The growing scope of cyber threats

As cyber threats increase in frequency and scope, CEOs need to take decisive steps to keep pace. In PwC’s 29th Global CEO Survey, almost a third of respondents (31%) say their company is highly or extremely exposed to the risk of a significant financial loss from cyber threats in the year ahead, up from 24% in last year’s survey and 21% two years ago. Cyber risks now rank alongside macroeconomic volatility as the top threats identified by leaders. About eight in ten (84%) say they’re planning to improve enterprise-wide cybersecurity practices in response to geopolitical risk, underlining the interconnected nature of the threats they face.

AI is both a potential solution and a complicating factor. Our 2026 Global Digital Trust Insights survey found that agentic AI ranks among the top AI security capabilities that organisations are prioritising over the next 12 months. Companies plan to deploy these agents for cloud security, data protection, and cyber defence and operations, among other areas. Yet bad actors are moving just as fast with AI, now using GenAI to identify vulnerabilities, scale quickly, and create ever-more believable phishing attacks.

Your next move: Reinforce cyber defences

A key question facing leaders is whether their perceptions and plans are based on current and relevant intelligence. As we’ve found in previous editions of PwC’s Global CEO Survey, it can be striking how threat perceptions can vary greatly even among countries in close proximity. For example, more than a third of CEOs in Germany (34%) say their company is highly or extremely exposed to cyber risks in the year ahead. That figure compares to only 16% among UK CEOs, even though companies there continue to experience regular, high-profile cyberattacks. As uncertainty continues to mount, CEOs everywhere should take the opportunity to revisit their assumptions and calibrate with peers across borders.

In addition, companies can take the following steps:

Harness AI’s power while guarding against its risks. Expand existing security controls to cover AI systems and identify gaps that require new protections. Consider the cloud, where companies face evolving and increasingly complex security issues. AI-enabled solutions can automatically detect cloud threats, enabling real-time data protection and adaptive defences as new risks emerge.

Build visibility and trust across the supply chain. Suppliers can create vulnerabilities, often serving as entry points for attackers to access sensitive data and disrupt your operations. Periodic risk assessments aren’t enough. Continuous monitoring is essential to detect and respond to threats in real time. By combining advanced technologies with integrated risk management, you can gain greater visibility across your digital supply chain—and turn it into a platform for proactive defence.

Look ahead to anticipate emerging threats. Emerging technologies such as satellite communications, quantum computing, and 6G networks present exciting opportunities for innovation and growth, but these tools all come with new and complex security issues. Companies need to be relentless about shoring up their cyber defences.