Exabeam’s report, From Adoption to Accountability: The New Economics of AI in Cybersecurity, examines differences in cybersecurity strategies across the UK and Ireland (UKI). The study, based on a survey of 750 IT decision-makers, explores the relationship between rising budgets and increasing pressure to invest in AI within cybersecurity.
Cybersecurity budgets in the UKI are projected to increase in 2026, with 93% of organisations expecting growth. The primary driver of this investment is AI and automation, cited by 51% of respondents. The trend indicates a shift toward technology investment rather than traditional increases in staffing, reflecting the growing role of AI in security operations.
Although 93% of leaders report confidence that their investments are delivering value, challenges remain in communicating that value to executive stakeholders. The report finds that 26% of leaders face difficulties demonstrating the connection between cybersecurity investment and business impact at board level, as existing security metrics do not always clearly reflect business outcomes. This creates a gap between operational reporting and executive decision-making.
The study also highlights regional differences in AI adoption strategies. While the UK and Ireland show significant budget increases linked to AI adoption, Saudi Arabia reports a higher level of AI integration, with 75% of respondents stating that AI is already improving security operations. European and broader Asian organisations appear to take a more cautious approach, assessing long-term outcomes before expanding deployment at scale.
As cybersecurity budgets expand, organisations face increased expectations to demonstrate measurable outcomes. The report indicates that effective AI implementation requires more than technology deployment; it involves establishing outcome-based metrics that connect operational security improvements to business resilience and risk reduction.
In conclusion, the report suggests that organisations aiming to strengthen their cybersecurity posture may need frameworks that align technical investments with business impact. Security leaders may need to shift from traditional performance metrics toward measures that better reflect executive priorities and business risk management.
