2026 Global Digital Trust Insights Survey: PwC

2026 Global Digital Trust Insights Survey: PwC Skip to content Skip to footer Featured insights Capabilities Industries Technology About us Careers More

Search Menu

Featured insights Featured insights 2026 Global Digital Trust Insights Survey Board governance issues C-suite insights Case studies Policy on Demand Podcasts PwC Executive Pulse Tech Effect Viewpoint Webcasts All Research and insights Menu

Featured insights 2026 Global Digital Trust Insights Survey Menu

Featured insights Board governance issues Menu

Featured insights C-suite insights Board of directors Chief AI Officer (CAIO) Chief Executive Officer (CEO) Chief Financial Officer (CFO) Chief Information Officer (CIO) Chief Information Security Officer (CISO) Chief Marketing Officer (CMO) Chief Operating Officer (COO) Chief Risk Officer (CRO) Controller Corporate development Legal officer Sustainability leader Tax leader Menu

Featured insights Case studies Menu

Featured insights Policy on Demand Menu

Featured insights Podcasts Menu

Featured insights PwC Executive Pulse Menu

Featured insights Tech Effect Menu

Featured insights Viewpoint Menu

Featured insights Webcasts Menu

Featured insights All Research and insights

Featured

America in motion Executive leadership hub - What’s important to the C-suite? Menu

Capabilities Capabilities Audit and Assurance Alliances and ecosystems Artificial Intelligence (AI) Board governance issues Consulting Cybersecurity, Risk and Regulatory Deals Digital assets and crypto Digital assurance and transparency Engineering & AI Enterprise Strategy Financial Markets & Real Estate Finance and Accounting Financial statement audit Front Office Managed Services Metaverse Operations PwC Private Risk Modeling Services Sustainability and ESG Tax services Workforce All capabilities Menu

Capabilities Audit and Assurance Menu

Capabilities Alliances and ecosystems Adobe Amazon Web Services Google Guidewire Microsoft Oracle Salesforce SAP Workday All alliances Menu

Capabilities Artificial Intelligence (AI) Menu

Capabilities Board governance issues Menu

Capabilities Consulting Menu

Capabilities Cybersecurity, Risk and Regulatory Menu

Capabilities Deals Menu

Capabilities Digital assets and crypto Menu

Capabilities Digital assurance and transparency Menu

Capabilities Engineering & AI Menu

Capabilities Enterprise Strategy Menu

Capabilities Financial Markets & Real Estate Menu

Capabilities Finance and Accounting Menu

Capabilities Financial statement audit Menu

Capabilities Front Office Menu

Capabilities Managed Services Menu

Capabilities Metaverse Menu

Capabilities Operations Menu

Capabilities PwC Private Family enterprises Law firms Private equity and portfolio companies Ultra high net worth individuals US inbounds Menu

Capabilities Risk Modeling Services Menu

Capabilities Sustainability and ESG ESG reporting Sustainability strategy Sustainable technology and digital Menu

Capabilities Tax services Menu

Capabilities Workforce Menu

Capabilities All capabilities Menu

Industries Industries Aerospace and defense Asset and wealth management Automotive Banking and capital markets Chemicals Consumer markets Consumer packaged goods Energy Energy and industrials Engineering and construction Financial services Gaming Health industries Health services Hospitality and leisure Industrial manufacturing Insurance Media Medical technology Pharmaceutical and life sciences Power and utilities Private equity Real estate Restaurants, wholesale and agriculture Retail Space Sports Technology Technology, media and telecommunications Telecommunications Travel, transportation and logistics Menu

Industries Aerospace and defense Menu

Industries Asset and wealth management Menu

Industries Automotive Menu

Industries Banking and capital markets Menu

Industries Chemicals Menu

Industries Consumer markets Menu

Industries Consumer packaged goods Menu

Industries Energy Menu

Industries Energy and industrials Menu

Industries Engineering and construction Menu

Industries Financial services Menu

Industries Gaming Menu

Industries Health industries Menu

Industries Health services Menu

Industries Hospitality and leisure Menu

Industries Industrial manufacturing Menu

Industries Insurance Menu

Industries Media Menu

Industries Medical technology Menu

Industries Pharmaceutical and life sciences Menu

Industries Power and utilities Menu

Industries Private equity Menu

Industries Real estate Menu

Industries Restaurants, wholesale and agriculture Menu

Industries Retail Menu

Industries Space Menu

Industries Sports Menu

Industries Technology Menu

Industries Technology, media and telecommunications Menu

Industries Telecommunications Menu

Industries Travel, transportation and logistics Menu

Technology Technology Alliances and ecosystems Delivery platforms Emerging technology Engineering & AI Products Tech-enabled services Tech Effect Menu

Technology Alliances and ecosystems Adobe Amazon Web Services Google Cloud Guidewire Microsoft Oracle Salesforce SAP Workday Menu

Technology Delivery platforms Concourse Sightline Menu

Technology Emerging technology Artificial Intelligence (AI) Digital assets and crypto Metaverse Responsible AI Web3 Menu

Technology Engineering & AI Menu

Technology Products Analytics Foundation Beacon Bookkeeping Connect Connected Solutions Enterprise Control Investor Survey Model Edge Next Level HR Profit Seeker Ready Assess Saratoga Risk Link View all products Menu

Technology Tech-enabled services Agile Commerce Carbon Ledger Culture Thumbprint Enhanced insurance analytics for Salesforce ESG Geospatial Climate Intelligence (GCI) Insights to Enablement Market Advantage Payer Advocacy Center Ready Command Shovel Ready Menu

Technology Tech Effect Menu

About us About us Alumni Analyst relations Investing in our people Newsroom Offices Our leadership Purpose and values Menu

About us Alumni Join the PwC Alumni Network Meet our alumni Menu

About us Analyst relations Menu

About us Investing in our people Menu

About us Newsroom Menu

About us Offices Menu

About us Our leadership Menu

About us Purpose and values Be Well, Work Well Environmental sustainability Inclusion Social impact

Featured

Tech Effect Menu

Careers Careers Why PwC Entry Level Careers Experienced Careers University Relations Menu

Careers Why PwC Benefits & Compensation The PwC Professional US Careers Podcast hub Menu

Careers Entry Level Careers Search opportunities Recruiting process Student Development Programs Advance Internship Military and Veterans Student programs quiz Menu

Careers Experienced Careers Search opportunities Contract opportunities Alumni Careers Military and Veterans Menu

Careers University Relations University Relations Faculty Newsletter

Featured

Shared success benefits Loading Results

No Match Found

View All Results

2026 Global Digital Trust Insights: C‑suite playbook and findings

New world, new rules: Cybersecurity in an era of uncertainty Insight 10 minute read October 01, 2025 Share Copy Link Link Copied Close 60% are increasing cyber risk investment in response to geopolitical volatility

Only 6% have fully implemented all data risk measures surveyed

Top 2 challenges to implementing AI for cyber defence are knowledge and skills gaps

Cybersecurity is entering uncharted waters. A rapidly shifting world order and threat environment ― powered by recent, exponential leaps in technology ― is putting cyber strategies to the test. 

Organisations are confronting the new reality of a post-globalisation era, one that’s marked by fractured alliances, weakened global institutions, tariff shocks and disrupted supply chains. We’re witnessing unprecedented technology advances that are expanding the attack surface and introducing novel cyber threats, many of them state-sponsored. 

PwC’s 2026 Global Digital Trust Insights survey of 3,887 business and tech executives across 72 countries reveals how leaders are handling this era of uncertainty, where they’re falling short, and what they might do differently to better meet the challenge. Among the key findings:  

Geopolitical risk is shaping strategy: 60% of business and tech leaders rank cyber risk investment in their top three strategic priorities in response to ongoing geopolitical uncertainty. Resilience is a work in progress: Given the current geopolitical landscape, roughly half say their organisation is at best only ‘somewhat capable’ of withstanding cyber attacks targeting specific vulnerabilities. Only 6% feel confident across all vulnerabilities surveyed. Waiting for trouble: Only 24% of organisations are spending significantly more on proactive measures (e.g., monitoring, assessments, testing, controls) than reactive measures (incident response, fines, recovery). That’s the ideal spend ratio. Most companies (67%) are spending roughly equal amounts on both categories, which can be more costly and risky. AI agents for cyber defence: Agentic AI ranks among the top AI security capabilities organisations are prioritising over the next 12 months. They plan to deploy these agents for cloud security, data protection and cyber defence and operations, among other priority areas. The quantum clock is ticking: Although quantum computing ranks among the top five threats organisations are least prepared to address, fewer than 10% prioritise it in budgets and only 3% have implemented all leading quantum-resistant measures surveyed. Rethinking the cyber talent crisis: Skills shortages remain one of the biggest barriers to cyber progress. Over half (53%) are prioritising AI and machine learning tools to help close capability gaps, and specialised managed services are becoming strategic accelerators to provide expertise and scale. Meeting the moment will require renewed urgency, creativity and different approaches — not a business-as-usual mindset. Our C-suite playbook translates this year’s findings into practical steps, helping key stakeholders strengthen their foundational security practices and implement future-ready measures calibrated to the new world we’re in.

Risk and threat landscape Geopolitics are reshaping cyber vulnerabilities Today’s cyber risks are shaped as much by geopolitics as by disruptive technologies. Upended alliances, trade disputes, weakened international institutions and other destabilising trends in this new era of strategic competition are reshaping the threat environment, as well as traditional methods of doing business.  

Responding to this geopolitical climate, 60% of business and tech leaders are making cyber risk investment one of their top three strategic priorities for the year ahead. They’re also prioritising changes in critical infrastructure location (41%), trade and operating policies (39%) and cyber insurance policies (39%). With disruption now the norm, cyber is a critical lever for resilience.  

Cyber strategy changes in response to current geopolitical landscape​
(% that ranked in their top 3 areas) Q2. Over the next 12 months, which of the following areas of your organisation's cyber strategy is changing in response to the current geopolitical landscape? Base: All respondents=3887
Source: PwC 2026 Global Digital Trust Insights Against this backdrop, confidence in cyber readiness is split. While about half of respondents say their organisations are ‘very capable’ of withstanding cyber attacks targeting specific vulnerabilities surveyed, just as many aren’t prepared. What’s more, only 6% say they’re very capable across all vulnerabilities surveyed.  

“In a threat landscape defined by nation-state adversaries and increasingly sophisticated cyber-criminal groups, resilience depends on mastering the fundamentals: identity and access management, network segmentation, securing cloud environments, third-party risk management and building robust response plans. Exercising those plans and building trusted partnerships with law enforcement turns preparation into muscle memory. Every investment in prevention, detection and workforce skills narrows the gaps adversaries aim to exploit.”

Brett Leatherman, FBI Assistant Director, Cyber Division Cyber strategy and operations Where investment meets impact Cybersecurity is about readiness. It means planning ahead and investing in proactive measures like monitoring, assessments, testing, controls and training — before a crisis happens. The alternative, relying primarily on reactive measures (e.g., response, customer care, remediation, recovery, litigation and fines), is more costly, risky and unsustainable.

Two-thirds (67%) of organisations say their proactive/reactive cost ratio is roughly even — spending about the same on proactive and reactive cyber measures or slightly more on either. Few (24%) are in the sweet spot of investing significantly more on proactive steps. What’s more, those numbers likely underestimate the true cost of reacting. While proactive spending sits in the security leader’s budget and is easy to track, reactive costs are dispersed across the business — legal, communications, operations, IT, product, marketing, government relations — and include harder-to-quantify costs such as lost opportunities and reputational damage.

Spending on reactive vs proactive measures​ Q13. Is your organisation spending more resources on reactive or proactive cybersecurity measures? Base: All respondents=3887
Source: PwC 2026 Global Digital Trust Insights

“Moving from reactive defence to proactive resilience is a real opportunity for leaders to drive strategic business growth. It requires a commitment to C-suite collaboration and investment, using powerful technologies like AI and cloud to help security teams work smarter, not just harder. We're optimistic about this future, and it's a mission we champion alongside our customers.”

Nick Godfrey, Senior Director and Global Head, Office of the CISO, Google Cloud AI in cybersecurity From promise to priority AI’s potential for transforming cyber capabilities is clear and far-reaching. That’s why it ranks highest in several categories we surveyed. AI enablement of key cyber capabilities is the top priority for allocating cyber budgets, using managed cybersecurity services and addressing cyber talent gaps. 

To bolster their AI-enabled security capabilities over the next 12 months, security leaders rank threat hunting as their top priority. They’re also pursuing other capabilities such as agentic solutions, event detection and behavioural analytics, identity and access management, and vulnerability scanning and assessments.

Agentic AI among the top prioritised AI security capabilities
(Ordered based on those who ranked as their top priority) Q18. Which of the following AI security capabilities will your organisation prioritise over the next 12 months? Base: Security leaders=1740
Source: PwC 2026 Global Digital Trust Insights

“Every organization is on a different journey with AI. Some must move quickly, others more cautiously. What matters most is enabling the business to move forward — securely and responsibly. Start where the risk is low, learn fast and expand. It's not about blocking progress; it's about partnering with the business to make informed, risk-aware decisions.”

Igor Tsyganskiy, Global Chief Information Security Officer, Microsoft Quantum computing readiness Preparing for next-level threats Although quantum isn’t an immediate cyber threat, those who delay the transition to post-quantum cryptography may be exposing their sensitive data, authentication services and cryptographic systems. With implementation timelines stretching into years, establishing the foundations for quantum-resistant security demands early action today to avoid adversarial disruption tomorrow. 

Some organisations are making initial progress, with 29% in piloting and testing stages. However, only 22% have moved beyond piloting, and almost half (49%) haven’t considered or started implementing any quantum-resistant security measures. What’s holding them back? For many, it’s a lack of understanding around post-quantum risks, combined with limited internal resources and competing demands.

Quantum-resistant security progress​
Q21: How far along is your organisation when it comes to quantum-resistant security measures? Base: All respondents=3887
Source: PwC 2026 Global Digital Trust Insights Cyber talent and skills Managed services move to the front line Cybersecurity workforce shortages continue to impede progress, especially as organisations push to operationalise AI, secure complex environments and prepare for next-generation threats.

Knowledge and skills gaps were the top two barriers to implementing AI for cyber defence over the past year, forcing organisations to rethink how they scale capabilities. Many are exploring new ways to gain proficiency, including AI tools (53%), security automation tools (48%), cyber tool consolidation (47%) and upskilling or reskilling (47%). They’re also prioritising specialised managed services, especially those organisations that have experienced a major attack (48%).

AI and cloud are the top use cases for specialised managed security services. Organisations are using managed services for more than outsourcing capabilities. They’re partnering with providers to modernise the way critical systems get delivered. 

Cybersecurity priorities for the use of managed services
(% that ranked in their top 3 priorities)
Artificial intelligence (AI) % Cloud security % Threat management % Data protection / data trust % Network security and zero trust % Endpoint security % Identity and access management % Supply chain and third-party risk management % Application security % Connected products % Operational technology (OT) security % Quantum computing % Mobile security % Security awareness training % API security % We do not use or plan to use managed services % Unsure %
Q15. Which, if any, of the following areas of your cybersecurity programs is your organisation prioritising to utilise managed services over the next 12 months? Base: Security leaders=1740
Source: PwC 2026 Global Digital Trust Insights New world, new rules: The 2026 Global Digital Trust Insights Get the full C-suite playbook and more of the latest findings for 2026. Access the full report About the survey The 2026 Global Digital Trust Insights is a survey of 3,887 business and technology executives conducted in the May through July 2025 period.

One-third of the executives (33%) are from large companies with $5 billion or more in revenue. Respondents operate in a range of industries, including financial services (21%); industrial manufacturing and automotive (21%); tech, media and telecom (19%); retail and consumer markets (16%); healthcare (10%); energy, utilities and resources (9%); and government and public services (4%).

Respondents are based in 72 countries. The regional breakdown is Western Europe (32%), North America (27%), Asia Pacific (18%), Latin America (11%), Central and Eastern Europe (6%), Africa (4%) and the Middle East (3%).

The Global Digital Trust Insights survey had been known as the Global State of Information Security Survey (GSISS). Now in its 28th year, it’s the longest-running annual survey on cybersecurity trends. It’s also the largest survey in the cybersecurity industry and the only one that draws participation from senior business executives, not just security and technology executives. 

PwC Research, PwC’s global Centre of Excellence for market research and insight, conducted this survey.

New world, new threats, new leadership: Are you cyber-ready? Watch PwC's virtual Global Cybersecurity Summit and hear from industry leaders, cybersecurity executives, and innovative thinkers from around the world, sharing their perspectives on quantum breakthroughs, agentic AI, geopolitical shifts and more. Welcome to a world transformed – where old playbooks no longer apply, and cybersecurity leadership demands a new mindset.

Register

Contact us

Sean Joyce

Principal, Global Cybersecurity and Privacy Leader, PwC US

Email Follow us Audit and Assurance services Consulting Tax services Newsroom Alumni US offices Contact us © 2017 - 2026 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see http://pwc.zhutiblog.com/com/structure for further details.

Privacy Data Privacy Framework Cookie info Legal Terms and conditions Site provider Site map Your Privacy Choices