TL;DR: Cybersecurity spending is projected to reach $240 billion in 2026, with most enterprises expected to allocate 8% to 12% of IT budgets to security and high-risk sectors more, while microsegmentation and identity controls absorb more of the spend as lateral movement and credential abuse accelerate, according to Elisity and Gartner. The budget story is no longer tool accumulation, but buying containment, identity governance, and operational speed that match attacker movement.
NHIMG editorial — based on content published by Elisity: 2026 Cybersecurity Budget: Complete Enterprise Planning Guide
By the numbers:
- Gartner projects global cybersecurity spending will reach $240 billion in 2026, a 12.5% increase over 2025.
- The cybersecurity workforce gap has reached 4.8 million unfilled positions worldwide, a 19% year-over-year increase.
- MFA alone can block 99% of bulk phishing attacks.
Questions worth separating out
Q: What breaks when identity controls are funded only as compliance spend?
A: Identity programmes become slow, fragmented, and under-scoped when they are funded only to satisfy audit requirements.
Q: Why do service accounts and workload identities belong in budget planning?
A: Service accounts and workload identities often carry the access that attackers can reuse after compromise.
Q: How do you know if segmentation spending is actually working?
A: Segmentation spending is working when fewer systems remain reachable after a compromise and incident containment time drops materially.
Practitioner guidance
- Fund containment before expansion Prioritise investments that reduce blast radius, such as microsegmentation, privileged access restriction, and identity scope reduction, before adding more monitoring tools.
- Tie IAM spend to measurable risk reduction Map IAM, PAM, and NHI initiatives to metrics such as fewer reachable paths, shorter containment time, and lower privileged-account exposure.
- Separate human identity and NHI funding lines Track service accounts, API keys, tokens, and workload identities as a distinct budget and governance category, not a sub-line buried inside general IAM.
What's in the full article
Elisity's full article covers the planning detail this post intentionally leaves for the source:
- Industry budget benchmarks by sector, including healthcare, manufacturing, and critical infrastructure
- ROI and payback assumptions for microsegmentation deployments across different environment sizes
- Detailed allocation guidance across Zero Trust domains, including identity, network, device, and data
- Planning examples that translate threat speed and compliance pressure into budget conversations
👉 Read Elisity's 2026 cybersecurity budget planning guide for identity and containment priorities →
2026 cybersecurity budget planning: what matters for identity and Zero Trust?
Explore further
Identity budget growth is becoming a proxy for resilience maturity. The article’s numbers show that enterprises are no longer buying security purely to satisfy compliance or expand tooling coverage. They are funding controls that reduce the cost of compromise, especially where identity and access determine how far an attacker can move. That shift is important for IAM and PAM teams because their budgets are increasingly being evaluated on containment outcomes, not administrative neatness. Practitioners should expect budget approvals to favour controls that shorten attacker dwell time and shrink lateral movement paths.
A question worth separating out:
Q: Which teams should be accountable for Zero Trust budget decisions?
A: Zero Trust budget decisions should be shared across security architecture, IAM, PAM, network, and NHI owners because the control set spans all of them. If one team owns only a slice, the organisation tends to overfund visibility and underfund enforcement. Accountability should follow the risk path, not the organisational chart.
👉 Read our full editorial: 2026 cybersecurity budgets are shifting toward identity and containment