Autonomous Security to Reshape CISO Role in 2026: KPMG - Mexico Business News
Mexico Business News
Archived May 19, 2026
✓ Full text saved
Autonomous Security to Reshape CISO Role in 2026: KPMG Mexico Business News
Full text archived locally
All
Multimedia
Expert Contributor
Entrepreneurs
Tech
Talent
Energy
Oil & Gas
Mining
Health
Automotive
Aerospace
Finance & Fintech
Infrastructure
Sustainability
Professional Services
E-Commerce & Retail
Agribusiness & Food
Logistics
Mobility
Trade & Investment
Policy & Economy
Cybersecurity
AI, Cloud & Data
Chemicals
By Diego Valverde | Journalist & Industry Analyst - Wed, 04/15/2026 - 09:00
KPMG highlights a shift toward AI-driven autonomous security, redefining the CISO as a strategic enabler of resilience and innovation. This impacts sectors such as finance, energy, and manufacturing, particularly in Mexico, where evolving regulation, nearshoring, and supply chain exposure increase the need for zero trust.
In a new report, KPMG names eight critical cybersecurity considerations for 2026, emphasizing the shift toward autonomous security and the strategic evolution of the CISO. These findings indicate that organizations must integrate AI and resilience into their core business objectives to maintain digital trust.
"The CISO role is fundamentally evolving into that of a 'Chief Secure Transformation Officer'. We are no longer just securing the business; we are enabling it,” says John Israel, Global CISO, KPMG. “Our primary goal is to embed security so seamlessly into the fabric of the organization, from business processes to technology adoption, that it accelerates innovation and velocity, rather than hindering it."
The global corporate environment is facing a period of disruption centered on AI, which acts as a double-edged sword for security professionals. While defensive teams can use AI to detect threats faster than humans, threat actors are also using these tools to automate and scale sophisticated breaches. Consequently, 79% of CEOs identify cybercrime and cyber insecurity as top pressures influencing their investment decisions.
Geopolitics further complicates this landscape, as rising tensions lead to the decoupling of trading partners and the localization of supply chains. Organizations across the world are navigating a fragmented regulatory environment that includes digital safety, sovereignty, and resilience requirements. For example, KPMG notes that 69% of executives are pressured by regulatory demands, while 57% are concerned with geopolitical conflicts.
To address these challenges, the KPMG Cybersecurity considerations 2026 report outlines specific technical and operational priorities that will define the next few years.
Preparing for Autonomous Security and the AI Workforce
As security operations become increasingly automated, digital agents are assuming intelligence-driven tasks within the security operations center (SOC). These agents scan alerts at a pace that human analysts cannot match. KPMG reports that 92% of technology executives state that managing AI agents will become an essential skill within the next five years.
Organizations must thus retrain their workforce for strategic tasks such as advanced threat analysis and AI integration. Chris Corde, Head of Product for Security Operations, Google, says that cybersecurity professionals will need to build agentic functions and perform additional training of models to ensure efficacy.
Furthermore, the rise of "shadow agents" — autonomous agents created by other agents — requires a centralized identity store and policy-based access controls to prevent unauthorized activity.
Managing Non-Human Identities
Non-human identities, including service accounts and machine credentials, now outnumber human users. These identities often possess excessive permissions and operate in the "Shadow AI" space, making them difficult to track. Compromised non-human identities are already a prominent feature in major data breaches.
To mitigate this risk, corporations are being urged to implement zero trust principles across identity, network, and device layers. This includes adaptive access, just-in-time permissions, and continuous monitoring of data flows.
Sitaram Iyer, Area Vice President for Emerging Technologies, Palo Alto Networks, says that machine identity without human accountability is an unmanaged risk and that organizations must apply the same discipline to machines as they do to humans.
Transitioning to Post-Quantum Cryptography (PQC)
Quantum computing poses a significant threat as it will eventually render current encryption algorithms obsolete. Threat actors are engaging in "harvest now, decrypt later" (HNDL) attacks, collecting encrypted data today to decrypt it once quantum capabilities mature. The US Quantum Computing Cybersecurity Preparedness Act and international guidance from the G7 Cyber Expert Group are driving the transition to PQC.
For prioritized systems in the United States, the projected cost for federal PQC migration between 2025 and 2035 is US$7.1 billion. Organizations should conduct quantum risk assessments and build cryptographic inventories to map critical dependencies.
Alexander Rau, Partner for Cybersecurity, KPMG Canada, says that CISOs must find allies in leadership to broaden the perception of PQC from a data issue to a strategically critical capability.
Enabling Trusted IT/OT Hyperconnectivity
The convergence of information technology (IT) and operational technology (OT) is creating new vulnerabilities in infrastructure-intensive sectors like energy and manufacturing. The traditional Purdue Model, which separates these environments, is increasingly unsuited for modern networks that require real-time data analytics and zero trust interoperability.
Corporations are encouraged to move toward a dynamic "mesh" architecture where security moves with the data and identity. Ben de Bont, Chief Information Security Officer, ServiceNow, says that unmanaged convergence, rather than hyperconnectivity itself, is the primary problem.
Additionally, regulators are focusing on physical security through the Critical Entities Resilience (CER) Directive in the European Union, which covers risks from natural disasters, terrorist attacks, and sabotage, among others.
Protecting the Supply Chain
Modern supply chains involve hundreds or even thousands of third, fourth, and fifth parties. According to the 2026 KPMG Global Third-Party Risk Management Survey, regulatory and compliance risk has grown in importance for 45% of organizations. Traditional third-party risk management (TPRM) cannot keep pace with AI-driven threats.
Supply chain detection and response (SCDR) shifts the focus from vendor compliance to operational resilience. This proactive approach uses AI and automation to monitor high-risk partners continuously. Corporations should ensure that supplier contracts define risk-based compliance requirements and clear incident response plans.
Strategic Recommendations for 2026
To ensure security acts as an enabler, the KPMG Cybersecurity considerations 2026 provides several recommendations:
People: Build a collaborative risk culture and keep humans in the loop to oversee AI models and outcomes.
Process: Implement zero trust principles and conduct quantum risk assessments to define the scale of impact.
Technology: Establish a central identity store to tag and track AI agents while introducing autonomous security architecture into the SOC.
Regulations: Integrate geopolitical risks into CISO programs and focus on operational resilience to meet emerging standards.
Photo by: Free pik
TAGS:
KPMG
United States
Cybersecurity
AI Cloud & Data
Digital Transformation
Leadership
cyberattacks
ciso
Cloud Security
Defensive AI
Regulation & Policy
ai
GenAI
Cloud computing
Data Privacy
Autonomous Security
Zero Trust
quantum computing
Supply Chain Security
IT/OT Convergence
risk management
YOU MAY LIKE
US, China Strike Deals on Agriculture Trade, Aircraft, Minerals
Nissan Posts US$365 Million Profit but US$3.3 Billion Net Loss
US and EU Delegations to Visit Mexico
FIBRA Macquarie, PepsiCo Advance Green Finance, Low Carbon
World Silver Survey 2026: Liquidity Squeeze and Deficit Trends
FIBRA Macquarie, PepsiCo Advance Green Finance, Low Carbon
Tomato Prices Drive Inflation Pressure in Mexico
PEMEX’s Víctor Padilla Resigns / Mexican Consulates Investigation
MOST POPULAR
Mining
China to Ease Mineral Concerns, Controls Stay: White House
Trade & Investment
US, China Strike Deals on Agriculture Trade, Aircraft, Minerals
Mining
PEMEX Finds Lithium in New Wells; Output Years Away
Sustainability
BMV, MÉXICO2 Expand Carbon Trading with New Alliance
Trade & Investment
US and EU Delegations to Visit Mexico
Policy & Economy
Mexico Moves to Delay Second Judicial Election to 2028
Trade & Investment
EU, Mexico to Sign Trade Deal at May 22 Summit
Av. Paseo de la Reforma 180, piso 20, Col. Juárez, Cuahutémoc, 06600, Ciudad de México.
Follow Us
Our Categories
Entrepreneurs
Tech
Talent
Energy
Oil & Gas
Mining
Health
Automotive
Aerospace
More
Finance & Fintech
Infrastructure
Sustainability
Professional Services
E-Commerce & Retail
Agribusiness & Food
Logistics
Mobility
Trade & Investment
Policy & Economy
Cybersecurity
AI, Cloud & Data
Chemicals
© 2025 Mexicobusiness.News. A Mexico Business Company. All Rights Reserved.
AddToAny
More…