About
Login
Get Started
New Report

CISO Perspectives for 2026

Uncover the latest thinking from 200 CISOs on pressing topics like passwordless adoption, access control, zero trust, AI and more.​

HIGHLIGHTS

Explore insights from CISOs on key topics and evolving threats in cybersecurity. See what CISOs consider critical enablers of zero trust, how they plan to modernize remote access and more.
View the Data
92%

of CISOs are implementing passwordless authentication.

97%

Consider NAC critical to zero trust implementation.

93%

Plan to replace legacy VPNs by 2027.

78%

of CISOs lack a formal strategy for handling AI entities.

Explore the 2026 CISO Perspectives Report

Gain insight into how today’s CISOs are navigating the shifting cybersecurity landscape — from advancing passwordless authentication, NAC and zero trust initiatives, to modernizing legacy remote access and handling AI entities across security operations. This survey reveals how security leaders are prioritizing innovation and resilience in an era of rapid change.

Download the Report

Related Reading

The Cybersecurity Horrors Keeping CISOs Up at Night

Cloud-Based NAC: This is The Way

NAC’s Comeback Story
Load More

More About the Report

This report uncovers how 200 U.S. CISOs are preparing for 2026 across passwordless adoption, AI identity management, NAC modernization, zero trust execution, and cyberinsurance planning. It provides data-backed insights into security priorities and investments from enterprises with $500M+ in revenue.
Because 92% of CISOs have already implemented or plan to implement passwordless. The report highlights that CISOs see passwords as the most common breach vector and believe passwordless can reduce phishing and credential exploits.
With only 22% of organizations having a formal AI identity strategy, the report reveals that CISOs are working to address the challenges that AI agents have introduced in an AI era.
93% report their perception of NAC has improved, and 98% attribute this shift to modern, cloud-based NAC platforms—highlighting a major evolution from legacy approaches.
The report shows that 67% of organizations plan to replace VPNs within a year, moving instead to zero trust-based access solutions—indicating a rapid shift in remote access strategy.
Absolutely. 97% of CISOs believe NAC is a critical part of zero trust architecture, and NAC budgets are increasing across 87% of organizations—showing renewed investment in access control at the network layer.
Yes. It details where CISOs are increasing spending, helping readers benchmark their own roadmaps against industry peers.
Network Access Control (NAC) is a foundational component of a zero trust strategy. While zero trust is a strategic framework that requires every user — internal or external — to be authenticated, authorized, and continuously validated before gaining access, NAC provides the mechanisms to enforce those access decisions at the network level. NAC ensures that only compliant and trusted devices can connect to the network, aligning directly with zero trust’s principle of “never trust, always verify.” By enforcing security policies based on context — such as user identity, device posture, and location — NAC helps organizations move away from perimeter-based assumptions and toward dynamic, policy-driven access control. Together, NAC and zero trust create a simpler, more resilient security architecture that strengthens defenses and enhances user experience by ensuring access is always appropriate, verified, and secure.
CISOs have more clarity about what their policies cover, with notable improvements in clarity around supply-chain attacks, insider threats, and regulatory penalties.
This research is built for CISOs, security architects, zero trust strategists, and IT leaders who want to validate their 2026 roadmap against industry data and uncover blind spots around identity, access, and risk.
Methodological Notes:

The Portnox Survey was conducted by Wakefield Research (https://www.wakefieldresearch.com) among 200 US CISOs at companies with a minimum annual revenue of $500m with representative quotas set for company size, between August 29th and September 9th, 2024, using an email invitation and an online survey. Results of any sample are subject to sampling variation. The magnitude of the variation is measurable and is affected by the number of interviews and the level of the percentages expressing the results. For the interviews conducted in this particular study, the chances are 95 in 100 that a survey result does not vary, plus or minus, by more than 6.9 percentage points from the result that would be obtained if interviews had been conducted with all persons in the universe represented by the sample.

To view the full data from the survey, including a complete breakdown of respondent demographics, click here.

NEW REPORT: CISOs' Perspectives on Cybersecurity in 2026

Learn More
X