The Key Security Trends to Know in 2026

In 2025, security took center stage. As we unpack 2026, security will become even more important.

Last year, cybercriminals evolved their attacks — from sophisticated deepfakes to AI-powered phishing. In the fourth edition of our recent State of IT: Security report, which surveyed more than 4,000 IT leaders worldwide (including more than 2,000 security and compliance specialists), we explore this new dynamic, offering critical insights for organizations looking to innovate while staying secure.

Here are the top 4 takeaways from the report that you should know for 2026.

1. Security budgets are on the rise (again)

Over the past five years, IT security budgets as a percentage of overall IT spending have steadily increased, rising from 8.6% in 2020 to 13.2% in 2024. This trend is projected to continue.

Growing budgets underscore a hard reality: AI attacks, like data poisoning and privacy leakage, carry devastating financial and reputational costs. This financial commitment reflects organizations looking to close the gap by attracting specialized professionals, investing in the next generation of security technology, and implementing comprehensive security strategies.

2. Trust is everything

According to the report, 64% of customers believe that companies handle their data irresponsibly, and 61% see AI as heightening the need for data protection. Trust and privacy are top of mind for consumers, and it’s imperative that businesses treat it as a priority.

Ultimately, security is a shared responsibility between companies and their customers. While end-users must leverage available security features, organizations must lead by demonstrating technical integrity. Businesses can build and maintain customer confidence by demonstrating a commitment to data security, ensuring transparency in data usage, and implementing stringent security protocols.

3. Compliance isn’t getting any easier

Complexity of the regulatory landscape is placing a strain on security leaders. Sixty-eight percent of security leaders report a tangible increase in the difficulty of maintaining compliance, driven by the rapid and often fragmented rollout of new regulations across different regions and industries. 

But that’s not all. 

AI-specific regulations are another emerging challenge. Forty-three percent of security leaders admit to feeling underprepared for the potential wave of rules and guidelines that may govern the development and deployment of AI technologies. The need for more explicit guidance and proactive strategies to address AI-related compliance is becoming increasingly important.

4. AI is a double-edged sword

The great paradox of 2026 is that AI is our best hope for detection and our greatest vulnerability to exploitation. While digital defenses get stronger, the same tools can enable hackers to bypass them.

Eighty percent of security leaders recognize the transformative potential of AI in enhancing their security posture through automated threat detection, faster incident response, and advanced vulnerability analysis. At the same time, they also acknowledge the new security and compliance challenges it introduces.

Risks include AI systems being exploited by malicious actors, the complexities of securing AI algorithms and training data, and the need to adapt existing compliance frameworks to address the unique aspects of AI deployments. Navigating this dual nature of AI requires establishing governance frameworks, proactive risk management strategies, and a continuous learning approach to stay ahead of potential AI-driven threats.

Ready to dive deeper? Whether you’re a security leader navigating AI governance, addressing increasing compliance demands, or aiming to build greater customer trust, the State of IT: Security report offers valuable perspectives from peers across industries and geographies.

Additional reading

Invisibles, Configurables, and Enhanceables: How Salesforce Keeps Your Data Secure. Trust is our #1 value, and the security of your data is at the core of everything we do. Take a look at Salesforce’s comprehensive, multi-layered security architecture designed to protect your information from an ever-evolving threat landscape.

5 Principles for Managing Your Data’s Compliance Lifecycle. From minimization to auditability, here’s how to move from reacting to regulations to proactively building a compliant data strategy.

Salesforce Backup & Recover Named a 2026 Leader in SaaS Backup. Backup & Recover has achieved Leader status across several G2 Winter 2026 Grids for SaaS Backup, including the Overall, Mid-Market, and Enterprise Grids. Learn why in the blog.

Top AI News in 2025. This past year wasn't just another year of hype — things got real. The most-read stories on Salesforce's 360 Blog reveal that we're moving past "what if..." to "how to..." See what made the list and get your strategy ready for 2026.

Upcoming events

• January 20: True to the Core Deep Dive: Reporting and Analytics
• January 21: Agentforce 360 Platform: ALM and Security
• January 28: Agentforce NOW AMA: Accelerate Agentic Workflows with Agentforce Grid 
• Save the date! April 15-16: TDX 2026