent of respondents, respectively.
The challenge in comprehending budget spend
There’s a disconnect in investments that creates vulnerability for organizations. 87 percent of security leaders said they were confident in their investments to deliver business value, but 30 percent stated that among their biggest challenges in defending budget spending was lacking a board that understands the link between cybersecurity investment and business resilience.
This disconnect reveals a critical vulnerability: 63 percent of security leaders reported using quantified return on investment (ROI), and 59 percent reported using outcome metrics.
However, boards and executives still lack comprehension in the connection between security investment and business risk.
Security goals and business decisions still don’t align in many organizations
The disconnect is primarily due to the mismatch of security metrics and business-decision metrics.
“In AI-assisted environments, traditional metrics like mean time to resolution (MTTR) becomes almost automatic, so speed alone doesn’t prove risk has been reduced,” said Kevin Kirkwood, CISO at Exabeam.
“We need new ways to measure security effectiveness that actually show business impact, because boards don’t fund faster ticket closure, they fund measurable risk reduction and business resilience. We have to show that we’re not just responding quickly, but eliminating and improving the conditions that allow incidents to happen in the first place.”
Communicating ROI and value remain challenging for leaders
While the cybersecurity industry is seeing increased budget spending, security leaders are struggling to articulate AI’s business value to boards and CFOs.
Budget spending creates expectations, and organizations aren’t able to demonstrate clear value from AI investments, risking those budgets being retracted when economic conditions shift, according to the report.
Exabeam said that organizations that will succeed “are those that recognize deployment is only half the challenge.”
Success requires developing new frameworks to measure AI impact, creating outcomes-based metrics to tie security performance directly to business resilience, and establishing communication that translates technical improvements into business-impact language, enabling boards and the C-suite to understand the impact.
Earlier this year, Exabeam announced the expansion of UEBA to bring together AI agent behavior analytics. Learn more about Exabeam’s AI-driven security workflows to analyze AI agent behavior, unify investigations, and help organizations manage and mitigate AI usage risks.





