Rising third party risks and persistent ransomware threats are prompting organisations to expand their cyber security budgets in 2026, according to research carried out by Marsh.

Based on responses from more than 2,200 cyber risk professionals across 20 countries, the data suggests that nearly 75% of organisations feel confident in their cyber risk management, but that almost two thirds intend to increase cyber security spending in the next year, and more than a quarter plan rises of 25% or more. UK organisations show the strongest intent, with 74% expecting to increase budgets. Priority areas include cyber security technology and mitigation, incident readiness and specialist recruitment.

Thomas Reagan, global cyber practice leader at Marsh, commented: “Today’s evolving threat landscape demands not only increased investment but a strategic, holistic approach to cyber security. Our survey clearly shows that while many organisations are boosting budgets, true resilience comes from balancing technology, talent and preparedness – especially in managing third-party risks. This momentum is crucial as ransomware and privacy breaches remain top threats globally, reminding us that cyber defence is no longer optional but a business imperative.”

The study also suggests that 70% of organisations suffered at least one significant third party cyber incident during the past year, and that 29% regard ransomware and privacy breaches as their leading concerns.

---