2026 Cybersecurity outlook: Technology, media and telecommunications

The TMT industry is evolving quickly, thanks to breakthroughs in AI, cloud computing, 5G, and digital infrastructure. But as these innovations progress, so do cyber threats. Agent-based AI and nation-state tactics are being used to find and exploit weaknesses in both old and new technologies. Shifting regulations and complex networks, especially in telecom, add even more challenges.

Half of TMT organisations feel very capable of withstanding a cyber attack targeting supply chain vulnerabilities, which is better than the global average (all sectors) but still leaves plenty of room for improvement. Significantly, TMT leaders also told us that the top threats they’re least prepared to address are cloud-related threats, third-party breaches, and attacks on connected products.

All of this means TMT organisations need to take a proactive, strategic approach to cybersecurity to safeguard their critical assets, valuable intellectual property, and the trust of their customers.

Drawing on a subset of PwC’s 2026 Global Digital Trust Insights survey, this TMT industry report shows how 749 global leaders across technology, media, and telecom are confronting cybersecurity challenges in 2026 and beyond. It explores the concerns they face, the threats organisations feel least prepared to handle, what’s driving security investments and decisions, and how emerging technologies are shaping their approach to cybersecurity.

In the TMT world, technology itself is often the gateway that adversaries exploit. Attackers are breaking in through cloud platforms and aging operational technology (OT), using advanced AI to bypass defences and steal data. Reacting to incidents isn’t enough, but our survey shows that only 25% of TMT organisations report spending significantly more on proactive versus reactive security measures. Instead, many TMT companies find themselves trying to close gaps while navigating tightening regulations. These dynamics create several pressing cybersecurity challenges across the industry.

• New threats evade traditional defences: TMT leaders told us that data protection and trust is the No. 1 influencer of cyber spend decisions. Adversaries are increasingly targeting this valuable data through sophisticated, agent-based AI that can execute decisions independently and at scale. Meanwhile, ransomware continues to pose a major risk across the sector and telecom companies face persistent nation-state attacks aimed at key infrastructure.
• Lack of talent creates dangerous gaps: Telecom’s challenging network security demands specialised skills, adding another layer of complexity. A cyber talent shortage is slowing progress and leaving security gaps wide open. In our survey, the lack of relevant skills and knowledge tops the list of hurdles when TMT organisations try to implement AI for cyber defence. Leaders tell us that AI security is a top priority for cyber budget spending and their biggest focus for closing talent gaps.
• Fragmented compliance rules add complexity: Navigating disparate tech regulations worldwide (e.g., Europe’s AI Act and Cyber Resilience Act, Australia’s Online Safety Act, and China’s Personal Information Protection Law) is a compliance challenge for TMT companies with multinational operations. Firms in this sector rank tech product cybersecurity (45%), AI governance (40%), and third-party risk management (33%) requirements the top three regulatory barriers to doing business in the countries where these regulations apply. 
• Legacy infrastructure undermines security: Our survey indicates that the biggest challenges TMT leaders face in securing OT are gaps in OT skills and resources, insufficient funding and executive support, and incomplete understanding of OT risks. Telecom networks are often built from equipment that wasn’t designed with security in mind. Without proper segmentation and reliable telemetry, security teams struggle to safeguard critical assets.
• Cloud vulnerabilities persist: Heavy reliance on cloud infrastructure can expose TMT organisations to more risks. Our survey backs up this concern, showing that cloud-related threats top the list of challenges TMT leaders feel least prepared to address.
• Quantum risks are looming: Quantum computing may not be front and centre on most TMT organisations’ cyber budgets (only 11% rank it in their top three priorities), but it’s one of the top five threats they feel least prepared to handle. Despite this, 41% haven’t even started implementing any quantum-resistant security measures, often citing talent shortages and system challenges as major barriers.

To build true resilience, TMT organisations need to move beyond patchwork fixes and take strategic steps that address their unique security challenges head-on. From rethinking AI security to preparing for emerging threats like quantum computing, these targeted actions can help secure critical assets and keep operations running smoothly in a rapidly evolving cyber landscape.

1. Build AI security from the ground up: Embed Responsible AI principles across AI deployments and classify AI systems (including models, agents and their identities, applications and training data) based on sensitivity, criticality and exposure. Secure AI by expanding existing security controls to AI systems and identifying gaps where new capabilities are required.
2. Accelerate IT-OT network separation and modernisation: Create strong perimeters between IT and OT networks to prevent cross-contamination and lateral threat movement. Apply strong Industrial Internet-of-Things (IIoT) and OT governance into your architecture strategy to gain end-to-end visibility and controls across distributed environments.
3. Prioritise AI for cyber defence: Deploy AI-powered tools that enhance threat detection, automate routine tasks, and provide faster, clearer insights to security teams. Integrate AI-enabled solutions across your security operations, from cloud security and endpoint protection to insider threat detection, allowing your teams to identify risks sooner and respond more effectively without overloading analysts.
4. Start preparing for quantum: Inventory your cryptographic assets and high-risk or vulnerable datasets. Create a strategy and roadmap for integrating quantum-resistant technologies with existing infrastructure, prioritising high-risk and regulator-mandated data, resource allocation, timelines, and risk management. Consider interdependencies and prioritise compliance with NIST standards, identification of controls, and training relevant personnel.
5. Strengthen regulatory and data governance programs: Support compliance efforts by mapping cyber threat management to regulatory requirements. Implement structured, proactive compliance programs.
6. Fill expertise and capacity gaps: Determine if your business should leverage managed security services by developing an ROI-based managed services plan that maps technology, skills and resource needs.