Geopolitical shifts, technological evolution, and other factors mean that business disruptions should no longer be treated as outliers. Instead, they are becoming the norm—and putting cyber defences to the test. PwC’s 2026 Global Digital Trust Insights survey of nearly 4,000 business and tech executives across 72 countries reveals how leaders are handling this uncertainty, where they’re falling short, and what they can do to better meet the challenge.
Among the key findings:
Geopolitical risk is shaping strategy: 60% of respondents say they are increasing their cyber risk investment in response to geopolitical volatility.
Resilience is a work in progress: Roughly half say their organisation is at best only “somewhat capable” of withstanding cyberattacks targeting specific vulnerabilities. Only 6% feel confident across all vulnerabilities surveyed.
Some companies may be waiting for trouble: Only 24% of organisations spend significantly more on proactive measures (e.g. monitoring, assessments, testing, controls) than reactive measures (incident response, fines, recovery). Most companies (67%) are spending roughly equal amounts on both categories.
AI agents lead for cyber defence: Agentic AI ranks among the top AI security capabilities that organisations are prioritising over the next year. They plan to deploy these agents for cloud security, data protection, and cyber defence and operations, among other priority areas.
As threats continue to proliferate, here’s how companies should respond:
Map investment priorities to the biggest threats. Companies are spending more on cybersecurity, but they must spend smarter by focusing on the areas where they’re most vulnerable. For example, cloud security is a top threat reported by leaders, and it’s among the top cyber budget priorities. But attacks on connected products are also a significant vulnerability, yet far fewer companies are allocating cyber budgets to it.
Prioritise readiness over reactivity. Cybersecurity entails looking ahead and investing in proactive measures like endpoint detection and response monitoring, testing, assessments, controls, and training—before a crisis happens. The alternative, relying primarily on reactive measures (e.g. response, customer care, remediation, recovery, litigation, and fines), is more costly, risky, and unsustainable.
Make AI agents part of the solution. AI agents—autonomous, goal-directed systems capable of executing tasks with limited human intervention—have enormous potential to transform a company’s cyber programmes. No longer just tools that merely provide analysis, these AI systems are evolving into digital assistants that can act independently, collaborate with human teams, and even initiate security responses. Leading companies plan to deploy agentic solutions in areas including cloud security, data protection, and cyber defence and operations.
Explore the full findings of PwC’s 2026 Global Digital Trust Insights report
Follow us
Contact us
Jiří Moser
Country Managing Partner and CEE Advisory leader, PwC Czech Republic
Tel: +420 251 152 048
Azamat Konratbayev
Managing Partner, PwC Eurasia Assurance Leader, PwC Kazakhstan
Tel: +7 727 330 3200
Mekong Territory Senior Partner and CEO for PwC Thailand, PwC Thailand
Tel: +66 (0) 2844 1000
Abdulkhamid Muminov
Partner, Eurasia Tax, Legal and People Services Leader , PwC Uzbekistan
Tel: +998 78 120 61 01
Shirley Machaba
Regional Senior Partner, PwC South Market Area, PwC South Africa
Tel: +27 (0) 11 797 5851
