New world, new rules: Cybersecurity in an era of uncertainty - The C-suite playbook - PwC

Home Capabilities Consulting Cyber, Data and Tech Risk Insights New world, new rules: Cybersecurity in an era of uncertainty - The C-suite playbook 2026 Global Digital Trust Insights: C‑suite playbook and findings New world, new rules: Cybersecurity in an era of uncertainty Insight 10 minute read October 01, 2025 Share 60% are increasing cyber risk investment in response to geopolitical volatility Only 6% have fully implemented all data risk measures surveyed Top 2 challenges to implementing AI for cyber defence are knowledge and skills gaps Cybersecurity is entering uncharted waters. A rapidly shifting world order and threat environment ― powered by recent, exponential leaps in technology ― is putting cyber strategies to the test.  Organisations are confronting the new reality of a post-globalisation era, one that’s marked by fractured alliances, weakened global institutions, tariff shocks and disrupted supply chains. We’re witnessing unprecedented technology advances that are expanding the attack surface and introducing novel cyber threats, many of them state-sponsored.  PwC’s 2026 Global Digital Trust Insights survey of 3,887 business and tech executives across 72 countries reveals how leaders are handling this era of uncertainty, where they’re falling short, and what they might do differently to better meet the challenge. Among the key findings:   Geopolitical risk is shaping strategy: 60% of business and tech leaders rank cyber risk investment in their top three strategic priorities in response to ongoing geopolitical uncertainty. Resilience is a work in progress: Given the current geopolitical landscape, roughly half say their organisation is at best only ‘somewhat capable’ of withstanding cyber attacks targeting specific vulnerabilities. Only 6% feel confident across all vulnerabilities surveyed. Waiting for trouble: Only 24% of organisations are spending significantly more on proactive measures (e.g., monitoring, assessments, testing, controls) than reactive measures (incident response, fines, recovery). That’s the ideal spend ratio. Most companies (67%) are spending roughly equal amounts on both categories, which can be more costly and risky. AI agents for cyber defence: Agentic AI ranks among the top AI security capabilities organisations are prioritising over the next 12 months. They plan to deploy these agents for cloud security, data protection and cyber defence and operations, among other priority areas. The quantum clock is ticking: Although quantum computing ranks among the top five threats organisations are least prepared to address, fewer than 10% prioritise it in budgets and only 3% have implemented all leading quantum-resistant measures surveyed. Rethinking the cyber talent crisis: Skills shortages remain one of the biggest barriers to cyber progress. Over half (53%) are prioritising AI and machine learning tools to help close capability gaps, and specialised managed services are becoming strategic accelerators to provide expertise and scale. Meeting the moment will require renewed urgency, creativity and different approaches — not a business-as-usual mindset. Our C-suite playbook translates this year’s findings into practical steps, helping key stakeholders strengthen their foundational security practices and implement future-ready measures calibrated to the new world we’re in. Risk and threat landscape Geopolitics are reshaping cyber vulnerabilities Today’s cyber risks are shaped as much by geopolitics as by disruptive technologies. Upended alliances, trade disputes, weakened international institutions and other destabilising trends in this new era of strategic competition are reshaping the threat environment, as well as traditional methods of doing business.   Responding to this geopolitical climate, 60% of business and tech leaders are making cyber risk investment one of their top three strategic priorities for the year ahead. They’re also prioritising changes in critical infrastructure location (41%), trade and operating policies (39%) and cyber insurance policies (39%). With disruption now the norm, cyber is a critical lever for resilience.   Cyber strategy changes in response to current geopolitical landscape​ (% that ranked in their top 3 areas) Q2. Over the next 12 months, which of the following areas of your organisation's cyber strategy is changing in response to the current geopolitical landscape? Base: All respondents=3887 Source: PwC 2026 Global Digital Trust Insights Against this backdrop, confidence in cyber readiness is split. While about half of respondents say their organisations are ‘very capable’ of withstanding cyber attacks targeting specific vulnerabilities surveyed, just as many aren’t prepared. What’s more, only 6% say they’re very capable across all vulnerabilities surveyed.   “In a threat landscape defined by nation-state adversaries and increasingly sophisticated cyber-criminal groups, resilience depends on mastering the fundamentals: identity and access management, network segmentation, securing cloud environments, third-party risk management and building robust response plans. Exercising those plans and building trusted partnerships with law enforcement turns preparation into muscle memory. Every investment in prevention, detection and workforce skills narrows the gaps adversaries aim to exploit.” Brett Leatherman, FBI Assistant Director, Cyber Division Cyber strategy and operations Where investment meets impact Cybersecurity is about readiness. It means planning ahead and investing in proactive measures like monitoring, assessments, testing, controls and training — before a crisis happens. The alternative, relying primarily on reactive measures (e.g., response, customer care, remediation, recovery, litigation and fines), is more costly, risky and unsustainable. Two-thirds (67%) of organisations say their proactive/reactive cost ratio is roughly even — spending about the same on proactive and reactive cyber measures or slightly more on either. Few (24%) are in the sweet spot of investing significantly more on proactive steps. What’s more, those numbers likely underestimate the true cost of reacting. While proactive spending sits in the security leader’s budget and is easy to track, reactive costs are dispersed across the business — legal, communications, operations, IT, product, marketing, government relations — and include harder-to-quantify costs such as lost opportunities and reputational damage. Spending on reactive vs proactive measures​ Q13. Is your organisation spending more resources on reactive or proactive cybersecurity measures? Base: All respondents=3887 Source: PwC 2026 Global Digital Trust Insights “Moving from reactive defence to proactive resilience is a real opportunity for leaders to drive strategic business growth. It requires a commitment to C-suite collaboration and investment, using powerful technologies like AI and cloud to help security teams work smarter, not just harder. We're optimistic about this future, and it's a mission we champion alongside our customers.” Nick Godfrey, Senior Director and Global Head, Office of the CISO, Google Cloud AI in cybersecurity From promise to priority AI’s potential for transforming cyber capabilities is clear and far-reaching. That’s why it ranks highest in several categories we surveyed. AI enablement of key cyber capabilities is the top priority for allocating cyber budgets, using managed cybersecurity services and addressing cyber talent gaps.  To bolster their AI-enabled security capabilities over the next 12 months, security leaders rank threat hunting as their top priority. They’re also pursuing other capabilities such as agentic solutions, event detection and behavioural analytics, identity and access management, and vulnerability scanning and assessments. Agentic AI among the top prioritised AI security capabilities (Ordered based on those who ranked as their top priority) Q18. Which of the following AI security capabilities will your organisation prioritise over the next 12 months? Base: Security leaders=1740 Source: PwC 2026 Global Digital Trust Insights “Every organization is on a different journey with AI. Some must move quickly, others more cautiously. What matters most is enabling the business to move forward — securely and responsibly. Start where the risk is low, learn fast and expand. It's not about blocking progress; it's about partnering with the business to make informed, risk-aware decisions.” Igor Tsyganskiy, Global Chief Information Security Officer, Microsoft Quantum computing readiness Preparing for next-level threats Although quantum isn’t an immediate cyber threat, those who delay the transition to post-quantum cryptography may be exposing their sensitive data, authentication services and cryptographic systems. With implementation timelines stretching into years, establishing the foundations for quantum-resistant security demands early action today to avoid adversarial disruption tomorrow.  Some organisations are making initial progress, with 29% in piloting and testing stages. However, only 22% have moved beyond piloting, and almost half (49%) haven’t considered or started implementing any quantum-resistant security measures. What’s holding them back? For many, it’s a lack of understanding around post-quantum risks, combined with limited internal resources and competing demands. Quantum-resistant security progress​ Q21: How far along is your organisation when it comes to quantum-resistant security measures? Base: All respondents=3887 Source: PwC 2026 Global Digital Trust Insights Cyber talent and skills Managed services move to the front line Cybersecurity workforce shortages continue to impede progress, especially as organisations push to operationalise AI, secure complex environments and prepare for next-generation threats. Knowledge and skills gaps were the top two barriers to implementing AI for cyber defence over the past year, forcing organisations to rethink how they scale capabilities. Many are exploring new ways to gain proficiency, including AI tools (53%), security automation tools (48%), cyber tool consolidation (47%) and upskilling or reskilling (47%). They’re also prioritising specialised managed services, especially those organisations that have experienced a major attack (48%). AI and cloud are the top use cases for specialised managed security services. Organisations are using managed services for more than outsourcing capabilities. They’re partnering with providers to modernise the way critical systems get delivered.  Cybersecurity priorities for the use of managed services (% that ranked in their top 3 priorities) Artificial intelligence (AI) % Cloud security % Threat management % Data protection / data trust % Network security and zero trust % Endpoint security % Identity and access management % Supply chain and third-party risk management % Application security % Connected products % Operational technology (OT) security % Quantum computing % Mobile security % Security awareness training % API security % We do not use or plan to use managed services % Unsure % Q15. Which, if any, of the following areas of your cybersecurity programs is your organisation prioritising to utilise managed services over the next 12 months? Base: Security leaders=1740 Source: PwC 2026 Global Digital Trust Insights New world, new rules: The 2026 Global Digital Trust Insights Get the full C-suite playbook and more of the latest findings for 2026. Access the full report About the survey The 2026 Global Digital Trust Insights is a survey of 3,887 business and technology executives conducted in the May through July 2025 period. One-third of the executives (33%) are from large companies with $5 billion or more in revenue. Respondents operate in a range of industries, including financial services (21%); industrial manufacturing and automotive (21%); tech, media and telecom (19%); retail and consumer markets (16%); healthcare (10%); energy, utilities and resources (9%); and government and public services (4%). Respondents are based in 72 countries. The regional breakdown is Western Europe (32%), North America (27%), Asia Pacific (18%), Latin America (11%), Central and Eastern Europe (6%), Africa (4%) and the Middle East (3%). The Global Digital Trust Insights survey had been known as the Global State of Information Security Survey (GSISS). Now in its 28th year, it’s the longest-running annual survey on cybersecurity trends. It’s also the largest survey in the cybersecurity industry and the only one that draws participation from senior business executives, not just security and technology executives.  PwC Research, PwC’s global Centre of Excellence for market research and insight, conducted this survey. New world, new threats, new leadership: Are you cyber-ready? Watch PwC's virtual Global Cybersecurity Summit and hear from industry leaders, cybersecurity executives, and innovative thinkers from around the world, sharing their perspectives on quantum breakthroughs, agentic AI, geopolitical shifts and more. Welcome to a world transformed – where old playbooks no longer apply, and cybersecurity leadership demands a new mindset. Register Our insights. Your choices. Subscribe to the cybersecurity, data and tech risk insights Subscribe Contact us Sean Joyce Principal, Global Cybersecurity and Privacy Leader, PwC US Email Follow us Audit and Assurance services Consulting Tax services Newsroom Alumni US offices Contact us © 2017 - 2026 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details. Privacy Data Privacy Framework Cookie info Legal Terms and conditions Site provider Site map Your Privacy Choices Cookies: The choice is yours We use cookies to make our site work well for you and so we can continually improve it. The cookies that keep the site functioning are necessary and always on. We use analytics and marketing cookies to help us understand what content is of most interest and to personalize your experience. If you prefer that we only use the necessary cookies, please select ‘Necessary cookies only’. Closing this banner without making other selections will accept all cookies unless we detect an opt-out preference signal, in which case your preference will be honored. Customize cookie settings Necessary cookies only Accept all cookies Cookies: The choice is yours We use cookies to make our site work well for you and so we can continually improve it. The cookies that are necessary to keep the site functioning are always on. We use analytics and marketing cookies to help us understand what content is of most interest and to personalize your user experience. You can use the toggle switches below to customize your choices for these optional cookies, toggling left to disable cookies in the applicable category and toggling right to enable those cookies. For detailed information on how we use cookies and other tracking technologies, please visit our cookie notice. Cookie Notice Accept all and close Manage Consent Preferences Necessary Cookies Always Active These cookies are necessary for the website to operate. Our website cannot function without these cookies and they can only be disabled by changing your browser preferences. Analytical/Performance Cookies Analytical/Performance Cookies These cookies allow us to measure and report on website activity by tracking page visits, visitor locations and how visitors move around the site. The information collected does not directly identify visitors. We drop these cookies to help us analyze the data. Functional Cookies Functional Cookies These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. Marketing Cookies Marketing Cookies These cookies help us provide you with personalized and relevant services or advertising, and track the effectiveness of our digital marketing activities. Cookie List Clear checkbox label label Apply Cancel Consent Leg.Interest checkbox label label checkbox label label checkbox label label Necessary cookies only Confirm my choices