The Q2 2026 CIO budget conversation looks different in the room from how it reads in vendor research decks. The vendor research will tell you AI is the top priority, security is rising, and “digital transformation” is being protected. That’s all directionally true, but it misses the texture of what CIOs are actually doing with their 2026 budgets.

What’s actually getting funded: anything that demonstrably reduces operating cost in 2026 itself. The “build for 2028” conversations have largely lost in this budget cycle. CFOs are looking at IT line items with sharper eyes than they did during the 2021-22 transformation push, and CIOs that can’t tie their initiatives to in-year P&L impact are losing those programs. The exception is critical security spend, which is still mostly getting funded on risk grounds without a proven ROI tied to it.

What’s getting cut: shadow SaaS rationalisation programs. Most large Australian enterprises overspent on SaaS through 2023-24 and are now five quarters into the cleanup. The easy wins have been taken. The remaining shadow SaaS is sticky, embedded, and removed at meaningful productivity cost. The 2026 cuts are more painful and less popular than the 2024 ones were.

What’s quietly being protected: the platform engineering investments started in 2023-24. CIOs that have built a credible internal developer platform over the past two years are not letting that team get cut, even when the broader engineering org is reshaping. The platform engineers are the people who reduce future infrastructure spend, and most CIOs understand that explicitly enough to fight for them in budget cycles.

What’s getting deferred: most of the “AI agent” pilots that were funded in 2025 with broad scope and undefined outcomes. The agents that produced measurable workflow change are continuing. The agents that produced demos are quietly being shelved. The 2026 AI conversations have moved from “let’s do an agent pilot” to “what specific business process are we automating, and what’s the savings.”

The cloud cost optimisation work that dominated 2024 has matured into something more disciplined. The big cuts have been made. The 2026 work is mostly about steady-state governance: finops practices, commitment management, workload-level cost visibility. CIOs that haven’t built a finops function by Q2 2026 are noticeably worse off than peers who did.

Security spend is still rising, but the direction has shifted. Identity and access investment is continuing. Endpoint and network are flat-to-down. The growth area is data security and AI-related security: data loss prevention specifically tuned for AI usage, sensitive data discovery in unstructured stores, and AI-specific governance controls. This is the bucket where CIOs are willing to spend without a hard ROI case, because the regulatory and reputational risk surface is increasing in ways everyone can see.

The CIOs having an easier 2026 are the ones who got their fundamentals right between 2022 and 2024. The CIOs having a harder 2026 are the ones who funded a lot of speculative work in those years and now have to either show results or unwind it. Both positions are visible in the room, and both are honest reflections of what was bet during the transformation cycle.

For CIOs planning the next budget cycle, the practical question is what specific operating cost or revenue line your IT spend is connected to. The disciplined IT functions can answer that question quickly. The undisciplined ones are about to find out the hard way that their CFO is going to ask it.