Digital Trust Insights Survey 2026

Irish organisations are rethinking their cyber strategies to stay ahead of increasingly complex threats. Cloud vulnerabilities (33%) top the list of cyber threats for companies around the world, followed by attacks on connected products (28%) and third-party breaches (27%).   

This is according to PwC’s 2026 Global Digital Trust Insights survey, released today in Ireland, covering the latest cybersecurity trends and how organisations are rethinking cyber protection. The research is based on the views of nearly 4,000 business and tech executives from across 72 countries and territories, including Ireland.  In its 28th year, it is the largest survey in the cybersecurity industry.   

According to the research, less than half (48%) of organisations around the world are ‘very capable’ of withstanding a major cyber attack across a range of vulnerabilities even as new and emerging technologies including AI and quantum computing transform the cyber risk landscape. 

David Lee, Chief Technology Officer, PwC Ireland, said: “We know that digital trust is highlighted by many organisations as an inhibitor to the scaling of AI across their organisations.  In that context, it is encouraging to see investment in AI and data protection featuring as top priorities in cyber related investments over the coming year.” 

 Irish firms are increasing investment in cyber risk, but know that this is not enough

Over half (57%) of Irish firms are increasing investment in cyber risk management, slightly below global counterparts (60%), signalling a shared urgency to strengthen defences as threats grow more frequent and sophisticated. But investment alone isn’t enough.  

Irish firms are taking broader action: 38% are re-evaluating and relocating critical infrastructure (Global: 41%); 35% are reconsidering where core operations are based (Global:31%); 32% are adapting trade and operating policies to manage risk more effectively (Global: 39%) and 41% are updating cyber insurance to improve coverage and resilience Global: 39%). 

 Supply chains are also under review. A third of Irish organisations (32%) are changing  suppliers to reduce exposure to third-party risk, seeking partners who meet higher security standards, ahead of global counterparts (26%).  

AI is reshaping cybersecurity, but Irish firms see greater challenges to adopt AI for cyber defence than global counterparts 

The top AI attack scenarios organisations around the world are most concerned about over the next 12 months are: AI-powered malware (62%), AI-powered supply chain attacks (56%) and deep fake social engineering (48%).   

More than one third (35%) of organisations around the world are prioritising agentic AI as a security capability over the next 12 months.  

 AI is reshaping cybersecurity, but Irish organisations are still working through the challenges of AI adoption for cyber defence. Over half (52%) of Irish respondents cite an unclear risk appetite as the greatest barrier to using AI for cyber defence, well above the global average (39%) pointing to a deeper hesitation around risk ownership and governance. Leadership uncertainty as to the value of AI for cyber defence is another blocker for 42% for Irish firms (Global: 34%), also above global counterparts.   

 Leonard McAuliffe, Cyber Security Partner, PwC Ireland, said: “Economic uncertainty and geopolitical tensions are reshaping cyber strategies. The survey reveals that cyber priorities are shifting and technologies like AI and quantum computing are reshaping risk. 

“Cybersecurity is no longer just a technical issue; it’s a strategic imperative shaped by global events. These shifts reflect a growing recognition: cybersecurity must evolve with the world around it. And that means acting decisively, not just reacting. For Irish firms, the message is clear: they recognise the potential of advanced technologies, but many are still finding their footing. Building clarity, confidence and capability will be key to unlocking their full value.” 

Moira Cronin, Partner, Business Assurance, PwC Ireland said “Planning ahead is also critical. European regulations like the Digital Operational Resilience Act (DORA) and the Network and Information Security Directive 2 (NIS 2) are reinforcing the need for forward-thinking cyber strategies that embed resilience into the core of the business.” 

Most damaging cyber breach costing over US$500,000 for many  

Nearly four out of ten (39%) global respondents reported that their most damaging data breach in the past three years cost their organsiation over US$500,000. Of this, 11% said the cost was in excess of US$10 million and 3% said it cost more than US$ 20 million. Cybersecurity is about readiness. It’s about building resilience before a crisis hits, not scrambling after one. That means investing in continuous threat monitoring, rigorous testing, risk assessments and comprehensive training.  

 Cyber budgets set to increase with AI the top investment area    

Nearly eight-in-ten (78%) organisations around the world said that their cyber budget will increase over the coming year, highlighting the continuing importance organisations are placing in bolstering their cyber security capabilities.   

Looking within cyber budget priorities, investment in AI (36%) is the top priority over the next 12 months, ahead of cloud security (34%), network security (28%) and data protection (26%), as AI’s rapid advance continues to transform the digital landscape. 

Ireland behind global counterparts on proactive cybersecurity measures  

Trust in cybersecurity requires a lot of investment.  Shifting the balance towards proactive defence isn’t just smarter, it’s more sustainable. It’s how organisations stay ready, stay resilient and stay ahead. 

But just 8% of Irish organisations invest ‘significantly’ more on proactive cybersecurity measures than reactive measures, far behind global counterparts (24%).  A further 43% invest ‘slightly’ more on proactive cybersecurity measures (Global: 32%).  A less proactive approach on cybersecurity could drive up long-term costs, as well as result in reputational damage and regulatory penalties.    

Cyber skills gaps: Irish firms have a strong commitment to continuous security training, ahead of global counterparts  

Over four out of ten (42%) Irish companies said that a lack of knowledge has been the top challenge in applying AI for cyber defence in the last 12 months (Global: 50%);  35% cited a lack of relevant skills (Global: 41%).  

Cyber security workforce skills and shortages continue to impede cyber defence progress. However, Irish organisations signal a strong commitment to continuous learning: 43% said that ongoing security training will shape their cybersecurity spending over the next year, ahead of global counterparts (28%). Irish businesses are responding to address cyber talent gaps by prioritising areas such as upskilling and reskilling (Ireland: 54%; Global: 47%), AI and machine learning tools (Ireland: 41%; Global: 53%) and security automation tools (Ireland: 38%; Global:48%).  

 At the same time, many are looking outward. 35% of Irish organisations plan to implement managed cybersecurity services in the next 12 months (Global:39%). It’s a strategic shift that reflects growing demand for specialist expertise, scalability and cost efficiency.    

  Quantum security: Ireland behind global counterparts  

Quantum security is another area where Ireland is falling behind global counterparts. It is expected that quantum computing will break current encryption protocols by 2030. But just 8% of Irish organisations are actively implementing quantum-resistant technologies, compared to 22% globally. That said, 67% are either exploring options or are piloting the technology, a sign that interest is growing (Global: 62%). 

At the same time, as quantum technologies are advancing: quantum computing threats represent one of the top-ranked threats (26%) global organisations are least prepared for. Just 33% of companies around the world have implemented a range of quantum-security measures, mainly due to due to a lack of understanding about post-quantum risks, limited internal resources and competing demands.  

Leonard McAuliffe, Partner, Cybersecurity Practice, PwC Ireland, concluded: “New and emerging technologies and a rapidly evolving and digitally interconnected global ecosystem and threat landscape have created a tipping point. In Ireland the survey highlights a commitment to increasing investment in cyber risk but greater focus is needed on using AI for cyber defence and on proactive cybersecurity measures. Cyber leaders in Ireland and around the world must chart a path forward and that requires executive alignment. The organisations that will lead in the future are those investing in cyber not just to respond, but to anticipate. This year’s findings show that resilience comes from foresight, not hindsight. Organisations should ensure that they are also investing in AI and cyber skills, prioritising the upskilling and re-skilling of their cyber teams in order to clearly and proactively map the cyber risks they face.” 

ENDS

Notes to editors:

 

About PwC’s 2026 Global Digital Trust Insights survey  

The PwC 2026 Global Digital Trust Insights survey captures the views of 3,887 business and technology executives across 72 countries including 37 in Ireland. One-third of the executives (33%) are from large companies with US$5 billion or more in revenues. Respondents operate in a range of industries, including financial services (21%); industrial manufacturing and automotive (21%); tech, media and telecom (19%); retail and consumer markets (16%); healthcare (10%); energy, utilities and resources (9%); and government and public services (4%). The regional breakdown of responses is Western Europe (32%), North America (27%), Asia Pacific (18%), Latin America (11%), Central and Eastern Europe (6%), Africa (4%) and the Middle East (3%). Now in its 28th year, it’s the longest-running annual survey on cybersecurity trends. It’s also the largest survey in the cybersecurity industry and the only one that draws participation from senior business executives, not just security and technology executives.