Cybersecurity threats and the impact of AI maturity and regulation are the two most significant disruptors facing the industry in the coming year, a survey of 250 IT leaders by data backup and resilience company Veeam Software shows.

Organisational data remains a critical concern, with nearly 60% of respondents reporting reduced visibility of where their data resides owing to the growth of multi-cloud and software-as-a-service environments.

Further, AI-generated attacks are seen as the greatest risk to data security.

Meanwhile, compliance pressures around data sovereignty, which were rated as extremely or moderately important by 76% of leaders, are set to reshape cloud strategies worldwide, the company adds.

Specifically, cybersecurity and AI dominate the disruptors and risk landscape. Cybersecurity threats were cited by 49% of respondents as the biggest disruptor, while AI maturity and regulation were cited by 22%, and viewed as the second-largest disruptor expected in 2026.

Other major disruptors include talent and skills shortages, cited by 10% of leaders, and cloud complexity and costs which were cited by 8% of them.

Similarly, 29% of respondents said the risk they felt least prepared for was cyberattacks, followed by AI or automation missteps at 27%.

Meanwhile, AI-generated attacks, cited by 66% of leaders, were seen as the most significant threat to data, even ahead of ransomware at 50%. This underscores a seismic shift that AI is no longer just a productivity tool, but is now a weapon in the hands of the attackers.

In response to these risks, IT leaders are prioritising security and resilience initiatives.

Strengthening cybersecurity was overwhelmingly selected as the single "must win" IT initiative for 2026 by 45% of respondents. Building data resilience was the second, at 24%.

Leaders are putting their money where the risks are, as a combined 54% of respondents planned for a moderate or significant increase in their budget for data protection and resilience in 2026.

However, data sovereignty and compliance are shaping cloud strategy, and 46% of respondents rated sovereignty as extremely important and another 30% as moderately important.

This highlights a growing recognition that resilience isn't just technical, but is also regulatory and geopolitical. Organisations are preparing for a world where compliance and control over data location are as critical as firewalls and backups, Veeam says.

Additionally, despite heavy investment in cybersecurity, confidence in recovery remains low, and reduced visibility across sprawling IT environments means leaders often do not know where their data resides.

Further, only 29% of respondents were very confident in their ability to recover critical data, if they were to be hit by a zero-day exploit, although 59% reported being somewhat confident, the survey shows.

Meanwhile, IT leaders are calling for accountability at every level, from the boardroom to the supply chain, Veeam notes.

The strong support for ransomware payment bans reflects the frustration with the cycle of payouts fuelling criminal activity.

By demanding higher standards from partners and executives, organisations are signalling that resilience is not just a technical issue, but a matter of governance and trust.

Specifically, 41% of respondents said increased executive-level accountability would have a major impact, while a further 31% said such an increase would have a moderate impact on improving cybersecurity and data protection.

Further, 50% of respondents said partner standards will be extremely important in the coming year to ensure partners and suppliers meet their organisation’s cybersecurity and data protection standards, while another 38% said partner standards will be moderately important in 2026.

In terms of policy, 72% of respondents support a ban on ransomware payments, with a subset of 51% of respondents strongly supporting it, Veeam reports.

“Cybersecurity and AI are today’s reality and are accelerating in 2026. Organisations must prioritise data resilience and compliance while embracing innovation responsibly,” advises Veeam CEO Anand Eswaran.