New world,new rules: Cybersecurity in an era of uncertainty

Rapid technological changes and increasing tensions in international politics have created a high degree of uncertainty in the business world. The new era also brings new cyber threats, which forces leaders to reconsider the resilience of their organizations, their capabilities, and future risks.

Slovak organizations are increasingly aware that cybersecurity is becoming a strategic priority. Most are therefore planning to increase their budgets, mainly due to stricter regulations and the need to modernize technologies.

Growing geopolitical tension and the advent of artificial intelligence are changing the environment, and it is no longer enough just to react - proactive action is needed. A positive is that a third of Slovak organizations already invest significantly more in prevention than in dealing with the consequences of incidents.

Communication remains a challenge – while weekly meetings between management and security teams are common worldwide, in Slovakia they usually take place only once a month.

PwC Digital Trust Insights 2026 is based on a survey of 52 business and technology leaders of organizations in the Slovak Republic. It is part of a global project with 3,887 respondents from 72 countries. The aim was to find out how organizations are prepared for this time of uncertainty, where their weaknesses are, and what they can improve.

Key findings include:

• Rising geopolitical tensions influences strategy: 54% of leaders of Slovak organizations plan to increase investments in cyber risk management and security. Although Slovak companies currently face fewer massive attacks, they are not completely immune from risks. The financial impacts can be significant, with 43% stating they have suffered damages of up to half a million dollars.
• Investments in security are growing: 61% of Slovak organizations plan to increase their cybersecurity budget. The most significant stimulus is the effort to achieve regulatory compliance (56%), which is a much higher share than is usual globally.
• Prevention beats reaction: 58% of Slovak organizations invest more in preventive measures than in dealing with the consequences.
• AI faces a lack of qualifications: Artificial intelligence has the potential to change the cybersecurity sector. However, Slovak organizations face a lack of relevant skills (40%), knowledge of how to use AI in the sector (33%), and budget resources (24%) when implementing these tools.
• Quantum problems have not yet been addressed: Quantum technologies may fundamentally affect cybersecurity in the future, but Slovak organizations are not yet actively preparing for them. Only 10% of companies are in the pilot or implementation phase of a project, while 52% are not addressing quantum resilience at all, or did not comment on this matter.
• Communication lags: Security directors meet with the management of organizations more often than once a month in only about half of the cases. Worldwide, monthly and more frequent meetings are common for 70% of business and technology leaders.

The rapidly changing technological environment is not the only factor shaping risks in cyberspace. In recent years, various geopolitical influences have also joined in. The world order is changing—old alliances are weakening, new ones are forming. Trade disputes are increasing, tariffs and duties change unpredictably, and the voice of international institutions is weakening.

The result of these destabilizing trends in a new era of strategic competition is an environment where not only threats, but also traditional business methods are changing.

Organizations are responding to these changes—54% of business and technology leaders from Slovak companies and institutions plan to increase investments in cyber risk management in the next year.

The top three response measures to the changing geopolitical situation include changes to business and operational policies (29%) and planned changes in the location of critical infrastructure (25%). Slovak organizations do not differ greatly from global or regional patterns in this regard. At a time when the disruption of established models is becoming the norm, cybersecurity is proving to be a key tool for building resilience.

Only 15% of Slovak organizations do not plan to make any changes.

One reason may be that Slovak companies and institutions have not yet had a great degree of experience with paralyzing cyberattacks. Globally, the most frequent targets are companies with revenues exceeding $5 billion, and there are not many such companies based in Slovakia.

This may also explain why 46% of financial directors and security directors of Slovak organizations state that they have not experienced a data breach in the past three years. 

However, this does not mean that such attacks have not occurred, or that Slovak companies are immune to them. If such an incident occurs, a organization will definitely feel it—11% of respondents said that a data breach had cost them from $100,000 to half a million dollars. This is also the largest group of victims.

Around 10% of respondents have experienced financial losses from $50,000 to $100,000, and 6% of organizations suffered losses of from $10,000 to $50,000 due to insufficient security measures.

Geographical location does not guarantee protection from high losses—3% had costs for the most serious attack of $1 to $10 million.

Security measures are intended to prevent such incidents. The top four measures already adopted organization-wide are: measures against data loss in output channels (47%), data classification policies (45%), data control throughout their lifecycle (39%), and data encryption, tokenization, and/or large-scale anonymization options (39%). 

Slovak organizations thus do not deviate from global trends, although global companies tend to have a higher share of implemented measures.

As regards steps that companies have at least partially implemented, the effort to minimize data (53%), activities related to data quality (47%), and data discovery and cataloguing across structured and unstructured data (45%) dominate in Slovakia.

The demands on cybersecurity are growing. Are planned expenditures keeping up? The answer in Slovakia is: more or less. 61% of the surveyed organizations plan to increase their budget for this area in 2026.

Looking at the numbers in more detail, the largest group—a quarter of respondents—wants to spend 6% to 10% more on cybersecurity next year than this year. A smaller increase is planned by 17% of respondents.

A significant budget increase, by 15% or more, was stated by 11% of Slovak organizations. This is more than the same category globally (7%).

19% of organizations do not intend to change their budget, and 3% plan to cut it by more than 15%. 

The strongest impetus for increased spending is regulatory compliance. Among the main reasons, 56% of Slovak organizations cited this reason, globally, this figure is only 31% of companies and institutions.

Other strong motivations for increasing cybersecurity spending for Slovak technology and business leaders is technology modernization (52%) and data protection (50%). An important factor is also improvement in risk management (38%).

However, cybersecurity is primarily about preparedness. The most effective approach is considered to be proactive measures—monitoring, evaluating signals, testing, and training. These are investments intended to prevent crises.

The alternative is reactive steps, which tend to be more expensive, riskier, and less sustainable. Prevention also has the advantage that it can be precisely quantified in the budget, while dealing with consequences is spread across various areas—from legal services, communication, marketing, public and institutional relations. It also includes hard-to-quantify items such as reputational damage and lost business opportunities. 

Slovak companies are clearly aware of this fact. 31% of them invest significantly more in prevention than in reaction—this is more than the global average (24%). Another 27% say their budget is at least partially skewed in favour of proactive measures.

A fifth of organizations have a balanced investment ratio. Reactive measures are preferred at least slightly by 6% and significantly by only 4%. Some surveyed companies (12%) do not know how to measure this indicator.

Proper risk quantification should, however, be an important part of every security strategy. This also applies to Slovak organizations—74% state they already measure the potential financial impact of risks, and another 15% plan to start doing so within two years.

For a quarter of respondents, this is a key topic: 5% are dealing with it substantially and 20% to a significant extent. Compared to the global average (16% and 34%, respectively), Slovakia still lags behind.

Having reliable risk data allows leaders to better assess threats, choose the right strategy, and act at the right moment.

It is equally important to have not only a plan but also a competent team ready in a crisis. The level of skills often does not correspond to future threats, so responsible leaders should be focussing on areas that need strengthening. 

In Slovakia, the main priorities include security automation tools, which 54% of surveyed leaders plan to develop during the year. This is followed by retraining and upskilling personnel (44%) and consolidation of cybersecurity tools (38%).

These preferences essentially copy global trends—however, worldwide, all these areas have been overtaken by artificial intelligence and machine learning tools with 53%. Only 27% of respondents in Slovakia plan to prioritize these in the coming year.

Artificial intelligence is penetrating all areas of life, and the corporate sphere is no exception. AI creates the potential for revolutionary productivity growth, which can be a strong accelerator of overall company development.

However, the massive expansion of artificial intelligence, in addition to its benefits, also brings risks. Deploying AI solutions in the corporate sphere raises concerns about the security of sensitive data and brings the need to introduce robust data management mechanisms.

Slovak organizations are aware of this—45% of them plan to introduce responsible AI practices in the next twelve months as a tool to prevent data-related risks. Compared to global companies (23%), this is double the percentage.

Artificial intelligence also has the potential to fundamentally change the entire cybersecurity sector. Protection against cyber threats is gradually being automated. AI agents—autonomous systems capable of acting without direct human intervention—are evolving from analytical tools into digital assistants that can respond independently and collaborate with human teams. Their ability to initiate security responses makes them tools that increase both efficiency and productivity.

So what prevents organizations from using artificial intelligence in cybersecurity? 

In Slovakia, the main problem is the lack of relevant skills—40% of organizations identified this as the biggest internal obstacle in the past twelve months. A similar number of organizations cite as a barrier the lack of knowledge about the practical application of artificial intelligence in cybersecurity. The third most common reason is that artificial intelligence is not a budget priority for companies in this area—in about a quarter of cases.

Uncertainty is also a barrier to some extent. A fifth of surveyed organizations report unclear willingness to take risks when using artificial intelligence. Competence ambiguities are also a problem—19% of Slovak respondents say it is not clear who should be responsible for this area within management. Another 17% see management indecisiveness as a problem, as leaders in their organization are not sure about the value that artificial intelligence can bring to cybersecurity.

Interestingly, the same share—17% of Slovak organizations—report that they have not encountered any internal obstacles in the past 12 months. This is a relatively high number: globally, only a tenth of companies have such a positive experience, and in Central and Eastern Europe only 11%.

Quantum technologies are leaving the laboratory. Theoretical concepts are moving into practice and are already bringing new ways of solving complex problems. They are expected to create new possibilities in financial modelling, logistics optimization, and many other sectors.

One area where the quantum era may have a fundamental impact is cybersecurity. It is assumed that current encryption mechanisms will not withstand the computational power of quantum computers. The promised unprecedented performance represents a significant risk, especially for modern public key infrastructure.

However, this is not yet an acute threat. Achieving the accuracy and scale of operations needed to break the encryption used in PKI still requires further technological progress. Given the long time needed to implement new security measures, however, it is high time to start building a security architecture to meet future challenges.

Organizations that miss the transition to post-quantum encryption may in the future face threats to sensitive data, authentication services, or entire communication systems. There is already a risk of “harvest now, decrypt later” attacks—collecting encrypted data with the aim of decrypting it later using future quantum tools. 

Readiness for the quantum era therefore means not only a technological shift, but also a strategic change in the approach to security. In Slovakia, however, such a shift has not yet occurred.

90% of Slovak organizations have not yet taken any preparatory steps for threats associated with the arrival of quantum solutions. 31% of organizations are not even considering this area and do not plan any measures, while another 21% currently do not know what stage their company is in.

The largest group of respondents already perceives the threats of the quantum era. 38% of companies are exploring options, considering further steps, and examining potential solutions. However, they have not yet proceeded to the real implementation of security measures that could withstand quantum threats.

Only 10% of Slovak organizations have taken the first concrete steps. Most are testing, launching pilot projects, and gradually starting implementation. Only 4% have already introduced specific measures related to quantum security. 

Compared to the world, Slovakia lags significantly behind. Globally, 22% of organizations are in the implementation phase, and another 29% are conducting pilot and test projects—in total 51% compared to Slovakia’s 10%.

The Slovak experience is similar to the regional average, but even within Central and Eastern Europe, Slovakia lags slightly behind—in these countries, some form of testing or implementation is underway in almost a quarter of organizations.

Communication is Fundamental—Especially in Such a Sensitive Area as Cybersecurity

In Slovakia, the largest group (42%) of business and technology leaders meet with their security directors only once a month to discuss security strategy or programs.

This frequency corresponds to the global average (40%), but in global companies, such meetings are held much more often compared to Slovakia—on a weekly basis, they are organized by 30% of organizations, while in Slovakia only 10%.

Moreover, 19% of Slovak respondents admitted that they do not have a regular frequency of communication exchange. They meet with their security directors regarding strategy and programs only when the situation requires it.

There are also differences in the topics that security directors most often consult with management. In Slovakia, the most common are oversight of technology and infrastructure deployment in cooperation with the technical director (54%), regular reports to the board (50%), and control of data classification and encryption of sensitive data with the data director (43%). 

Other issues are checking regulatory requirements with the financial director (43%), oversight of third-party applications and integrations with the technical director, CIO, or operations director (33%), or strategic planning of cybersecurity investments with the CFO (30%).

Survey Methodology

The aim of the global survey Global Digital Trust Insights 2026 was to capture the opinions of 3,887 executives, business, and technology leaders. The survey was conducted during May – June 2025.

As part of the survey, 52 participants from Slovakia were also addressed. The majority (52%) are technology leaders dealing with security. 2% focus on data and privacy protection, while 40% are engaged in business within their organization.

The selection of addressed companies is also diverse. 13% operate in banking, 12% belong to the automotive industry. The same percentage consists of companies engaged in retail. 10% of the addressed companies are from the energy sector, and 8% operate in the media and entertainment industry.

These are not just small companies. 19% of them employ more than 10,000 people, 6% have between 5,000 and 9,999 employees. 

Among the addressed companies, 8% have revenues exceeding $10 billion. 52% fall into the income bracket below $500 million.

Global Digital Trust Insights is the successor to the Global State of Information Security Survey. PwC has been conducting this survey for 28 years, making it one of the longest-running annual cybersecurity surveys. It is also the most extensive survey in the cybersecurity sector and the only one that selects participants from both security and technology management and the highest company leadership.