Cybersecurity risks and the growing impact of artificial intelligence are set to define the technology landscape in 2026, according to a global survey commissioned by Veeam Software. The study, which polled more than 250 senior IT and business decision-makers across the Americas, APJ and EMEA regions, highlights mounting anxiety over cyberattacks, data visibility and regulatory pressure as organisations prepare for another year of rapid digital change.
The survey found that nearly half of respondents identified cybersecurity threats as the single biggest disruptor for IT leaders in 2026. AI maturity and regulation followed closely behind, reflecting concerns that automation and generative technologies are evolving faster than governance frameworks. Talent and skills shortages, along with cloud complexity and rising costs, were also cited as significant pressures shaping technology strategies for the year ahead.
At the same time, organisational data has become harder to track and protect. Almost 60 percent of respondents said their visibility into where data resides has declined due to the expansion of multi-cloud and software-as-a-service environments. This lack of clarity is compounding fears around security, compliance and recovery, particularly as AI-driven threats become more sophisticated.
“IT and business leaders are entering 2026 with unprecedented complexity,” said Anand Eswaran, CEO of Veeam. “Cybersecurity and AI are today’s reality, and accelerating in 2026. Organizations must prioritize data resilience and compliance while embracing innovation responsibly. At Veeam, we see this as an opportunity to lead with trust, security, and simplicity.”
AI-driven threats reshape the cybersecurity risk landscape
One of the clearest signals from the survey is the changing nature of cyber risk. AI-generated attacks were identified by 66 percent of respondents as the most significant threat to data security, surpassing even ransomware, which was cited by 50 percent. This shift suggests that AI is no longer viewed solely as a productivity tool but increasingly as a weapon that attackers can use to scale and automate sophisticated threats.
When asked which risks they felt least prepared to handle, respondents most frequently pointed to cyberattacks and AI or automation missteps. This lack of preparedness comes despite years of sustained investment in cybersecurity tools and services. Confidence in recovery remains limited, with fewer than one in three respondents saying they were very confident in their ability to recover critical data following a zero-day exploit. Most described themselves as only somewhat confident, underlining persistent gaps between security spending and real-world resilience.
Preparedness for major cloud outages also emerged as a weak point. More than 70 percent of IT leaders said they were either not confident or only somewhat confident in their ability to maintain operations during a multi-day outage at a cloud service provider. As organisations continue to rely on complex, distributed environments, the findings suggest that operational resilience has not kept pace with architectural change.
Data resilience, sovereignty and accountability move up the agenda
In response to these challenges, IT leaders are prioritising initiatives that strengthen security and resilience. Strengthening cybersecurity was selected as the top “must win” initiative for 2026, followed by building data resilience. More than half of respondents said they plan to moderately or significantly increase budgets for data protection and resilience over the coming year, signalling a shift in spending towards defensive and recovery-focused capabilities.
Data sovereignty and compliance are also playing a larger role in shaping cloud strategies. A combined 76 percent of respondents rated data sovereignty as extremely or moderately important, reflecting growing awareness of regulatory, geopolitical and jurisdictional risks. The findings indicate that organisations increasingly see control over data location and portability as just as critical as traditional security measures such as firewalls and backups.
Beyond technology, there is a strong call for accountability and shared responsibility. A large majority of respondents believe that increased executive-level accountability would have a meaningful impact on improving cybersecurity and data protection. Expectations of partners and suppliers are also rising, with nearly nine in ten respondents saying it will be important in 2026 to ensure external vendors meet the same cybersecurity and data protection standards as their own organisations.
Support for policy intervention is particularly strong when it comes to ransomware. The survey found that 72 percent of respondents support a ban on ransomware payments, including more than half who strongly support such a move. This reflects frustration with a cycle in which ransom payments are seen as fuelling further criminal activity, and signals a desire for stronger external standards and clearer governance across the industry.
Taken together, the findings suggest that 2026 will be defined less by new technologies and more by how organisations manage risk, resilience and responsibility in an increasingly complex digital environment. As AI adoption accelerates and cyber threats evolve, IT leaders appear to be recalibrating priorities around trust, recovery and long-term control over their data.
