Managed Security Services: CISO Does Not Bear Sole Liability
Benedikt Langer
8 min. read In many organisations, the CISO is seen as the person who stands accountable for security. ...
Read Article
7 Min. Reading Time
In our Gartner report from 07.05. the macro picture was clear: 13.5% global IT growth, with only four to nine percent additional budget in DACH, the rest must come from reallocation. This set the structural thesis. Here it becomes an operational question: Where will the 30 to 40% come from, with what timeframe, in what order – and which two items should you never count on, as they could undermine the AI effectiveness? Most CIOs know the 40% figure, few have a viable answer as to where the money will come from. This is the actual task for the Q3 budget discussion with the CFO.
Key Takeaways
- Reallocation is the real story. AI infrastructure costs typically range from 30 to 40% of the IT budget, while additional budget typically brings only four to nine percent. Those who do not actively plan for the difference end up financing AI through silent cuts elsewhere.
- Legacy licenses are the largest untapped reserve. In DAX companies, eight to fourteen percent of the IT budget is tied up in licenses without a clear migration path. This is not a cost-saving opportunity, but a liability.
- Two items you should never cut. Security modernization and data foundation. Both are prerequisites for AI effectiveness and appear in CFO reports as “cost centers with no direct output”.
RelatedGartner: 13.5% IT Growth 2026 / Managed Services: Boards Misunderstand AI Budgeting
Why the 40% Question Rarely Gets Asked Correctly
The typical 2026 budget discussion follows two steps. In the first step, the CIO presents the AI roadmap to the CFO: Inferencing platform, data pipeline modernization, new GPU footprints, platform engineering expansion. The CFO asks about the costs. The CIO mentions a figure in the range of 30 to 40% of the IT budget. In the second step, the CFO asks where the money will come from. This is where most preparation stops.
The gap between step one and step two is the real issue. Those who enter the discussion with a roadmap but no reallocation plan get two responses: either a reduction of the AI roadmap to the additional budget or an implicit expectation that reallocation will happen “in the course of business”. Both outcomes damage the AI strategy without being apparent in the meeting.
The clean approach is to bring up the 40% question itself. Which three items will be reduced, in what stages, with what residual risk. This preparation changes the discussion entirely. What starts as a defense of AI investments becomes a joint discussion about the largest untapped reserves in the IT budget.
Where the Money Lies: Three Reserves with Varied Maturity
8 – 14 %
Between 8 and 14 percent of IT budgets are tied up in legacy licenses within DAX-listed companies, with no clear migration path. This is the primary candidate for AI reallocation and faces the greatest political resistance.
Source: Gartner Reference to DACH Budget Reality, April 2026
The first reserve is legacy licenses. This includes unused Oracle database editions, old Microsoft server bundles, Citrix footprints, and mainframe maintenance contracts that no one seriously audits. In most DAX-listed companies, this reserve accounts for between 8 and 14 percent of IT budgets. While the potential for savings is significant, the process is slow due to contract durations, dependencies on legacy applications, and the lack of a clear migration roadmap. Initiatives started in 2026 are likely to yield tangible savings in 2027.
The second reserve is vendor consolidation. This involves duplicate tools for monitoring, logging, endpoint management, identity providers, and backup solutions. Typically, this reserve accounts for 6 to 9 percent of IT budgets, with higher percentages in rapidly growing organizations. The process of consolidation can be faster because many of these contracts are annually renewable. However, political resistance remains strong as each duplicate tool has an owner within the organization who can argue for its continued existence.
The third reserve is capex deferral. This includes hardware refresh cycles delayed by a year, on-premises storage transitioning to hyperscaler reservations, and employee endpoint device refreshes extended from 36 to 50 months. This is the fastest to realize savings, but the effects are temporary. Organizations that begin addressing this reserve in 2026 will need to decide in 2027 whether to catch up on the deferred refresh cycles or further extend them.
What You Can’t Afford to Cut: Two Posts with Delayed ROI
The temptation to touch security modernization and data foundations during a reallocation sprint is strong. Both consume budget and offer no immediate visible output, making them easy targets for cuts in the current quarter. However, these are precisely the wrong areas to cut.
Security modernization is critical for enabling AI models to safely access data. Organizations that delay SIEM consolidation, neglect to modernize identity platforms, or stretch network segmentation projects in 2026 will face two significant issues in 2027: reduced security and auditors refusing to approve AI pilot pipelines. The costs of these delays will become apparent in the next NIS2 reporting cycle, not in the current quarter.
Data foundations are the second taboo. This includes data catalogs, data quality tooling, master data management, and a functioning BI backbone. In theory, AI models are only as good as the data they are built on, but in practice, this is a complex challenge. Organizations that cut data projects to prioritize AI platform visibility will undermine their AI initiatives before the first model even goes live.
90-Day Plan: Reallocation Inventory for Q3 Discussion
The plan is tight but realistic. Most of these steps run in daily operations, what really costs time is the clean synthesis in a one-sided template. This synthesis is the tool that turns the AI roadmap into a decision-making tool in the budget discussion.
What Makes the Difference in the CFO Discussion
In the discussion with the CFO, one detail makes the difference: the distinction between “can we reschedule” and “will we reschedule”. Who presents a list of reallocation possibilities gets a discussion about each option and is pushed into defense. Who presents a recommendation with three clear numbers gets a decision.
The three numbers are: the volume from legacy licenses, the volume from vendor consolidation, the volume from Capex rescheduling. Plus a fourth number, the protection list: what is not touched and why. This format respects the CFO’s time and provides a decision-making basis rather than an open discussion.
What remains is the consequence. A reallocation on paper is not the same as a reallocation in reality. Contract negotiations drag on, political owners resist, and hardware rescheduling slots may still be needed in an emergency. Who has answered the 40 percent question has done the most important preliminary work, but the implementation usually takes longer than a quarter in most organizations.
Frequently Asked Questions
If the additional budget falls short when we shorten the AI roadmap, what should we do?
Shortening an AI roadmap is a political decision, not a technical one. Most organizations that take this path cut back on data foundations and platform engineering because these areas are easiest to eliminate. The result is often what Gartner describes as the primary pattern of failed AI projects: the pilot cemetery. If you want to shorten the AI roadmap, do it cleanly, not by slashing the prerequisites.
What if the CFO doesn’t accept the reallocation?
Then the issue is not with the CFO but with the executive leadership. Reallocations of 30 to 40 percent are not decisions made solely by the CFO; they are strategic decisions made by the executive leadership. The CIO brings the proposal to the executive leadership meeting, not to an individual meeting with the CFO. If you cannot get this through, you have a mandate problem, not a budget problem.
What role does managed services play in reallocation?
Managed services contracts are often missing from the license inventory. Typically, 2 to 4 percent of the IT budget is allocated to these contracts, which are rarely renegotiated. If you review these contracts, you’ll often find agreements from 2018 or earlier that are no longer market-competitive. Renegotiating these contracts is slower than vendor consolidation but cleaner than switching vendors.
What is a realistic reallocation in the first year?
In most organizations, 12 to 18 percent in the first year is realistic. Full 30 to 40 percent reallocations take two to three years because contract durations and migration costs dominate. If you achieve 18 percent in the first year, you are at the upper end of realism. The AI roadmap pace must align with this path, not the other way around.
Are there industries where reallocation moves faster?
Yes, in medium-sized enterprises without classic mainframe burdens and in young tech firms with small vendor footprints, reallocation can be faster, often reaching 25 percent in 18 months. In banking, insurance, and large industrial firms with mainframe connections, the lower end of the path is more realistic because legacy applications with five-year migration paths dominate. The industry sets the pace, not the ambition.
Source Title Image: Wikimedia Commons / Dietmar Rabich (CC BY-SA 4.0)
Editor’s Reading Tips