Three forces reshaping European cybersecurity buying decisions in 2026
Last week, Joel Stradling, IDC’s Senior Research Director for Global Security and Trust, and David Clemente, IDC Research Director for European Security Services, presented the latest IDC intelligence on three topics that are driving security buying decisions across Europe right now: AI agents, security platform consolidation, and digital sovereignty.
The session was built around IDC survey data and direct input from European CISOs. Here is a summary of the key findings. The full recording is available on demand.
What your buyers are prioritising around AI agents
IDC projects 1.2 billion AI agents in operation by 2029, performing 217 billion daily actions across four categories: custom-configured, in-application, standalone, and bespoke agents. For security vendors, the relevant signal is what this proliferation is doing to your buyers’ security priorities and investment patterns.
On average, 16.7% of planned AI investment worldwide is currently allocated to AI agent security and governance. That is a meaningful budget line, and it reflects a genuine gap that security buyers are trying to close: most European organizations cannot fully account for the non-human agents already operating in their environments.
Joel framed this in the session with a question that resonates with CISOs: how many agents are running in your ecosystem right now without being part of any governance programme? The answer, frequently, is that they do not know.
IDC’s forthcoming MaturityScape Benchmark on AI-fuelled organizations gives a precise picture of where European enterprises stand on AI maturity. The details of that data, including the significant divergence between organizations IDC categorizes as survivors versus those that are thriving, are covered in the recording and available through IDC’s research programme.
Where the platformization opportunity actually sits
Joel was direct about the state of the market: security is, to a degree, broken. Vendor sprawl and complexity are the most consistently cited concerns in IDC’s CISO conversations, and the move toward vendor consolidation is real and accelerating. In IDC’s December 2025 survey, 84% of respondents agreed or strongly agreed that their organization is prioritizing security platformization.
The gap worth understanding, however, is the one between customer intent and vendor positioning. IDC’s CISO Hub data from March 2026 shows that while close to two-thirds of senior security decision-makers say they already have a platform, there is no shared definition of what that means or where it is anchored. The result is fragmented islands of platformization rather than genuine consolidation.
For vendors, the implication is that the buying conversation is not uniform. Joel walked through how platformization incentives differ by stakeholder: a CISO is looking at visibility, proactive defence posture, and operational efficiency; a CIO is focused on speed, agility, and reduced contract complexity; a CEO is weighing business growth, risk reduction, and regulatory accountability. Understanding which stakeholder is in the room changes the pitch considerably.
The barriers to consolidation are equally important market intelligence. Tool sprawl, technical debt, skills gaps, upfront costs, and the desire to avoid vendor lock-in are all factors slowing decisions that, on paper, buyers have already made. The session explored each of these in detail.
What the sovereignty conversation looks like from the buyer side
David Clemente covered how European security buyers are currently thinking about sovereignty, and it is a more complex and more urgent conversation than it was 18 months ago.
IDC’s 2025 Worldwide Digital Sovereignty Survey asked European cloud buyers about their main motivations for choosing a sovereign cloud. The top three responses were: concerns about extraterritorial data requests, compliance with national legislation and European directives such as NIS2, DORA, the Cyber Resilience Act, and the AI Act, and the baseline desire to improve data privacy and security.
David framed the trade-offs buyers are navigating using a cost-versus-control matrix that maps different procurement categories from commodity hardware through cloud services, AI, and sovereign or defense-grade infrastructure. The useful insight for vendors is that these positions are not stable. The past 12 to 18 months have introduced a level of volatility that has caused many European buyers to revisit assumptions they had previously considered settled, including assumptions about suppliers headquartered in the United States.
During this time, a number of developments have shifted that calculus, and buyers who were not questioning their vendors about sovereignty a year ago are now asking them directly. For US-headquartered vendors in particular, the session covered what buyers are asking and what kinds of responses are building or eroding confidence.
The core message from David was straightforward: vendors who have genuinely thought through their sovereignty positioning, who can offer tangible provisions and answer specific regulatory and political questions, are in a different position from those who have not. That distinction is becoming visible to European buyers quickly.
Watch the full session on demand
The webinar covered substantially more than this summary captures, including the full benchmark data on AI maturity, the complete breakdown of platformization incentives by buyer persona, and a detailed Q&A with both analysts.
IDC Security Summits Europe 2026 are taking place across the continent throughout the year, connecting vendors with 700+ senior security decision-makers in Madrid, Lisbon, London, Paris, Milan, Cologne, Stockholm, and Barcelona. The IDC European CISO Xchange takes place in Sitges, Spain, 8–10 November. Contact IDC for sponsorship and participation details.