Cybersecurity Considerations 2026 - KPMG

Belgian organizations are navigating a cyber environment that is becoming faster, more complex, and more regulated at the same time. AI is accelerating innovation, but it is also amplifying the speed, scale, and sophistication of attacks and introducing entirely new risk categories such as autonomous agents and the rapid growth of non‑human identities, which now outnumber human users. At the same time, the attack surface continues to expand through cloud dependency, increasingly interconnected ecosystems, and the convergence of IT with operational environments (IT/OT) - particularly across sectors that are critical to Belgium’s economy and society. This shift is unfolding against a backdrop of heightened geopolitical tension and sovereignty considerations, which are reshaping technology choices, supplier dependencies, and resilience expectations. For Belgian leaders, this is far from theoretical. The European regulatory agenda is explicitly pushing organizations towards demonstrable cyber and operational resilience, stronger incident preparedness and reporting, and more rigorous oversight of third parties and supply chains with frameworks such as NIS2, CER, and DORA significantly raising the bar for governance, evidence, and accountability. In parallel, the medium‑term threat of quantum computing is turning post‑quantum cryptography from a future concern into a strategic transformation challenge with long‑term implications for security, procurement, and business continuity. The article below brings these developments together into a set of key cybersecurity considerations for executives and CISOs. Its themes closely align with the Cyber Study 2026, recently launched in Belgium, which captures how organizations across sectors are experiencing these challenges in practice and how they are responding. Together, they underline a clear message for Belgian organizations: cybersecurity is no longer only about protection and compliance, it is increasingly a board‑level enabler of trust, resilience, and sustainable innovation in a rapidly evolving European environment. Benoit Watteyne Partner | Advisory KPMG in Belgium mail call opens in a new tab Redefining cyber resilience Technology is advancing at unprecedented speed, unlocking new opportunities for growth while simultaneously amplifying cyber risk. Organizations now face a broader, more complex threat landscape shaped by AI, geopolitics, regulatory pressure, supply‑chain disruption, non‑human identities, hyperconnectivity, and the looming reality of quantum decryption. For cyber leaders, the challenge is no longer just protecting the enterprise but strengthening resilience while enabling innovation at scale, across an expanding digital and operational attack surface. Cybersecurity considerations 2026 explores eight key considerations leaders should prioritize as cybersecurity becomes central to enterprise resilience and innovation. The report helps Chief Information Security Officers (CISOs) and senior executives navigate a rapidly evolving risk environment, while supporting the adoption of AI and other transformative technologies, to help drive growth, resilience, and competitive advantage. Drawing on insights from more than 20 KPMG cyber leaders worldwide, alongside perspectives from senior executives at Google, Microsoft, Palo Alto Networks, and ServiceNow, the report is further enriched by findings from KPMG global and regional surveys. At a time of heightened uncertainty, Cybersecurity considerations 2026 underscores the increasingly strategic role of the CISO — not only in managing risk, but in turning cyber risk into a catalyst for trust, resilience, and stronger organizational performance. Cybersecurity considerations 2026 Building trust and enabling innovation in a dynamic world Download the report opens in a new tab Explore eight key cybersecurity considerations for 2026 Preparing the cyber workforce for autonomous security As security becomes automated, agents are taking on more intelligence-driven tasks, in the security operations center (SOC), as well as compliance and risk management, and identity management. Autonomous security is set to play a critical role in identifying and monitoring non-human identity activity. Navigating geopolitics, building resilience and compliance Both digital defenses and physical assets are threatened by potential attacks from hostile nations. Organizations should assess potential risks and use AI, automation, and analytics to streamline controls, speed up evidence collection, and boost regulatory compliance. Safeguarding AI systems As AI becomes deeply embedded in enterprise operations, its security is emerging as a critical priority. Safeguarding AI is no longer a technical challenge alone, but a strategic imperative that intersects with compliance, trust, and operational resilience. Managing non-human identities In increasingly digitized and automated environments, non-human identities such as AI agents, service accounts, and machine credentials now outnumber human users. Organizations must rethink identity governance to include the full lifecycle of both human and machine actors. Enabling trusted IT/OT hyperconnectivity Embedded sensors, IoT devices, and fully connected environments are becoming commonplace. Aiming to secure hyperconnected systems demands a dynamic mesh architecture, clarity of ownership, and monitoring across cyber-physical boundaries. Transitioning to post-quantum cryptography The transition to post‑quantum cryptography (PQC) is increasingly anticipated on a global scale and is unlikely to be avoided. Around the world nations are implementing guidance and regulations to migrate encryption in order to manage quantum cyber risk. This will be a major challenge and, for sectors like finance and defense, an existential one. Protecting the supply chain through detection and response Today’s complex supply chains create a vast digital attack surface that includes AI and a myriad of IoT devices. Organizations should extend the scope of third party risk management with continuous monitoring and oversight to maintain operational resilience. Broadening the role and influence of the CISO The scope and responsibilities of the CISO continue to expand as security becomes more deeply integrated into business and operations, converging the cyber and physical domains. At the same time, CISOs must manage the opportunities and threats associated with widescale AI adoption. Technology Advisory Imagine how far you can go with small changes to your business. Begin your technology management journey today. Read more Stay informed Be the first to know about top business trends that can drive success for your company. Subscribe now opens in a new tab