Exabeam has released a new multinational report highlighting a widening gap between rising cybersecurity investment and organizations’ ability to measure and justify returns on artificial intelligence spending.

The report, From Adoption to Accountability: The New Economics of AI in Cybersecurity, is based on a survey of 750 IT decision-makers overseeing security at organizations with more than 500 employees across 12 countries. It finds that although cybersecurity budgets are expanding at record levels, many security leaders are struggling to align AI investments with business metrics and board-level expectations.

According to the findings, 95% of organizations plan to increase cybersecurity budgets in 2026, with 74% anticipating double-digit growth. AI plays a central yet sometimes contradictory role in this expansion. It is cited as the leading driver of budget increases at 44%, yet it is also identified as the first area to face cuts if spending tightens at 44%, and as the most difficult category to justify to business stakeholders at 32%.

Steve Wilson, Chief AI and Product Officer at Exabeam, said many security teams lack the frameworks needed to demonstrate the effectiveness of AI initiatives. He noted that traditional performance metrics are often ill-suited to measuring AI-driven transformation, and that boards frequently struggle to connect technical security indicators with broader business outcomes.

The report shows that AI and automation are the primary catalysts for cybersecurity budget growth in 2026 at 44%, followed by cloud infrastructure expansion at 33% and broader enterprise AI adoption at 32%. Notably, much of the additional spending is being directed toward technology rather than headcount, reflecting a structural shift in how security operations are managed.

Although 87% of security leaders believe their investments are delivering business value, 30% cite limited board understanding of the link between cybersecurity spending and business resilience as their biggest challenge when defending budgets. While 63% report using quantified return-on-investment metrics and 59% rely on outcome-based measures, many executives remain unconvinced about how security investments mitigate enterprise risk.

The findings suggest that the challenge lies not in a lack of data, but in a disconnect between security metrics and the financial and risk frameworks used by boards and CFOs.

Regional disparities in AI adoption are also significant. In Saudi Arabia, 75% of respondents said AI is already enhancing security operations, compared with 27% in Japan and 30% in the Netherlands. This reflects differing national priorities and approaches to digital transformation and risk management.

The report concludes that while cybersecurity budgets are growing rapidly, their long-term sustainability will depend on organizations’ ability to clearly demonstrate AI’s business value. Without stronger accountability, future spending could come under pressure if economic conditions tighten.