Cybersecurity threats and the impact of AI maturity and regulation are the two most significant disruptors facing the industry in the coming year.
This is the headline finding from a Veeam Software poll of 250 senior IT and business decision-makers conducted worldwide to uncover what key trends will shape IT in 2026.
Organisational data remains a critical concern: nearly 60% of respondents report reduced visibility of where their data resides due to the growth of multi-cloud and SaaS environments.
Meanwhile, AI-generated attacks are seen as the greatest risk of data security, and compliance pressures around data sovereignty – rated extremely or moderately important by 76% of leaders – are set to reshape cloud strategies worldwide.
“IT and business leaders are entering 2026 with unprecedented complexity,” says Anand Eswaran, CEO of Veeam. “Cybersecurity and AI are today’s reality – and accelerating in 2026.
“Organisations must prioritise data resilience and compliance while embracing innovation responsibly.”
The survey asked IT leaders what they see as the biggest disruptor in 2026, with nearly half pointing to security concerns.
- Cybersecurity threats were cited by 49% of respondents as the biggest disruptor.
- AI maturity and regulation followed as the second-largest disruptor, with 22% of respondents.
- Other major disruptors included Talent/skills shortages (10%) and Cloud complexity and costs (8%).
- When asked which risk they felt least prepared for, cyberattacks (29%) and AI/automation missteps (27%) topped the list.
- AI-generated attacks (66%) were seen as the most significant threat to data, even ahead of Ransomware (50%). This underscores a seismic shift: AI is no longer just a productivity tool; it is now a weapon in the hands of the attackers.
In response to these risks, IT leaders are prioritising security and resilience initiatives:
- Strengthening cybersecurity was overwhelmingly selected as the single “must win” IT initiative for 2026, chosen by 45% of respondents.
- Building data resilience was the second most popular “must win” initiative at 24%.
- Leaders are putting their money where the risks are with a combined 54% of respondents planning for a moderate or significant increase in their budget for data protection and resilience in 2026.
- Data sovereignty and compliance are shaping cloud strategy; 46% rated sovereignty as extremely important and 30% as moderately important. This highlights a growing recognition that resilience isn’t just technical – its regulatory and geopolitical. Organisations are preparing for a world where compliance and control over data location are as critical as firewalls and backups.
Despite heavy investment in cybersecurity, confidence in recovery remains alarmingly low, and reduced visibility across sprawling IT environments means leaders are often flying blind when it comes to knowing where their data resides. The survey revealed:
- Reduced Data Visibility: A substantial majority of IT leaders reported that the growth of their IT environment (for example, multi-cloud, SaaS) has somewhat (44%) or significantly (16%) reduced their visibility of where all their data resides.
- Recovery Confidence: Only 29% of respondents were very confident in their ability to recover critical data if hit by a zero-day exploit tomorrow; 59% were only somewhat confident.
- Cloud Outage Preparedness: 71% are either not confident (30%) or somewhat confident (41%) in maintaining operations during a multi-day cloud provider outage.
Leaders are calling for accountability at every level – from the boardroom to the supply chain. The strong support for ransomware payment bans reflects the frustration with the cycle of payouts fueling criminal activity.
By demanding higher standards from partners and executives, organisations are signaling that resilience is not just a technical issue, but a matter of governance and trust.
- Executive Accountability: An overwhelming majority believe increased executive-level accountability would have a major impact (41%) or moderate impact (31%) on improving cybersecurity and data protection.
- Partner Standards: 88% believe it will be extremely (50%) or moderately important (38%) in 2026 to ensure partners and suppliers meet their organisation’s cybersecurity and data protection standards.
- Ransomware Ban: When it comes to policy, 72% support a ban on ransomware payments, with 51% strongly supporting it.