Canadian companies are heading into 2026 expecting a tougher economy, fewer people to do the work, and more things that can go wrong. But they’re still approving bigger technology budgets.
That combination is pretty telling. Leaders aren’t necessarily spending because they feel optimistic, but because more of the business is already running through these systems.
According to IDC’s Canadian 2026 Predictions, IT spending in Canada is expected to grow roughly five times faster than GDP next year, even though a majority of technology buyers expect economic conditions to worsen.
AI, cybersecurity, data, and cloud infrastructure were named among the areas least likely to face cuts, signalling where organizations feel they can’t afford to pull back.
Labour pressure is part of that equation. IDC expects hiring constraints to persist through 2026, pushing more work into automated systems and standardized processes. At the same time, IDC notes that AI has moved beyond pilot projects and into core operational use.
This makes the systems increasingly difficult to unwind without affecting how organizations run every day.
And these issues aren’t confined to individual organizations.
Rising defence and security investment is accelerating expectations around cyber resilience, data control, and system reliability, standards that increasingly spill into the private sector whether companies sell to government or not.
Together, these signals show technology being used to hold decisions and processes that organizations can’t staff or manage manually anymore.
Keeping the business running when the margin for error shrinks
IDC predicts that spending tied to AI, cyber resilience, data, and core infrastructure is least likely to be reduced in 2026, while other initiatives are more likely to be delayed or scaled back.
That prioritization shows how leaders are managing risk. Systems businesses rely on every day are being shielded, while longer-term projects are easier to slow down.
With hiring still difficult and disruption now routine, organizations are putting money into technology that makes work more predictable. AI is being used to automate tasks that can’t be staffed easily and to support decisions that would otherwise fall on already stretched teams.
As organizations decide where to keep spending and where to pull back, Sreenivas Duvvuri, a research analyst at IDC, said caution is shaping how Canadian buyers approach technology investments.
“Technology buyers in Canada are still resilient, but they are wary of macroeconomic shocks,” said Duvvuri, later adding that investment is increasingly concentrated in areas tied to productivity, resilience, and core IT capabilities.
That concentration matters because once these systems move into day-to-day operations, they stop being optional. Reporting, security response, data preparation, and workflow coordination increasingly depend on automated decisions.
At that point, the technology itself becomes infrastructure.
Scale introduces friction that leadership can’t ignore
When AI systems are no longer on the periphery, it becomes harder to ignore basic questions about who’s responsible, how decisions are checked, and what happens when something goes wrong.
IDC’s data shows many Canadian organizations are already past the experimenting stage with AI.
Companies are using generative AI as a part of everyday business. Agent-based systems are being deployed across IT operations, software development, and business functions, with agentic AI expected to account for a growing share of AI spending over the next several years.
A predictable pattern follows once that picks up. Teams build agents to solve immediate problems. Similar capabilities are recreated across departments using different tools, often without coordination.
This is what industry analysts often call “shadow AI,” and it starts to fill the gaps left when rules and accountability fall behind.
Duvvuri said IDC is already seeing signs of “undisciplined growth” as organizations roll out AI agents faster than anyone can reasonably govern them.
Teams bring in tools to get work done, often outside formal oversight, and before long similar agents are operating across multiple platforms. That’s how shadow AI creates blind spots around cost, security, and accountability.
The mess doesn’t always announce itself with a dramatic flourish or literal fire. It usually shows up later as cost leakage, inconsistent outcomes, and security gaps.
That’s when the boards of directors start to lean in.
IDC found that more than a third of Canadian CEOs now report regularly to their boards on AI use and risk, and what that reporting looks like is changing. Boards aren’t asking if AI is being used anymore, they’re asking where it sits in the business, who controls it, and what happens when it goes wrong.
Those questions are becoming harder to avoid, said Teodora Snoddy, a research manager at IDC who tracks executive oversight of AI.
“As AI investments accelerate, boards are sharpening their focus on execution governance, and they’re recognizing that AI introduces new risks,” said Snoddy.
That scrutiny has some teeth. By 2029, IDC predicts half of Canadian CEOs at large enterprises are expected to face replacement pressure if boards lose confidence in how AI is governed and executed.
That pressure is starting to land inside the technology organization itself. IDC found that 43% of executives now expect CIOs to be judged on the value their digital and AI initiatives deliver.
Reliability is assumed. The scrutiny now sits with outcomes leaders can explain and defend.
For CEOs, the focus is governance. Boards are pressing for a clear picture of where AI is embedded in the business and who stands behind the decisions those systems now make.
Defence, government, and why this moment feels different
Expectations around technology are changing faster than most organizations can adjust.
The federal government is changing how it buys technology and how it expects digital systems to perform once they’re deployed.
IDC’s outlook shows automation and digital services rising in priority as governments look for practical ways to keep services running with limited staff.
Canada is putting more money into defence as conflict, cyber attacks, and infrastructure risks play out in real time.
Federal defence policy and recent budgets commit more than $81.8 billion over five years, including investments in personnel, equipment, and infrastructure, alongside a growing focus on digital systems, cyber capability, and intelligence infrastructure.
Nigel Wallis, a research vice president at IDC, points to recent conflicts as a preview of how security expectations are changing.
“There’s evidence from the battles in Ukraine that all battlefields are now digital,” he said.
Wallis said that reality is reshaping how security is judged, with greater focus on whether digital systems can continue operating when they come under attack.
As defence investment moves in that direction, vendor priorities adjust, infrastructure decisions follow, and security standards get tighter. Even companies that never sell to government feel the heat, because the baseline for what counts as secure keeps rising.
Having data move across borders and platforms is forcing organizations to rethink who they trust with core systems. By 2027, IDC predicts half of Canadian enterprises will reassess technology partners based on their ability to offer sovereign data and cloud solutions.
That change is already moving the dial on how security operations work. Within the next few years, most Canadian security operations centres are expected to rely on AI-generated response playbooks that adapt in real time, which will affect how incidents are handled and how decisions are reviewed.
As security teams rely more heavily on automated response, Yogesh Shivhare, a research manager at IDC, said the way organizations judge security maturity is starting to change.
“Maturity moves from asking, ‘did that playbook run,’ to ‘was the decision correct, was it defensible and was it appropriate,’” said Shivhare.
Those expectations are pushing changes further down the stack. IDC researchers expect cyber-resilient storage to become a baseline requirement by 2029, driven less by technology teams than by insurers, auditors, customers, and boards that want proof systems can recover when something fails.
Virtual data and analytics agents are taking over routine reporting and analysis. They compress timelines and free up capacity, but they also operate continuously, often out of sight.
These forces explain why decision timelines are tightening across organizations. AI is moving deeper into operations because decisions increasingly have to be made faster and held by systems, not people.
For CEOs, the question is whether the organization has been built to support the systems it depends on, and whether leadership is ready to stand behind the decisions those systems increasingly make.
Final shots
- AI spending is rising because organizations already depend on these systems. Once AI sits inside operations, pulling back becomes difficult.
- Boards are leaning in because governance failures now translate directly into business risk, with real consequences for CEOs and CIOs.
- Defence spending, security expectations, and data sovereignty are raising the baseline for how Canadian companies are expected to operate.
