Cybersecurity is entering uncharted waters. A rapidly shifting world order and threat environment ― powered by recent, exponential leaps in technology ― is putting cyber strategies to the test.
Organisations are confronting the new reality of a post-globalisation era, one that’s marked by fractured alliances, weakened global institutions, tariff shocks and disrupted supply chains. We’re witnessing unprecedented technology advances that are expanding the attack surface and introducing novel cyber threats, many of them state sponsored.
PwC’s 2026 Global Digital Trust Insights survey of 3,887 business and tech executives across 72 countries reveals how leaders are handling this era of uncertainty, where they’re falling short, and what they might do differently to better meet the challenge. Among the key findings:
Meeting the moment will require renewed urgency, creativity and different approaches — not a business-as-usual mindset. Our C-suite playbook translates this year’s findings into practical steps, helping key stakeholders strengthen their foundational security practices and implement future-ready measures calibrated to the new world we’re in.
Today’s cyber risks are shaped as much by geopolitics as by disruptive technologies. Upended alliances, trade disputes, weakened international institutions and other destabilising trends in this new era of strategic competition are reshaping the threat environment, as well as traditional methods of doing business.
Responding to this geopolitical climate, 62% of Australian business and tech leaders are making cyber risk investment one of their top three strategic priorities for the year ahead. They’re also prioritising changes in critical infrastructure location (41%), trade and operating policies (31%) and cyber insurance policies (43%). With disruption now the norm, cyber is a critical lever for resilience.
Against this backdrop, confidence in cyber readiness is split. While about half of respondents say their organisations are ‘very capable’ of withstanding cyber attacks targeting specific vulnerabilities surveyed, just as many aren’t prepared. What’s more, only 6% say they’re very capable across all vulnerabilities surveyed.
Q2. Over the next 12 months, which of the following areas of your organisation's cyber strategy is changing in response to the current geopolitical landscape? Base: All respondents=3887
Source: PwC 2026 Global Digital Trust Insights
AI technologies are rapidly advancing, and high-profile data breaches have intensified scrutiny on how Australian organisations manage their data. Leading the charge globally, over half of Australian companies have implemented Data Loss Prevention strategies, and 40% have embraced responsible AI practices, both above the global average.
However, challenges remain. Australia trails in applying robust data classification policies and lifecycle controls, with 17% of organisations lacking data classification policies and 5% having no plans to adopt them. Nearly a quarter (23%) have yet to enforce data controls across the entire lifecycle.
The financial impact is substantial, with recent breaches costing Australian organisations an average of $3.9 million, closely aligned with the global average of $4.2 million. Despite growing emphasis on data quality and minimisation, there is a pressing need to accelerate preventative measures and fortify data protection, ensuring Australian data is secure in an increasingly complex digital landscape.
Q5. To what extent has your organisation implemented or is planning to implement any of the following measures to address data risk across the enterprise?
Source: PwC 2026 Global Digital Trust Insights
Cybersecurity is about readiness. It means planning ahead and investing in proactive measures like monitoring, assessments, testing, controls and training — before a crisis happens. The alternative, relying primarily on reactive measures (e.g., response, customer care, remediation, recovery, litigation and fines), is more costly, risky and unsustainable.
Almost three quarters (71%) of Australian organisations say their proactive/reactive cost ratio is roughly even — spending about the same on proactive and reactive cyber measures or slightly more on either. Few (21%) are in the sweet spot of investing significantly more on proactive steps. What’s more, those numbers likely underestimate the true cost of reacting. While proactive spending sits in the security leader’s budget and is easy to track, reactive costs are dispersed across the business — legal, communications, operations, IT, product, marketing, government relations — and include harder-to-quantify costs such as lost opportunities and reputational damage.
Q13. Is your organisation spending more resources on reactive or proactive cybersecurity measures? Base: All respondents=3887
Source: PwC 2026 Global Digital Trust Insights
AI’s potential for transforming cyber capabilities is clear and far-reaching. That’s why it ranks highest in several categories we surveyed. AI enablement of key cyber capabilities is the top priority for allocating cyber budgets, using managed cybersecurity services and addressing cyber talent gaps.
To bolster their AI-enabled security capabilities over the next 12 months, Australian security leaders rank event detection and behavioural analytics threat hunting as their top priority (49%), significantly higher than Global security leaders who view it as their third priority (36%). They’re also pursuing other capabilities such as agentic solutions, AI threat hunting, identity and access management, and vulnerability scanning and assessments.
Q18. Which of the following AI security capabilities will your organisation prioritise over the next 12 months? Base: Security leaders=1740
Source: PwC 2026 Global Digital Trust Insights
Although quantum isn’t an immediate cyber threat, those who delay the transition to post-quantum cryptography may be exposing their sensitive data, authentication services and cryptographic systems. With implementation timelines stretching into years, establishing the foundations for quantum-resistant security demands early action today to avoid adversarial disruption tomorrow.
Some Australian organisations are making initial progress, with 30% in piloting and testing stages. However, only 24% have moved beyond piloting, and almost half (46%) haven’t considered or started implementing any quantum-resistant security measures. What’s holding them back? For many, it’s a lack of understanding around post-quantum risks, combined with limited internal resources and competing demands.
Q21: How far along is your organisation when it comes to quantum-resistant security measures? Base: All respondents=3887
Source: PwC 2026 Global Digital Trust Insights
Cybersecurity workforce shortages continue to impede progress, especially as organisations push to operationalise AI, secure complex environments and prepare for next-generation threats.
Knowledge and skills gaps were the top two barriers to implementing AI for cyber defence over the past year, forcing organisations to rethink how they scale capabilities. Whilst AI and machine learning tools are key priorities, Australia trails behind both Global (53%) and Asia-Pacific (55%) who consider it their number one priority, as the third highest priority (49%). Comparatively, Australia leads in cybersecurity tool consolidation efforts at 52%, exceeding Global (47%) and Asia-Pacific (50%) figures, possibly driven by cost-efficiency goals. Additionally, Australian organisations are focused on upskilling and reskilling, security automation tooling, and managed services.
AI and cloud are the top use cases for specialised managed security services, with identity and access management notably higher for Australia (23%) compared to Global (18%). Organisations are using managed services for more than outsourcing capabilities. They’re partnering with providers to modernise the way critical systems get delivered.
Q15. Which, if any, of the following areas of your cybersecurity programs is your organisation prioritising to utilise managed services over the next 12 months? Base: Security leaders=1740
Source: PwC 2026 Global Digital Trust Insights