Inaugural U.S. Cybersecurity Leaders Survey from Altum Strategy Group finds boards demanding business-relevant metrics as organizations blend in-house and managed cyber capabilities.
Altum Strategy Group today released its inaugural U.S. Cybersecurity Leaders Survey, showing that American cybersecurity decision‑makers are heading into 2026 focused on protecting sensitive data, speeding up threat detection and response, and putting AI to work as a practical enabler.
The survey of 163 U.S.-based cybersecurity experts with decision-making responsibility finds that 44% rank protecting sensitive data in their top two cybersecurity priorities for 2026, ahead of threat detection and response (36%) and AI enablement (25%). These priorities anchor cybersecurity strategy firmly in business risk and resilience.
The research also points to a shift in what boards expect from security leaders. More than half of respondents say their boards are asking for foundational security metrics (51%), business resiliency risks (51%), and insights into advanced persistent threats (50%), signaling a move from technical dashboards toward metrics that directly connect to revenue, operations, and reputation.
“Our inaugural U.S. Cybersecurity Leaders Survey shows that security teams are prioritizing exactly what boards care about most: protecting sensitive data and keeping the business running,” said Matthew Gantner, CEO, Altum Strategy Group. “Heading into 2026, cyber leaders put data protection at the top of the list, followed by faster threat detection and response and targeted use of AI. Cybersecurity is now firmly a business resilience issue, not just an IT problem.”
When asked where they are putting time and money, respondents highlight Managed Detection and Response (MDR) and security architecture as top priorities. MDR is a top‑two area of time and financial investment for 64% of organizations, and security architecture for 60%. On the automation front, MDR again leads (64% prioritizing it in their top two functions), followed by security architecture (50%) and threat hunting (47%).
The study also reveals visibility gaps in areas central to modern work. Mobile devices are the biggest blind spot, cited by 51% of cybersecurity professionals, followed by cloud workloads (40%), BYOD environments (39%), and network infrastructure and SaaS applications (both 34%).
To manage complexity, most organizations are adopting hybrid operating models. Just over half of respondents (53%) say they manage and monitor cybersecurity infrastructure and tooling using a combination of managed and in-house services, compared to 31% who rely entirely on in-house teams and 15% who fully outsource via managed services.
Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!