New research from the Retail & Hospitality ISAC and IANS highlights AI as a catalyst for innovation, driving increased investment and expanding CISO responsibilities while organizations maintain steady budgets and staffing levels.

VIENNA, Va., April 1, 2026 /PRNewswire/ — The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) and IANS today announced the release of the 2026 CISO Benchmark Report, providing a comprehensive look at how cybersecurity leaders across the retail and hospitality sectors are navigating economic pressure, evolving threats, and the rapid rise of artificial intelligence (AI).

Based on insights from more than 200 Chief Information Security Officers (CISOs) who work in the retail and hospitality industry, the report reveals that while cybersecurity budgets and staffing remain relatively stable, AI has emerged as the most significant new challenge and opportunity facing security teams.

AI Becomes the Leading Source of Friction

This year, AI tops the list of friction points for CISOs, ahead of ransomware and phishing. Seventy-one percent of respondents identified AI as a primary concern, citing risks such as data leakage, insider misuse, and insufficient governance controls. At the same time, organizations are increasingly integrating AI into their security operations, particularly for threat detection, analysis, and reporting.

Despite these advances, CISOs emphasized that AI is compounding, not replacing, existing threats, adding complexity to an already demanding cybersecurity landscape.

Incremental Budget Growth Reflects Economic Reality

The report shows that cybersecurity budgets are growing modestly rather than undergoing a major transformation. In 2025, security spending increased from 0.57% to 0.75% of revenue, while IT spending rose from 3.2% to 3.9%. Looking ahead, 54% of CISOs expect budget increases in 2026, though most anticipate only incremental gains.

Notably, nearly 90% of CISOs expect spending on AI-related security initiatives to rise, often through reallocating existing budgets rather than adding new funds.

Staffing Remains Stable as Efficiency Takes Priority

Security team sizes are expected to remain largely unchanged in 2026, with organizations prioritizing efficiency over expansion. While 35% of CISOs plan to increase full-time staff, most expect to maintain current headcount and leverage AI to enhance productivity. Contractor roles may see reductions, particularly in larger enterprises.

Expanding Role of the CISO

The report highlights the continued evolution of the CISO role, with responsibilities expanding beyond traditional security functions into areas such as AI governance, product security, and business risk management. Seventy percent of CISOs reported that AI has been added to their scope of responsibility.

At the same time, structural challenges, such as competing IT priorities and budget constraints, remain the top barriers to executing security initiatives.

Download a copy of the report here. 

About RH-ISAC
The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) is the trusted community for sharing cybersecurity information and intelligence among retailers, restaurants, hotels, casinos, food retailers, consumer goods manufacturers, and other consumer-facing companies. RH-ISAC connects information security teams at the strategic, operational, and tactical levels to work together on issues and challenges, share timely and actionable threat intelligence, best practices, and benchmarks among each other – all with the goal of building better security for the retail and hospitality industries through collaboration. rhisac.org

About IANS
IANS helps cybersecurity leaders act faster and make better decisions by providing expert insights and actionable guidance from more than 170 experienced practitioners, proprietary benchmarking data, content-rich events, peer-to-peer information-sharing opportunities, and customized consulting services. Learn more at IANS.

Media Contact:
Annie Chambliss
[email protected]
202.431.9106

View original content to download multimedia:https://www.prnewswire.com/news-releases/ciso-benchmark-report-finds-ai-driving-new-era-of-cybersecurity-risk-and-investment-in-retail-and-hospitality-302730923.html

SOURCE Retail and Hospitality ISAC