Skip to main content
Explore our brands An Informa TechTarget Publication
close search
site logo
Dive Brief

Retail and hospitality CISOs expect budget growth, new AI headaches and opportunities

More than eight in 10 security leaders in the sector say they’ve rolled out an AI governance framework to some degree, a new survey found.

Published April 2, 2026
Eric Geller's headshot
Senior Reporter
Walmart retail credit card swipe fees Visa Mastercard
Shoppers collect televisions and other Black Friday deals at a Walmart store on Nov. 25, 2022, in Dunwoody, Ga. A new report explores predictions by retail and hospitality CISOs about security spending and AI risks. Jessica McGowan via Getty Images

Dive Brief:

  • AI is forcing CISOs to think differently about budgets, staffing and risk management, according to a new report from the Retail and Hospitality Information Sharing and Analysis Center.
  • Seventy percent of CISOs saw AI added to their responsibilities last year, RH-ISAC’s annual CISO Benchmark survey found.
  • The report also gauged CISOs’ sentiments about AI-related risks and opportunities, with executives describing how they were already using the technology for defense.

Dive Insight:

RH-ISAC’s report, based on a late-2025 survey of 193 ISAC members and eight non-members, captures the evolving AI security dynamic as businesses balance new efficiencies with new headaches.

On the one hand, AI represents CISOs’ biggest friction point, with 71% of respondents citing it, followed by supply-chain attacks (54%) and vulnerability identification and remediation (41%). Ransomware and phishing used to top the friction-points list, RH-ISAC noted, but now AI has overtaken them — “not because ransomware and phishing have been solved, but because AI has added an entirely new layer of uncertainty on top of an already demanding threat landscape.”

On the other hand, CISOs and their staff have found AI tools to be force multipliers in key aspects of their work. Security teams mostly use AI for threat detection and analysis (63% of respondents cited this use), generative AI production of threat analysis reports (53%) and automated incident-response processes (44%).

Companies are also getting better at enacting policies to govern their use of AI, with 81% of organizations reporting some degree of implementation. Roughly a quarter of respondents said their policies were fully in place, while 57% said they were partially in place.

Still, CISOs have concerns about AI-related security weaknesses in their organizations. Roughly three-quarters say their biggest concern is accidental data leakage through public tools, while 56% cite shadow AI and employee misuse of tools as a fear.

Beyond AI, balancing cybersecurity and IT priorities topped CISOs’ list of challenges (70% cited it), followed by budget constraints (68%).

One of the few predictions that united nearly all respondents was their expectation that their companies would spend more money on AI security. Roughly nine in 10 CISOs expect AI security budget increases, with 43% predicting significant boosts and 46% predicting moderate boosts.

In terms of overall security budgets, 54% of CISOs expect to get more money this year (similar to last year, when 44% predicted that outcome), while 33% expect no change. CISOs were roughly evenly split when asked whether AI priorities would cause a reallocation of existing funds (28%) or increase their overall security budgets (26%).

Across the retail and hospitality sector, different industries — including consumer products, dining, hospitality, retail and specialty businesses — were roughly consistent in the security budget changes they predicted, whether large growth, small growth or flatlining.

CISOs’ biggest expense is their workforce, which accounts for an average of 32% of respondents’ budgets, followed by cloud software at 29%. More than one-third (35%) of CISOs expect to grow their full-time cybersecurity workforces, according to the report, while 11% plan to shrink their staffs.

Editors' picks

Company Announcements

View all | Post a press release
Why Edge RF Awareness Is Essential for the M2M Era
From Digital Global Systems
March 16, 2026
Digital Global Systems logo
Zapier Pledges Free AI Education for 1 Million People
From Zapier
March 17, 2026
Zapier logo
2026 Resilience Risk Index Reveals that Endpoint Security Software Fails More Than 20 Percent …
From Absolute Security
March 24, 2026
AI Is Fueling Secrets Sprawl. GitGuardian Reports an 81% Surge of AI-Service Leaks as 29M Secr…
From GitGuardian
March 17, 2026
GitGuardian logo
Editors' picks
Latest in Strategy
This website is owned and operated by Informa TechTarget, a global network that informs, influences and connects the world's technology buyers and sellers.

© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. An Informa PLC company.
Privacy policy | Terms of use | Take down policy | Cookie Preferences / Do Not Sell