CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership May 19, 2026

Autonomous Security to Reshape CISO Role in 2026: KPMG - Mexico Business News

Mexico Business News Archived May 19, 2026 ✓ Full text saved

Autonomous Security to Reshape CISO Role in 2026: KPMG Mexico Business News

Full text archived locally
✦ AI Summary · Claude Sonnet


    All Multimedia Expert Contributor Entrepreneurs Tech Talent Energy Oil & Gas Mining Health Automotive Aerospace Finance & Fintech Infrastructure Sustainability Professional Services E-Commerce & Retail Agribusiness & Food Logistics Mobility Trade & Investment Policy & Economy Cybersecurity AI, Cloud & Data Chemicals By Diego Valverde | Journalist & Industry Analyst - Wed, 04/15/2026 - 09:00 KPMG highlights a shift toward AI-driven autonomous security, redefining the CISO as a strategic enabler of resilience and innovation. This impacts sectors such as finance, energy, and manufacturing, particularly in Mexico, where evolving regulation, nearshoring, and supply chain exposure increase the need for zero trust.   In a new report, KPMG names eight critical cybersecurity considerations for 2026, emphasizing the shift toward autonomous security and the strategic evolution of the CISO. These findings indicate that organizations must integrate AI and resilience into their core business objectives to maintain digital trust. "The CISO role is fundamentally evolving into that of a 'Chief Secure Transformation Officer'. We are no longer just securing the business; we are enabling it,” says John Israel, Global CISO, KPMG. “Our primary goal is to embed security so seamlessly into the fabric of the organization, from business processes to technology adoption, that it accelerates innovation and velocity, rather than hindering it." The global corporate environment is facing a period of disruption centered on AI, which acts as a double-edged sword for security professionals. While defensive teams can use AI to detect threats faster than humans, threat actors are also using these tools to automate and scale sophisticated breaches. Consequently, 79% of CEOs identify cybercrime and cyber insecurity as top pressures influencing their investment decisions. Geopolitics further complicates this landscape, as rising tensions lead to the decoupling of trading partners and the localization of supply chains. Organizations across the world are navigating a fragmented regulatory environment that includes digital safety, sovereignty, and resilience requirements. For example, KPMG notes that 69% of executives are pressured by regulatory demands, while 57% are concerned with geopolitical conflicts. To address these challenges, the KPMG Cybersecurity considerations 2026 report outlines specific technical and operational priorities that will define the next few years. Preparing for Autonomous Security and the AI Workforce As security operations become increasingly automated, digital agents are assuming intelligence-driven tasks within the security operations center (SOC). These agents scan alerts at a pace that human analysts cannot match. KPMG reports that 92% of technology executives state that managing AI agents will become an essential skill within the next five years. Organizations must thus retrain their workforce for strategic tasks such as advanced threat analysis and AI integration. Chris Corde, Head of Product for Security Operations, Google, says that cybersecurity professionals will need to build agentic functions and perform additional training of models to ensure efficacy.  Furthermore, the rise of "shadow agents" — autonomous agents created by other agents — requires a centralized identity store and policy-based access controls to prevent unauthorized activity. Managing Non-Human Identities Non-human identities, including service accounts and machine credentials, now outnumber human users. These identities often possess excessive permissions and operate in the "Shadow AI" space, making them difficult to track. Compromised non-human identities are already a prominent feature in major data breaches. To mitigate this risk, corporations are being urged to implement zero trust principles across identity, network, and device layers. This includes adaptive access, just-in-time permissions, and continuous monitoring of data flows.  Sitaram Iyer, Area Vice President for Emerging Technologies, Palo Alto Networks, says that machine identity without human accountability is an unmanaged risk and that organizations must apply the same discipline to machines as they do to humans. Transitioning to Post-Quantum Cryptography (PQC) Quantum computing poses a significant threat as it will eventually render current encryption algorithms obsolete. Threat actors are engaging in "harvest now, decrypt later" (HNDL) attacks, collecting encrypted data today to decrypt it once quantum capabilities mature. The US Quantum Computing Cybersecurity Preparedness Act and international guidance from the G7 Cyber Expert Group are driving the transition to PQC. For prioritized systems in the United States, the projected cost for federal PQC migration between 2025 and 2035 is US$7.1 billion. Organizations should conduct quantum risk assessments and build cryptographic inventories to map critical dependencies.  Alexander Rau, Partner for Cybersecurity, KPMG Canada, says that CISOs must find allies in leadership to broaden the perception of PQC from a data issue to a strategically critical capability. Enabling Trusted IT/OT Hyperconnectivity The convergence of information technology (IT) and operational technology (OT) is creating new vulnerabilities in infrastructure-intensive sectors like energy and manufacturing. The traditional Purdue Model, which separates these environments, is increasingly unsuited for modern networks that require real-time data analytics and zero trust interoperability. Corporations are encouraged to move toward a dynamic "mesh" architecture where security moves with the data and identity. Ben de Bont, Chief Information Security Officer, ServiceNow, says that unmanaged convergence, rather than hyperconnectivity itself, is the primary problem.  Additionally, regulators are focusing on physical security through the Critical Entities Resilience (CER) Directive in the European Union, which covers risks from natural disasters, terrorist attacks, and sabotage, among others. Protecting the Supply Chain Modern supply chains involve hundreds or even thousands of third, fourth, and fifth parties. According to the 2026 KPMG Global Third-Party Risk Management Survey, regulatory and compliance risk has grown in importance for 45% of organizations. Traditional third-party risk management (TPRM) cannot keep pace with AI-driven threats. Supply chain detection and response (SCDR) shifts the focus from vendor compliance to operational resilience. This proactive approach uses AI and automation to monitor high-risk partners continuously. Corporations should ensure that supplier contracts define risk-based compliance requirements and clear incident response plans. Strategic Recommendations for 2026 To ensure security acts as an enabler, the KPMG Cybersecurity considerations 2026 provides several recommendations: People: Build a collaborative risk culture and keep humans in the loop to oversee AI models and outcomes. Process: Implement zero trust principles and conduct quantum risk assessments to define the scale of impact. Technology: Establish a central identity store to tag and track AI agents while introducing autonomous security architecture into the SOC. Regulations: Integrate geopolitical risks into CISO programs and focus on operational resilience to meet emerging standards. Photo by:   Free pik TAGS: KPMG United States Cybersecurity AI Cloud & Data Digital Transformation Leadership cyberattacks ciso Cloud Security Defensive AI Regulation & Policy ai GenAI Cloud computing Data Privacy Autonomous Security Zero Trust quantum computing Supply Chain Security IT/OT Convergence risk management YOU MAY LIKE US, China Strike Deals on Agriculture Trade, Aircraft, Minerals Nissan Posts US$365 Million Profit but US$3.3 Billion Net Loss US and EU Delegations to Visit Mexico FIBRA Macquarie, PepsiCo Advance Green Finance, Low Carbon World Silver Survey 2026: Liquidity Squeeze and Deficit Trends FIBRA Macquarie, PepsiCo Advance Green Finance, Low Carbon Tomato Prices Drive Inflation Pressure in Mexico PEMEX’s Víctor Padilla Resigns / Mexican Consulates Investigation MOST POPULAR Mining China to Ease Mineral Concerns, Controls Stay: White House Trade & Investment US, China Strike Deals on Agriculture Trade, Aircraft, Minerals Mining PEMEX Finds Lithium in New Wells; Output Years Away Sustainability BMV, MÉXICO2 Expand Carbon Trading with New Alliance Trade & Investment US and EU Delegations to Visit Mexico Policy & Economy Mexico Moves to Delay Second Judicial Election to 2028 Trade & Investment EU, Mexico to Sign Trade Deal at May 22 Summit Av. Paseo de la Reforma 180, piso 20, Col. Juárez, Cuahutémoc, 06600, Ciudad de México. Follow Us Our Categories Entrepreneurs Tech Talent Energy Oil & Gas Mining Health Automotive Aerospace More Finance & Fintech Infrastructure Sustainability Professional Services E-Commerce & Retail Agribusiness & Food Logistics Mobility Trade & Investment Policy & Economy Cybersecurity AI, Cloud & Data Chemicals © 2025 Mexicobusiness.News. A Mexico Business Company. All Rights Reserved. AddToAny More…
    💬 Team Notes
    Article Info
    Source
    Mexico Business News
    Category
    ◇ Industry News & Leadership
    Published
    May 19, 2026
    Archived
    May 19, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗