Only around half of security and operations leaders surveyed by the audit and advisory firm PwC say their organisation is ‘very capable’ of withstanding cyber-attacks. And only 6pc say they’re ‘very capable’ across all areas surveyed. PwC’s 2026 Global Digital Trust Insights survey, was based on interviews of 3,887 business and tech executives from across 72 countries and territories.
Less than or roughly half of organisations say they are ‘very capable’ to address areas including weak authentication and access controls (55pc), vulnerable connected products and devices (48pc). Legacy systems (45pc) and supply chain vulnerabilities (43pc) are among the weakest spots among the areas surveyed. As for investment, first in the queue is AI (36pc) over the next 12 months, ahead of cloud security (34pc). More are quantifying their cyber risk; a half now report using cyber risk quantification to measure financial impact to a significant or large extent.
Sean Joyce, Global Cybersecurity and Privacy Leader, PwC US, said: “New and emerging technologies and a rapidly evolving and digitally interconnected global ecosystem and threat landscape have created a tipping point. Cyber leaders must chart a path forward and that requires executive alignment. The most successful organisations are those where CISOs have a seat at the table and cyber is woven into business decisions. The organisations that will lead in the future are those investing in cyber not just to respond, but to anticipate. This year’s findings show that resilience comes from foresight, not hindsight. Organisations should ensure they are also investing in AI and cyber skills, prioritising the upskilling and re-skilling of their cyber teams in order to clearly and proactively map the cyber risks they face.”
Cyber security workforce shortages continue to impede progress as organisations operationalise AI, secure complex environments and prepare for the next generation of threats, the survey suggested. Half of respondents said a lack of knowledge in the application of AI for cyber defence, or lack of relevant skills (41pc), were the biggest internal challenges to implementing AI for cyber defence over the last 12 months. Business are responding to talent shortages by prioritising areas such as AI and machine learning tools (53pc), security automation tools (48pc), cyber tool consolidation (47pc) and upskilling or reskilling (47pc).
The cyber skills deficit challenge runs beyond AI. Nearly half (47pc) of leaders cite a lack of qualified personnel as a top challenge when securing operational technology (OT) and the industrial internet of things (IIoT) systems.
At the same time, as quantum technologies are advancing and represent one of the top-ranked threats organisations are least prepared to address (after cloud-related threats, 33pc; attacks on connected products, 28pc; third-party data breach, 27pc; quantum computing threats, 26pc), almost half (49pc) haven’t considered or started implementing any quantum-resistant security measures due to a lack of understanding about post-quantum risks, limited internal resources and competing demands.
