From AI to cyber risk, why IT leaders are anxious heading into 2026

Cybersecurity threats are shaping IT planning for 2026, with AI maturity and regulation emerging as another major source of disruption, according to a global survey from Veeam.

Veeam surveyed 250 senior IT and business decision-makers worldwide to understand how they view risks, readiness, and priorities.

Security threats top the list of disruptors

When respondents ranked expected disruptors for 2026, cybersecurity threats placed first. Nearly half selected security incidents as their top concern. AI maturity and regulation followed at just over 20%. Workforce shortages and cloud complexity ranked lower.

Concerns deepen when leaders assess their readiness. Many respondents said cyberattacks remain among the risks they feel least prepared to manage. Issues tied to AI and automation also ranked high in this category, reflecting uncertainty around how fast AI-driven threats may evolve.

When the survey drilled into specific data risks, AI-generated attacks stood out. About 66% of respondents identified them as the most significant threat to data. Ransomware also remained prominent, with roughly half of leaders highlighting it as a major risk heading into 2026.

Investment follows perceived risk

Security priorities are shaping spending plans. Strengthening cybersecurity emerged as the most frequently selected initiative for the coming year. Data resilience followed closely, indicating strong interest in protecting and recovering information during disruptive events.

More than half of respondents said they expect moderate to significant increases in budgets for data protection and resilience. These plans suggest leaders are directing resources toward areas they associate with operational stability and business continuity.

Governance concerns are also influencing strategy. Data sovereignty and regulatory compliance ranked as important for most respondents. Many said these factors are already affecting how cloud architectures and data placement decisions are made, particularly in regions with evolving privacy and security requirements.

Cloud growth strains visibility

The survey highlights ongoing challenges tied to cloud and SaaS expansion. 60% of respondents said their visibility into where data resides has declined as environments become more distributed. This loss of insight complicates efforts to secure data and manage compliance obligations.

Confidence in recovery remains limited. Only about 29% of leaders described themselves as very confident in their ability to recover data after a zero-day exploit. Most respondents reported moderate confidence, signaling continued concern about response and recovery capabilities during severe incidents.

Views on ransomware policy

The survey also explored opinions on ransomware payments. 70% of respondents said they support a ban on paying ransoms. About half expressed strong support for such a policy. These views suggest growing agreement among IT leaders that payment practices influence attacker behavior and broader risk levels.

“Cybersecurity and AI are today’s reality, and accelerating in 2026. Organizations must prioritize data resilience and compliance while embracing innovation responsibly,” said Anand Eswaran, CEO of Veeam.