“Corsica is a one-stop shop for us. If I have a problem, I can go to my vCIO or a number of people, and you take care of it. That’s an investment in mutual success.”
It takes dedicated experience to use technology strategically in your industry. That’s why we specialize in certain verticals while offering comprehensive technology services.
It’s that time of year again—time to nail down your organization’s cybersecurity budget.
This can be daunting, especially when it comes to cybersecurity. How do you fit those security investments into your overall IT budget? How much should you spend on security vs. the rest of your technology allocations? Do you need a managed cyber security partner?
Here’s the breakdown that we’re seeing so far: Companies are allocating 50% of their IT budget for cybersecurity in 2026. If that seems like a lot, consider the fact that the average cost of a data breach in 2025 was $4.4M.
Here are 9 trends we’re seeing as leaders maintain their 2026 cybersecurity budgets.
Key takeaways:
Predictable pricing is in high demand for IT and cybersecurity services.
Cybersecurity insurance, identity management, and endpoint protection are getting significant spend.
Employee training remains a cornerstone of cybersecurity budgeting.
Forward-thinking companies are asking their MSSPs about AI-powered cybersecurity tooling.
What are some ways that we see businesses thinking about the technology roadmap as they go into 2025? From a percentage standpoint, more than half the budget is being spent around cybersecurity. Yeah. More money isn’t always the solution to that problem. Welcome to the latest episode of Unraveling IT Expert Tech Talks. I’m Brian Harmison, CEO of Corsica Technologies, and I have with me Peter Rodenhauser, COO of Corsica Technologies. Welcome, Peter. Hey. How are you, Brian? Doing good. Good. Doing good. Good. Yeah. We’re enjoying some unseasonably warm weather. So that’s pretty exciting. It’s a great day to talk about technology. It is. Which I feel like we spend a lot of our days talking about. Well, it’s always a good day to talk about technology. It is. It is. Especially cybersecurity seems to be a hot topic, and we’re full into budget season here at Corsica. I know most of our clients are too. I think it’s a great opportunity for us to talk about technology budgets and Hey. Where to spend some money. For sure. For sure. Yeah. I mean, that’s where we’re spending most of our time right now in working with our clients as they are finalizing and preparing their 2025 budgets. And, you know, a big area of focus specifically within IT is, of course, around security and how to protect yourselves. And, you know, it’s interesting. There was a recent study published where those with cyber insurance, so those that are protected from an insurance perspective, 62 percent of those organizations have made claims against those policies. Oh. You know, which tells you that, you know, it’s great to be protected financially, but that doesn’t necessarily mean that you’re protected in terms of your endpoints and, you know, overall technology stack. Yeah. It’s probably pretty safe to say that every business we work with today has cyber insurance. So that that’s a pretty representative number likely of most modern businesses that are using technology, well over half Yep. Have made a claim, and pretty recently. Pretty recent. Yeah. Yeah. What year, probably? Yeah. Over the past year. Not our clients. Right. But yeah. It’s many organizations out there. And there’s a lot of repeat offenders, of organizations out there that make a second claim. Yeah. And that’s consistent with what we see in the onboarding process for a new client. It’s not uncommon for them to have two, three, four, sometimes even five events in their past that have led them to a point of saying they need a little bit extra help. When it comes to cybersecurity, I don’t think you can have enough help these days. What are some of the big areas that you see as far as where those compromises are occurring? Yeah. Well, the biggest, you know, from a category perspective continues to be around identity. And, you know, in terms of threats coming in, you know, in impersonating, accounts, so identity continues to be that top category. And best way, you know, that we see to protect that is, you know, obviously, you know, endpoint detection is a big plus, but, really, it comes down to you and I, the users, right, inside an organization and how well trained are those users. So, you know, programs around security awareness training is the biggest area to help organizations protect themselves. You know, that’s what we see most often in in the field. Yeah. For sure. And, you know, multifactor can bring a level of protection, but we see people multifactor fatigue. They get enough of those pop ups on their phone. They hit accept and allow a bad actor into one of their accounts. And that lines up well with what we see out in the real world as well. A lot of people talk about zero trust, talk about how they want to implement more identity protection, but it’s still people Yep. That are that are instigating those. I was on the phone with a client today. We were we were just talking about this who is mentioning that that if we could just get our users to stop clicking on things and even talking about some unnatural controls around, maybe we’ll not allow them to have any access to our environment outside of, you know, mobile devices that are you know, mobile devices that are managed by that environment. And that starts to get pretty cumbersome. But what what are some ways that that we see businesses today thinking about, you know, the technology roadmap as they go into to 2025? Certainly, identity protection is one of those. Mhmm. And they go into to 2025? Certainly, identity protection is one of those. What else are we seeing? Yeah. I was actually, you know, gonna ask you something similarly. I know you talk a lot with CEOs and CIOs. And, you know, from a percentage standpoint of an IT budget, I know that we’re seeing, what I’m seeing is, you know, more than half the budget is being spent around cybersecurity Yeah. You know, specifically, and programs to support it. Is that consistent with what you’re seeing? Yeah. It is. And more money isn’t always the solution to that problem, but it’s the solution we see pretty often. And, you know, out in the wild, we see a lot of bespoke solutions that that are trying to layer on different levels of protection, some more effective than others. But that spend continues to really dominate, and a lot of that’s out of the fear of, you know, what can happen in a world that we see spend shifting around a lot. We see continued moves to the cloud, to SaaS applications, less spend on on-prem hardware, more spend on network and wireless technology to enable the connections to those SaaS applications. And then far and away, security is the biggest area of spend. Yeah. And I think, specifically, within security, what I’m seeing is, you know, technology is one piece, but the people and process around improving incident response time Mhmm. Is really key. And in having that capability, event, or compromise, and that’s the key. Right? Yeah. Speed. Speed is what makes a difference. It’s the faster we catch it. And that’s true in all security. And, you know, physical security, home security, the faster you can detect a problem, respond to that problem, the better off you’re gonna be. And, you know, most organizations, that’s really hard. It’s hard to have a small team that’s focused on business applications, that’s focused on productivity, be aware, alert, and available to respond to those things. And, you know, AI comes into that that discussion a lot. A lot of cyber insurance companies provide incentives. If you use AI as part of your incident response plan, which we do and we’re a big fan of. But, ultimately, when it comes to the response containment and business continuity aspects, we need people in the loop that can make those decisions. And so AI can speed up some of that initial containment, but we still need, you know, cyber experts who can jump in and say, I’ve seen this before. I know how to handle it. And that’s where we see a lot of businesses struggle because the tendency can be, well, maybe I’ll go. I’ll buy some tools. I’ll hire a cyber analyst, and I think I’m in a good spot. But one person can’t do that job 24/7. And, you know, I’ve said it on this podcast before. The bad guys know our schedule and know how to target us. And Yeah. You know, most of us here in America are on a somewhat 8-5 schedule and have at least eight consistent holidays a year. Yeah. Yeah. Well, so you’re saying they’re not very courteous and they don’t they don’t intrude during 8-5 hours. They’re not. Okay. They’re not. Okay. Consistently, they’re not. Okay. So they are opportunists Yeah. Completely. Yeah. Well, you know, you mentioned AI. That that’s an area where us, even on our own operation, we’ve had a lot of success in deploying technology. And where we’re seeing the most, I’ll say, bang for the buck in terms of benefit and value is really in that detection Mhmm. And identification Yeah. Phase of a potential incident. And then to your point, you know, we need to get people involved pretty rapidly, pretty quickly to then really contain, and protect the rest of the environment, but potentially restore pieces of it. But, but that technology has been has really come a long way, in terms of improving the ability to detect. And, you know, something I’ve shared with clients a lot is, you know, it’s great that we have AI technology that that’s improving our ability to detect, but there’s also AI technology on the other side Yeah. That’s, you know, being more aggressive or more sneaky, than the technology we’re using. So Yeah. It’s a common warfare problem. One side typically follows the rules, and one side doesn’t fight fair. Yeah. And we absolutely see that. It’s driving a lot of investment in AI. And I think the big advantage that that we see is, you know, the speed at which those patterns can be recognized and finding the common threats and the common patterns and rapidly getting those in the hands of people that can move that in the right direction and have the rest of the business context. So I’m sure that’ll continue to improve here over the years as AI matures, but we feel pretty strongly that we’re gonna need people in those seats for a long time. Yeah. I think so too. And, you know, it’s really shifted where their focus is. You know, if I think about our own, you know, cyber organization a few years ago, a lot of the energy was spent around detection. Even threat hunting. And threat hunting. And now, you know, what even we’ve done ourselves has shifted them more towards the business continuity Mhmm. Side of the equation so that, you know, not if, but when there is some sort of impacting event, we can recover and restore as quickly as possible. Yeah. It’s freed up bandwidth on those professionals to expand their skill set Mhmm. Into, you know the cyber- I feel like so often we talk about cybersecurity like it is it’s own thing, but it’s really meant to be woven through the culture and the operations of our cybersecurity has to be a thread that goes through all of IT, but the rest of operations as well. We need our CFO and our controller to be thinking in terms of good cyber hygiene as they make wire transfers, and they make payments, and those types of things. Yep. Makes total sense. Yeah. So let’s role play here for a second. We’ll give you a new role. I know you’re a CEO. Let’s make you a CIO for a day of, you know, we’ll call it a $250 million dollar business organization, and you’re in the throes of budget season right now. Now. And you’re in the boardroom, and you’re going to bat for your budget. What are you what are you focused on? What are you what are you trying to drive home? Yeah. So, you know, in in today’s modern business landscape, the focus has to be on where’s our data, how are we using it, and how’s it driving profitability in the business. And the underpinnings of that are a good strong cybersecurity posture and a solid IT infrastructure. And so, you know, that’s where I’m spending my time if I’m in that seat. And that means I found partners in teams that handle those pieces for me. And where I have my IT team focused is on data, some level of business continuity, and really enabling the business to stay ahead. It’s a competitive world out there, and, we have to have our systems and our data visible, actionable, ready to use for our decision makers in the rest of the C suite. So you mentioned partnering, and I’m a bit biased because- I might be too. We- I might be, too. We have a great team, you know, here. But in all seriousness, where does it make sense to, you know, basically, you know, go all in on a partner and, you know, the services provided, do a little bit of a hybrid? You know, what are you seeing that’s working well, and what’s that- Yeah. Right formula? Yeah. I mean, we’re seeing a convergence of partnerships. And what I mean by that is we’re seeing MSSPs go away and kinda MSPs go away in their traditional form and really merge into, you know, a set of technology experts that are able to bridge across those areas that are now the core infrastructure of operating a business on top of technology. So it’s one partner. It’s not many. We all know that once we have multiple people responsible for something, we don’t have anyone ultimately responsible. And it’s finding that that partner that has the breadth of experience and, you know, that has some experience in in the areas that I’m counting on my team to do as well. You know, I mentioned data. You have a lot of experience in data as well. And while we might have some internal teams that own some of the deliverable and the day-to-day operational pieces of that from a production floor, for example, you need a partner that that can support the business-critical functions of how you move and use data within your business as well. Yeah. That makes sense. And something we often see is that, obviously, no two clients are the same. Right? No two businesses are the same. So we might have an organization that that may have a little bit of a stronger, I’ll say, security posture, and they need some help on the IT side or vice versa. So finding that partner that can provide both and offset and balance strengths and weaknesses is ultimately the key. Yeah. And partnership today from a managed service provider, regardless of the discipline, has to look like they’re part of your team. They have to feel like they’re part of your team. Long gone are the days of replacing an IT team with someone outsourced. A business of the kind of size that you’re talking about, by all means, needs people embedded in the culture of that business day in and day out. But those people can’t have the breadth of bandwidth that an organization like a Corsica can have that, supports hundreds of different companies and can bring that expertise and that experience to the table. Couldn’t agree with you more. I mean, I tell clients all the time, you know, we want to be an extension of your organization. And that’s how that’s how we view ourselves Yeah. Absolutely. As that extension in in whatever capacity or whatever discipline, you know, they need help in. Yeah. The more we know about the business, the more we can offer in terms of value. So Great. Totally great. Yeah. Great. Well, Peter, thanks for- Yeah. For joining me today. It’s great talking with you. Budget time is fun, but it is tiring. And technology is a common area where there’s a lot of questions about where do we invest and how do we invest. So I appreciate your time. Yeah. Absolutely. Thanks. And, we’ll enjoy the last few warm days of the season here. Alright. Thanks. Thanks.
1. Strong demand for predictable pricing in technology services
IT and cybersecurity providers aren’t known for friendly pricing. It’s standard practice in the industry to promise that everything’s in scope, but when you read the fine print in that 20-page contract, that’s not actually true. The scope turns out to be pretty limited, which means you’ll get surprise bills, cost overruns, and expenses that don’t fit into your IT and cybersecurity budget.
Here at Corsica, we’re fixing this issue. Every organization deserves predictable pricing that doesn’t wreck the budget. That’s why we offer unmetered technology services for one predictable monthly price.
How big is the difference between our pricing model and the other guys?
2. Widespread budgeting for cybersecurity insurance
Nearly every business we work with today has cybersecurity insurance. If that’s a surprise, remember the average cost of a data breach. $4.88M is a lot of money for a midmarket organization.
Now here’s where it gets crazy. Delinea’s 2024 Cyber Insurance Report found that 62% of organizations with cyber insurance have filed claims against their policies. Meanwhile, 27% of companies with policies have filed multiple claims.
The repeat claims don’t surprise us. That’s consistent with what see in the onboarding process for a new client. They’ve often had two, three, four, or even five events in their past, all of which led them to seek extra help. These days, you really can’t have enough cybersecurity assistance.
Here at Corsica Technologies, we’ve never had a client file a claim, which speaks to the power of our managed cybersecurity offerings and our Cybersecurity Service Guarantee. But more importantly, we recommend cybersecurity insurance to every new client if they don’t have it already. It’s just good to have that financial backstop in place.
Now, where are those breaches occurring for companies that file claims?
You might be surprised to find that identity and access are the biggest liabilities today. That’s why they’re emerging as a significant trend in cybersecurity budgeting.
3. Budgeting for identity management and endpoint protection
Identity-driven attacks remain a huge problem. This is the kind of attack that the Corsica team sees and stops most often.
What does this look like?
Threat actors attempt to gain access to a legitimate user account on one of your systems. This could be a Microsoft 365 account, a server admin account, or any user account that has privileged access to a system. Once they get in, they try to move laterally within your network. If you haven’t implemented Zero Trust, moving laterally may be all too easy.
In terms of technology, the rise of identity-driven attacks has led to an emphasis on endpoint detection solutions—particularly MDR (managed detection and response). This type of solution comes with two powerful components:
Endpoint detection and response software that finds unauthorized activity on your network.
Expert-managed services to monitor your endpoints and respond to issues.
MDR solutions are essential—but they’re not enough.
Ultimately, secure identity management comes down to people. It’s your team members who will stop threats—or let them in.
Are your employees equipped to defend your organization?
This is a crucial question in cybersecurity budgeting season, and it’s driving a significant trend for 2026.
4. Investment in cybersecurity awareness training
I recently spoke to a client who said, “If we could just get our team to stop clicking on things, we could stop all these breaches!” This client was thinking about implementing some fairly stringent controls, like not giving users any access to their environment outside mobile devices managed by that environment.
Though this is achievable with MDM software, in their case, it would’ve been cumbersome. Still, I understand where they’re coming from. If your team isn’t aware of best practices, or if those best practices aren’t woven into your company culture, you may need some heavy-duty restrictions.
But the first line of defense should be cybersecurity awareness training. It’s the ideal tool to counteract identity-driven attacks—which are getting more and more sophisticated. These attacks are frequently executed through some form of phishing, whether that’s an “urgent” email with a malicious link, a text message impersonating an executive, or even a phone call with an AI-generated voice.
As these attacks get more powerful and more deceptive, forward-thinking leaders are engaging their teams in continuous training for cybersecurity awareness. It’s not enough to train everybody once, then go back to business as usual. Threats are evolving too fast—especially in the age of AI.
This is why we’re seeing so many companies turn to recurring training. Whether the cadence is monthly, quarterly, or some other interval, the main thing is to work with a partner who continuously updates their training to reflect new threats.
Of course, employee vigilance won’t solve all your cybersecurity problems. Some organizations are trying to approach cybersecurity in an incremental fashion—which leads to our next trend in cybersecurity budgeting.
5. Budgeting for ad hoc cybersecurity solutions
Out in the wild, we see ad hoc cybersecurity solutions that try to layer on different levels of protection. Rather than taking a comprehensive approach or working with a partner, a company may try to start with existing cybersecurity controls and build on them as they’re able.
The challenge here is the lack of a comprehensive approach. Maybe you add great protection to one attack surface, but maybe you’re not even aware of growing threats against another unprotected surface.
Maybe there are economies of scale to be gained from data integration—but you’re still working with disconnected systems that require tons of duplicate effort.
Don’t get me wrong, unique approaches can definitely work. But it’s best to develop them with an expert partner who can help you get maximum value for your cybersecurity budget—while also bringing up issues and opportunities that your team hasn’t thought of.
6. Budgeting for cloud, SaaS, and network security
This IT budgeting trend has existed for quite some time, but it gets stronger every year.
As organizations shift their spending away from on-premises hardware to the cloud and SaaS applications, they have to shift their cyber budgets as well.
What does this mean?
We’re seeing more allocations for cloud security managed services, which address unique security challenges that didn’t exist in the on-premises world. We’re also seeing an emphasis on network and wireless capabilities to enable the bandwidth requirements of a SaaS-first organization. In some cases, organizations have over-rotated to the cloud, and we’re actually seeing reverse migrations from the cloud back to on-premises systems.
For midmarket companies, it’s a lot to handle.
Even if you have IT resources on staff, they may not have time left for cybersecurity, which leads us to our next budgeting trend.
7. Engaging a strong partnership for cybersecurity
Technology is one piece of the puzzle—and midmarket companies can certainly purchase cybersecurity tools. The real challenge is finding great people.
You can’t hire one cybersecurity analyst to work 24/7 with the tools you’ve licensed. It’s just not feasible. Clearly, you need more than one person. But these professionals are expensive. Their job market will grow 32% between 2022 and 2032—which is 10x the average growth rate of all jobs.
But you need 24/7 monitoring and expert interpretation of events and incidents. You also need a consistently fast response. Even if you have a cyber team of three people working the day shift, who’s going to handle those late-night attacks? Cybercriminals don’t keep to a nice polite schedule. They know when the majority of businesses are most vulnerable.
This is why companies are turning to managed cyber security services—often in a co-managed arrangement in which your provider works alongside your staff.
But not all cybersecurity partners are created equal. You want to make sure your provider keeps up with the latest in AI tools for cybersecurity—which leads us to our next budgeting trend.
8. Investment in AI tools for cybersecurity
AI is having a massive impact on cybersecurity. Threat actors are using AI for increasingly sophisticated attacks, while cybersecurity software companies are building more and more powerful solutions that run on AI. This technology is so powerful, that cyber insurance companies are providing incentives if you use AI as part of your instant response plan.
We’re huge fans of this approach at Corsica, and AI plays a crucial role in our response processes. We believe AI tools are an essential consideration in the cybersecurity budgeting process. The key, though, is to understand what AI does well—and where it needs human help.
So what does it do well?
AI is an incredible tool for threat hunting, detection, and identification. These stages of the containment process require a rock-solid analytical approach rather than human judgment or creative problem-solving.
Of course, AI can’t eradicate a threat or repair any damage. You still need to get people involved ASAP to contain a threat and protect the rest of the environment. If there’s any restoration to be done, that’s 100% a human job as well.
But the power of AI lies in its threat detection abilities—and in the strategic shift that it enables.
A few years ago, cybersecurity teams spent a lot of human energy on threat hunting and detection. AI actually does that so well, that we can offload that burden and turn our focus toward complex strategic questions. That means the business continuity side of the equation. You want your human experts working hard on that so you can recover as quickly as possible—not if, but when you have a catastrophic incident.
9. Budgeting for ongoing compliance efforts
Compliance is essential in today’s cybersecurity landscape. Whether it’s mandatory regulation or voluntary adherence to a security framework, every organization benefits from maintaining compliance.
As we head into 2026, we’re seeing wise investment in compliance. Across numerous industries, our clients are pursuing the frameworks that fit their businesses and customers.
HIPAA
CMMC 2.0 (levels 1 and 2)
PCI DSS
FTC Safeguards Rule
NIST Cybersecurity Framework
Cyber Insurance Readiness
Cybersecurity Fundamentals
CIS Controls v8
And others
While compliance often involves one-time projects, it isn’t a “set it and forget it” initiative. Systems, threats, and regulations continue to evolve. This is why many companies are turning to IT compliance services to ensure they’re keeping up.
The takeaway: Get an expert perspective as you develop your cyber budget
The right cybersecurity budget will look different at different organizations. You want to take a smart, nuanced approach that fits your unique strengths and weaknesses. Yet it’s challenging to keep up with evolving threats and solutions in cybersecurity. If you’re looking for an expert perspective, drop us a line. Our dedicated cybersecurity specialists have seen it all. We’re happy to advise you on those tough IT budgeting decisions.
Need an expert perspective on your cybersecurity budget?
Reach out to schedule a consultation with our security specialists.
Brian Harmison is the CEO of Corsica Technologies, a leading IT solutions provider, with over two decades of experience in technology. He has held key leadership positions in renowned technology companies, specializing in IT strategy, cybersecurity, AI strategy, and managed services. His vision has driven Corsica Technologies’ growth and transformation, making it a trusted partner for managed IT solutions and managed cyber security services. Through collaboration, mentorship, and team development, Brian positions Corsica Technologies for continued success and innovation in IT and cybersecurity.
💡 Compare Copilot vs. ChatGPT Get Your FREE Chart Originally published November 1, 2023. Completely refreshed March 31, 2026. Short answers: ChatGPT is better for general-purpose tasks and non-Microsoft users. Copilot is the clear winner for Microsoft 365 environments. Both
💡 Ready to grow with AI? Let’s talk about your transformation. Book a Consultation Technology isn’t the finish line. It’s the force multiplier—and that’s especially true of AI solutions. For modern business leaders, the goal isn’t simply to accumulate more tools. Rather, it’s to create more impact, drive faster decisions, and generate outcomes that actually
💡 Ready to improve your security? Talk to us about your challenges. Book a Consultation The recent cyberattack on Stryker, a leading manufacturer of medical equipment, offers a sobering window into the vulnerabilities that companies tolerate every day. As I
