Portnox Survey

2026 CISO Perspectives Report Data

To access a full analysis of the results, click here.

Download Report

After completing the form, an email will be sent to you with the report download link.


Click Here
Homepage-Hero-Image-Product-Woman20

Key Data Insights

Stay tuned to this page for more data from the CISO Perspectives for 2026 survey over the next couple of weeks.

CISO Perspectives for 2026
92%
of CISOs are implementing passwordless authentication.
Up from 70% in 2024.
CISO Perspectives for 2026
96%
of CISOs believe that MFA can’t keep up with today’s threat landscape.
MFA fatigue and phishing bypasses top the list of concerns.
CISO Perspectives for 2026
52%
of CISOs cite reduced risk of password phishing & reuse as the #1 benefit.
Followed by productivity (41%) and user experience (39%).
CISO Perspectives for 2026
93%
of CISOs report perception of NAC has improved over the past 12 months.
Leading to more investment.
CISO Perspectives for 2026
98%
cite cloud-based NAC as influential in changing their view.
NAC is no longer considered legacy technology.
CISO Perspectives for 2026
97%
of CISOs say NAC is essential to zero trust implementation.
Similar to last year.
CISO Perspectives for 2026
87%
of organizations are ramping up NAC budgets.
Up from 83% in 2024.
CISO Perspectives for 2026
93%
of organizations plan to replace VPN technology by 2027.
67% plan to by end of 2026.
CISO Perspectives for 2026
77%
believe zero trust will require major stack updates.
This perception has grown since 2024 (49%).
CISO Perspectives for 2026
55%
of CISOs still fear job loss after a breach.
Down from 77% last year.
CISO Perspectives for 2026
78%
expect AI to significantly increase security workload despite productivity gains.
CISO Perspectives for 2026
78%
have no formal strategy to manage AI-generated identities.

Survey Data

Questions included in the CISO Perspectives survey (see methodological notes below).

Which of the following describes where your organization currently stands with the implementation of Passwordless Authentication?
14%
We have completed our implementation
27%
We have begun implementing
52%
We are planning to implement
7%
We are open to but have not begun planning
2%
We haven’t considered this
0%
We considered it and are not planning on it
When you hear of a high-profile security breach or hack, how likely do you think it is due to a compromised password or authentication?
13%
Extremely likely
45%
Very likely
41%
Somewhat likely
2%
Not too likely
0%
Not likely at all
What complaints do employees have about your organization's security measures?
50%
It interferes with or slows their work
46%
They use tedious processes
43%
It takes too long to get a resolution to issues
42%
Password changes are too frequent
36%
They’re not adequately trained on how to use them
36%
They are difficult to understand
Which of the following do you consider the top three benefits of using Passwordless Authentication?
52%
Reduced risk of password reuse, phishing, and other exploits
39%
Enhanced security
39%
Improved employee experience
33%
Stronger access control
41%
Improved employee productivity
32%
Lowered IT support costs
29%
Reduction in compliance issues
How concerned are you that security provided by Multi-Factor Authentication does not do enough to protect employees?
11%
Extremely concerned
41%
Very concerned
47%
Somewhat concerned
2%
Not very concerned
0%
Not at all concerned
How strongly do you agree or disagree with this statement: MFA can't keep pace with evolving threats.
27%
Strongly agree
69%
Somewhat agree
4%
Somewhat disagree
1%
Strongly disagree
How strongly do you agree or disagree with the following statement: Network Access Control (NAC) is a critical component of any zero trust framework.
33%
Strongly agree
65%
Somewhat agree
2%
Somewhat disagree
1%
Strongly disagree
How has your overall perception of NAC (Network Access Control) changed over the past 12 months?
19%
Significantly more positive
74%
Somewhat more positive
5%
No change
3%
Somewhat more negative
0%
Significantly more negative
How strongly do you agree or disagree with the following statement: Cloud-based NAC solutions have been the most influential factor in changing my view of NAC.
26%
Strongly agree
72%
Somewhat agree
2%
Somewhat disagree
1%
Strongly disagree
Will your organization be increasing or decreasing investment in NAC (Network Access Control) in the next year?
14%
Significantly increasing
73%
Somewhat increasing
10%
Neither increasing nor decreasing
2%
Somewhat decreasing
2%
Significantly decreasing
Which comes closest to your opinion about zero trust?
38%
Zero trust is the future of cybersecurity
24%
Zero trust has promise but organizations face difficulty to implement it
13%
Zero trust can work for some organizations but not all
27%
Zero trust is more hype than value for organizations
What would be required to fully implement zero trust at your organization?
12%
A complete overhaul
65%
Significant updates
18%
Some minor updates
6%
We have already fully implemented zero trust
When, if at all, is your organization planning to replace VPN technology?
4%
We have already replaced it
14%
We’re currently in the process of replacing it
16%
Within the next 6 months
34%
Within the next year
26%
Within the next 2 years
3%
Within the next 3 years
2%
More than 3 years from now
3%
We don’t have any plans to replace VPN technology
How concerned are you about a cyber-attack breaching your organization's security defenses?
12%
Extremely concerned
50%
Very concerned
37%
Somewhat concerned
2%
Not very concerned
0%
Not at all concerned
How concerned are you that you may lose your job if your organization faces a major breach or cybersecurity attack?
9%
Extremely concerned
46%
Very concerned
43%
Somewhat concerned
3%
Not too concerned
0%
Not concerned at all
How much do you agree or disagree with the following statement? It is impossible for even the most agile company to keep up to date with every regulation in a rapidly changing landscape.
28%
Strongly agree
67%
Somewhat agree
6%
Somewhat disagree
1%
Strongly disagree
Which of the following, if any, are you not 100% sure your current cyberinsurance would cover? Select all that apply.
43%
Supply chain attacks
41%
Regulatory fines and penalties
36%
Data restoration costs
35%
Intellectual property theft
34%
Insider threats
34%
Incident response costs
32%
Ransomware payments
26%
Phishing attacks
1%
Other
How often does your organization evaluate new solutions to lower cyberinsurance premiums?
7%
All the time
34%
Often
51%
Sometimes
9%
Rarely
1%
Never
Looking ahead, how much new work or how many new tasks do you expect will be created for your IT or security teams as a result of security risks or vulnerabilities related to your organization's use of AI (including AI models or agents)?
19%
A significant amount
59%
A moderate amount
23%
A small amount
0%
None at all
Does your organization currently have a strategy for incorporating AI identities into its zero trust security architecture? AI identities include autonomous AI agents, bots, or machine-based actors that access, process, or transmit data within your organization's systems.
22%
Yes, we have a strategy in place
59%
We are in the process of developing a strategy
19%
We are discussing the need but have not started developing a strategy
1%
No, we do not currently have a strategy for this

Explore the 2026 CISO Perspectives Report

Gain insight into how today’s CISOs are navigating the shifting cybersecurity landscape — from advancing passwordless authentication, NAC and zero trust initiatives, to modernizing legacy remote access and handling AI entities across security operations. This survey reveals how security leaders are prioritizing innovation and resilience in an era of rapid change.

Download the Report
Methodological Notes:

The Portnox Survey was conducted by Wakefield Research (https://www.wakefieldresearch.com) among 200 US CISOs at companies with a minimum annual revenue of $500m with representative quotas set for company size, between August 29th and September 9th, 2024, using an email invitation and an online survey. Results of any sample are subject to sampling variation. The magnitude of the variation is measurable and is affected by the number of interviews and the level of the percentages expressing the results. For the interviews conducted in this particular study, the chances are 95 in 100 that a survey result does not vary, plus or minus, by more than 6.9 percentage points from the result that would be obtained if interviews had been conducted with all persons in the universe represented by the sample.