Cybersecurity, AI set to shake IT leaders in 2026

Cybersecurity threats and the impact of artificial intelligence are set to be the biggest disruptors for IT leaders in 2026, according to new global research from Veeam.

The data resilience specialist surveyed more than 250 senior IT and business decision-makers across the Americas, Asia Pacific and Japan, and EMEA. The study examined views on security risks, AI, data management and recovery readiness.

Almost half of respondents identified cybersecurity threats as their largest single disruptor in the year ahead. Just over a fifth cited AI maturity and regulation as their top concern.

Ransomware and AI-driven attacks stand out in the responses. Leaders see emerging attack methods and tighter rules around AI as a major source of disruption for technology plans.

"IT and business leaders are entering 2026 with unprecedented complexity," said Anand Eswaran, CEO, Veeam. "Cybersecurity and AI are today's reality - and accelerating in 2026. Organisations must prioritize data resilience and compliance while embracing innovation responsibly. At Veeam, we see this as an opportunity to lead with trust, security, and simplicity."

Cyber risks rise

Security concerns dominate the risk landscape in the findings. Cybersecurity threats were cited by 49% of respondents as the biggest disruptor in 2026. AI maturity and regulation followed with 22%.

Talent and skills shortages came next on 10%. Cloud complexity and costs accounted for 8% of responses. Sustainability and ESG requirements were also cited by 8%.

When asked which risks they felt least prepared for, 29% pointed to cyberattacks. A further 27% highlighted AI or automation missteps.

Respondents also ranked specific data risks for the coming year. Ransomware was identified by 66% as a leading threat. AI-generated attacks followed at 50%, ahead of insider threats and cloud misconfigurations.

The data points to a shift in how leaders view AI. Many now see AI as both an operational tool and an attack vector.

Security and resilience spend

The survey shows security and resilience projects at the top of IT agendas. Respondents named strengthening cybersecurity as the single "must win" IT initiative for 2026.

Forty-five per cent selected cybersecurity as their priority initiative in one version of the survey data. A separate breakdown of the same question listed 24% for cybersecurity and 45% for AI and automation at scale. Building data resilience ranked second at 24% in one cut of the data and 15% in another.

Despite the variations, both sets of figures place security, AI and resilience ahead of customer experience and sustainable IT. These lower-ranked initiatives attracted single-digit response levels.

More than half of respondents expect higher budgets for data protection and resilience in 2026. Fifteen per cent forecast a significant increase in spend. Thirty-nine per cent expect a moderate increase.

Just under one in ten anticipate budget reductions. A third expect no change.

Data sovereignty pressure

Data sovereignty and compliance emerged as a major influence on cloud strategy. Forty-six per cent of respondents rated sovereignty as extremely important. A further 30% rated it as moderately important.

Only 5% said data sovereignty was not important in their cloud planning. The rest reported slight importance or uncertainty.

Leaders also highlighted data portability and reduced vendor lock-in as priorities. Twenty-eight per cent described this as extremely important. Thirty-five per cent said it was moderately important.

Customer expectations around data protection appear to be rising alongside regulatory pressure. Fifty-nine per cent said expectations had increased significantly or somewhat.

Visibility gaps

The research suggests many organisations struggle to keep track of their information. Respondents cited growth in multi-cloud and software-as-a-service environments as a factor.

Sixteen per cent said this growth had significantly reduced their visibility of where data resides. Forty-four per cent reported that visibility was somewhat reduced.

Only 8% said visibility had improved. Just over a quarter reported no change.

Recovery readiness remains another concern. Only 29% of respondents said they were very confident in their ability to recover critical data after a zero-day exploit. Fifty-nine per cent felt only somewhat confident.

Confidence in handling cloud outages is also limited. Twenty-one per cent said they were very confident about maintaining operations in a multi-day cloud provider outage. Forty-one per cent were somewhat confident, while 30% were not confident.

Accountability push

Respondents called for stronger governance and accountability across their organisations and supply chains. Many linked executive oversight and partner standards with better cybersecurity outcomes.

Forty-one per cent said increased executive-level accountability would have a major impact on cybersecurity and data protection. Thirty-one per cent expected a moderate impact.

Leaders also expect more from partners and suppliers. Half of respondents said it would be extremely important in 2026 for partners to meet their organisation's cybersecurity and data protection standards. Thirty-eight per cent described this as moderately important.

Support for tougher public policy is also evident. Seventy-two per cent said they support a ban on ransomware payments. Just over half strongly support such a ban.

The survey also explored the role of AI in data resilience. Half of respondents said AI would improve detection of security incidents. Almost a quarter expected better recovery outcomes through AI. Eighteen per cent warned that automation errors could increase risk.

"Cybersecurity and AI are today's reality - and accelerating in 2026," said Eswaran.