What’s ahead for cybersecurity in 2026

In 2025, critical infrastructure organizations around the world have faced a wave of cyber threats driven by espionage- or sabotage-motivated threat actors, financially motivated ransomware groups, and ideologically driven hacktivists—and it’s only getting more dangerous. Our threat intelligence team at PwC expects 2026 to be defined by stealthier, persistent, and identity-centric cyber operations, often connected to real-world geopolitical and ideological conflicts.

Adversaries increasingly “log in” rather than “break in,” meaning they exploit legitimate accounts and authentication processes to gain access. Advances in AI and increasingly accessible attack tools are lowering the bar for threat actors to conduct covert, widespread campaigns. Cyber leaders understand that managing risk isn’t enough anymore, that they should build security from the ground up.

Insights from our 2026 Global Digital Trust Insights survey highlight the urgent need to shift to proactive resilience. In my view, this shift calls for focused attention on several key priorities that I see shaping cybersecurity in 2026. The real differentiator? How cohesively you bring them together. That means having an empowered, skilled workforce and adopting agile strategies that evolve as fast as the threats and technology around them.

1. Harness AI’s power while guarding against its risks

AI has emerged as the No. 1 cybersecurity investment priority for security leaders, who see advanced threat hunting as the leading AI-driven capability to proactively identify and mitigate risks. Threat actors use AI to amplify attacks such as deepfakes and automated intrusions. They’re also increasingly targeting AI systems themselves, hijacking and turning these tools into insider threats.

Securing and governing AI responsibly is crucial. This involves expanding existing security controls to cover AI systems and identifying gaps that require new protections. You’ll also need safeguards tailored to AI technologies so you can manage emerging threats effectively. Additionally, secure AI requires embedding governance and cyber risk controls early in development, following secure-by-design principles. This builds resilience into AI systems from the start.

Financial services companies, for instance, increasingly leverage AI-powered analytics and machine learning models to detect fraudulent transactions in real time, enhancing their ability to stop attacks early and reduce financial crime losses.

Addressing the challenges of secure AI demands a holistic strategy that combines advanced technical controls with strong governance frameworks. Continuous monitoring and clear protocols are critical to keeping AI systems secure, ethical, and adaptable as threats evolve.

2. Transform cloud protection with autonomous, real-time security 

As you accelerate your move to cloud, you’re going to face new and more complex security issues—ones that traditional perimeter defenses can’t keep up with. In fact, cloud is the top cybersecurity threat organizations feel least prepared to manage. Sophisticated malware, insider threats, misconfigurations, and supply chain vulnerabilities all put your sensitive data and operations at risk.

Take the technology, media, and telecom sector, which relies heavily on cloud for digital services and content delivery. The complexity of multi-cloud environments and the need to safeguard vast volumes of digital content make it a prime example of the challenges and solutions inherent in cloud security transformation.

You can use AI to automatically detect cloud threats, enabling real-time data protection and adaptive defenses as new risks emerge. Success depends on strong data governance and a workforce that’s ready and prepared. Identifying and inventorying assets early, monitoring continuously, taking proactive security actions, and applying zero trust principles can help reduce risk and build resilience. Integrating AI-driven security capabilities within cloud environments can help you take a more agile and responsive defense posture.

3. Unify OT and IT to strengthen continuity and defense

Digital transformation is merging operational technology (OT) and internet technology (IT) networks. Yes, it’s creating new opportunities, but it’s also significantly increasing your risk exposure. OT systems were built for efficiency, not security. Now, as they connect with IT environments, critical operational assets are exposed to evolving cyber threats. This convergence is especially critical in industries like utilities, where attacks on OT systems controlling energy grids and water supplies can disrupt essential services and pose significant public safety risks.

Emerging threats to OT environments include espionage-motivated cyber campaigns, ransomware targeting production systems, and attacks exploiting both IT and OT vulnerabilities. Add in physical access risks, legacy technology debt, and limited network visibility, and defending these systems becomes even more complex.

Clear visibility of all your assets and continuous monitoring is essential to spotting weaknesses and catching threats early. Effective network segmentation can limit attack spread and improve your incident response. Embedding OT security into broader risk management frameworks can help you isolate threats and maintain situational awareness during cyber incidents. By prioritizing visibility, control, and integrated governance, you can strengthen OT resilience as IT and OT continue to converge.

4. Build visibility and trust in the supply chain ecosystem

Your supply chain remains a prime target, amplified by geopolitical tensions and global interdependencies. Third parties have become critical vulnerabilities, often serving as entry points for attackers to access sensitive data and disrupt your operations. This is particularly critical in healthcare, where safeguarding patient data and maintaining the security of medical supply chains directly impact patient safety and regulatory compliance.

Identifying and managing risks from your suppliers, vendors, and service providers is increasingly essential, as their security measures directly impact your resilience. Insider threats can be just as dangerous, especially in complex supply chains where access is widespread and AI agents are being deployed across supply chain workflows.

Traditional periodic risk assessments fall short in this dynamic environment. Consistent, continuous monitoring is essential to detect and respond to threats in real time. By combining advanced technologies with integrated risk management, you can gain greater visibility across your digital supply chain—and turn it into a platform for proactive defense.

5. Invest in next-gen security operations powered by AI, automation, and expertise

Until recently, security operations centers (SOCs) generally monitored networks and reacted to incidents after they happened. While that worked in the past, it can’t keep up with today’s fast-evolving threats. SOC 2.0, the next-generation SOC, is changing that. Powered by automation, AI, machine learning, and increasingly the use of intelligent agents deployed across endpoints and networks, it shifts the focus from manual firefighting to intelligent automation, managing routine alerts and freeing specialists to hunt threats proactively.

During my time at the National Security Agency and working across the Department of Defense, I saw firsthand how government teams excelled at using next-gen SOC capabilities to reduce alert fatigue and focus on true threat hunting. Industries like consumer goods, where margins are tight, and cyber disruptions can be critical, stand to gain a lot from adopting SOC 2.0.

6. Prepare for the future with emerging technologies and new security challenges

Emerging tech presents exciting opportunities for innovation and growth, but it comes with new and complex security issues. Satellite communications, quantum computing, and 6G networks are redefining the future of secure connectivity.

• Satellite communications: The space race is back on, with tech companies launching thousands of satellites to expand global connectivity. Satellite communications have become essential for bridging connectivity gaps and providing resilient, continuous service even in the most remote areas. But as reliance on these systems grows, so do the risks. Satellite networks face sophisticated threats like signal interception, jamming, and cyberattacks targeting both space-based assets and ground infrastructure. Safeguarding this critical frontier requires specialized cybersecurity protocols and proactive defense strategies.
• Quantum computing: The quantum threat may not be immediate, but the time required to adopt post-quantum cryptography makes early action critical to prevent future vulnerabilities. However, nearly half of organizations have yet to begin implementing quantum-resistant security measures, leaving sensitive data and cryptographic systems exposed. Limited understanding and competing priorities are slowing progress, but building resilience now means you’ll be better able to meet the quantum challenge head-on.
• 6G technology: Expected around 2030, 6G promises transformative advancements in connectivity, speed, and integration with AI and the Internet of Things. These developments could unlock unprecedented real-time data exchange and automation but can also exponentially widen the attack surface. The novelty of 6G’s architecture brings new vulnerabilities, data privacy issues, and the emergence of new protocols and standards that inherently carry unknown risks. Strong collaboration should be critical to security in the 6G era.

None of the advancements in cybersecurity technology or strategic frameworks can succeed without a skilled and motivated workforce at their foundation. Yet talent shortages remain one of the biggest barriers to progress. Over half (53%) of organizations are prioritizing AI and machine learning tools to help close capability gaps. Specialized managed services are also becoming strategic accelerators to provide expertise and scale.

Even with those advanced tools, talent development and continuous skill building remain critical to staying ahead. As emerging technologies introduce new complexities and risks, investing in your people is just as important as investing in technology.

This is just a sneak peek of what I see coming in 2026. One thing stands out—the need to be proactive. That means anticipating risks, continuously monitoring your supply chain and cloud environments, embedding security early in AI and emerging tech, and adapting quickly to stay resilient. Being proactive now can help you stay ahead, ready to respond to whatever challenges the cyber landscape brings next.

Sean Joyce, Rob Joyce, Rich Kneeley, Allison Wikoff, and the US and Global cyber teams contributed to this outlook.