Future-proof cybersecurity: how prepared are you?

Cybersecurity is entering unknown territory. The world order is changing rapidly in a post-globalisation era marked by crumbling international alliances, weakened global institutions, and economic shocks from trade tariffs and disrupted supply chains. Combined with unprecedented technological progress, this brings new threats to the cloud, data and networks, with specialised digital attacks often supported by governments. Cybersecurity strategies are being put to the test.

‘The new reality of uncertainty forces organisations to evaluate and, if necessary, revise their cyber strategy,’ says cybersecurity expert Angeli Hoekstra. ‘Digital security is comprehensive. It starts with gaining insight into the biggest cyber risks, where they are in the organisation, what their impact is and whether that impact is acceptable, and what it costs to mitigate those risks. With these insights, executives can understand the risks and decide whether to accept them or to take security measures. Presenting risks and impacts can be done much more quantitatively, based on data, than is currently the case.’

For its annual Global Digital Trust Insights Survey, PwC questioned 3,887 business and technology leaders from companies in 72 countries about cybersecurity. This reveals how managers are coping with this era of uncertainty, where they fall short and what they can do differently to be better prepared for digital security challenges.

‘The cloud, connected products, and third-party breaches are the top three cybersecurity themes,’ says Hoekstra. ‘Many companies store their data in the cloud, often with international providers. This means they are at risk not only of data theft in the event of a hack, but also face increasing geopolitical tensions and questions around cloud & data sovereignty.’

Connected products refers to systems with built-in sensors or software that can collect and send data, communicate with other devices, or be managed or monitored remotely. Examples include robots in factories, connected cars that receive real-time traffic information, smart railway switches, and sensors in transformer stations. The consequences can be significant if these connected products are attacked.

Companies are increasingly intertwined with their suppliers and customers. A security breach at one of these third parties can disrupt the supply chain, or even result in a breach of their own security, potentially leading to a ransomware attack.

The leaders surveyed are highly aware of cyber risks. 60 per cent list investment in cybersecurity as one of their top 3 strategic priorities, and say they are increasing their cybersecurity investments. For Dutch companies in the survey, that percentage is significantly lower: 46 per cent.

‘Our research did not look further into the reasons. But it also showed that there is much less interaction between the C-level (the CEO, CTO, CFO, CRO) and the CISO (Chief Information Security Officer) in the Netherlands than abroad. Here, a third say there is contact between the CISO and top management, whereas in other Western European countries and the rest of the world it is about half. This can mean, for instance, that cyber measures are overlooked in new business initiatives and top management does not have enough insight into cyber risks,’ Hoekstra explains.

Despite widespread awareness of increasing cybersecurity risks, only six per cent of organisations feel fully prepared for all vulnerabilities (see box 7 Cyber vulnerabilities). About half say they are only ‘somewhat capable’ of resisting targeted attacks. On average, organisations rate themselves as ‘very capable’ on three to four of the seven vulnerabilities.

67 per cent of companies invest equally in proactive cybersecurity (preventing damage from a cyberattack) and reactive cybersecurity (repairing damage after a cyberattack). Only 24 per cent invest significantly more in proactive security measures, and in the Netherlands that figure is just 8 per cent. ‘That is a risky and inefficient policy, and is waiting for trouble,’ Hoekstra judges. ‘It’s a case of prevention being better than a cure. Ideally, you invest more in proactive cybersecurity, which generally results in smaller impacts from incidents and a more resilient organisation.’

Capability to withstand a major cyber attack

Only 6 per cent cite _{'very capable' across all areas}

^{Question 3. Given the current geopolitical landscape, how capable is your organisation to withstand a major cyber attack targeting the following vulnerabilities?
Base: Security leaders, COOs and Operations Directors = 1971. Source: PwC 2026 Global Digital Trust Insights}

AI plays a dual role in cybersecurity: Hoekstra: ‘AI can be a threat for security, but also be used as a tool for improved security. Hackers can use AI’s intelligence to carry out better and faster cyberattacks. But AI, in the form of agentic AI, can also be a digital security employee. There are already applications that monitor cybersecurity 24/7 and scan for viruses and attacks. But agents can go further and also make decisions about what to do in the event of a cyberattack or data breach.

Another advantage of cyber agents is that they can help address part of the staff shortage. There is a huge talent gap in cybersecurity; there simply aren’t enough specialists available. We can partly bridge that gap by further automating cybersecurity.’

The research shows that agentic AI is high on the priority list of organisations. They plan to deploy agents in the next twelve months to protect the cloud, data and networks. 

Protection against quantum computers, on the other hand, scores significantly lower. The danger is that hackers use the powerful computing power of these computers to crack encrypted messages and data. 49 per cent of the organisations surveyed have not yet taken action. Of those who have, less than 25 per cent are beyond the pilot phase.

Hoekstra finds this concerning: ‘Quantum computing is among the top five threats according to these organisations. Organisations must map where they use encryption and assess how they can make it quantum-safe. Malicious actors are already intercepting encrypted data, hoping to decrypt it later with quantum computers: “harvest now, decrypt later”. Fortunately, algorithms now exist that are quantum-safe, such as the post-quantum cryptography standards selected by NIST (National Institute of Standards and Technology).’

The 2026 Global Digital Trust Insights Survey shows that the most advanced organisations integrate cybersecurity into their business strategy. They focus on being prepared, rather than acting afterwards when digital security has proved insufficient.

Many organisations have already laid the foundation for effective cyber risk management by strengthening their governance structure in line with leading cybersecurity frameworks, embedding cyber risk controls across the organisation, and prioritising risk assessments and reporting.

Hoekstra: ‘But to be future-proof, cybersecurity requires more than business as usual. That means facing uncertainty head-on, making bold yet considered decisions, and building agility into your security strategy.’

To seize the moment and address cybersecurity with renewed urgency and creativity, we have developed a C-suite guide. This translates the findings of the Global Digital Trust Insights Survey into practical steps. With this guide, the CISO/CSO, CIO/CTO, CFO and CEO can strengthen their organisation’s digital security and implement forward-looking measures, aligning the enterprise with the changing world in which we live.