Menu

Loading Results

Artificial Intelligence

Annual Threat Dynamics 2026: Cyber threats in motion

A man in a car racing helmet
  • Report
  • 11 minute read
  • April 20, 2026
Irish organisations are adopting AI at pace, but adoption isn’t the same as value. The real gap lies in whether businesses are coupling AI with redesign of how work gets done, building the confidence to scale it, and governing it well enough for meaningful commercial impact to follow.
Pat Moran

Pat Moran

Partner, PwC Ireland (Republic of)

Email
Leonard McAuliffe

Leonard McAuliffe

Partner, PwC Ireland (Republic of)

Email

Global cyber threats are evolving rapidly, moving beyond technical risk to enterprise-wide dangers. PwC’s 2026 Annual Threat Dynamics Report identifies a highly dynamic, interconnected and volatile cyber threat landscape, with attackers eroding trust through attacks on identities, systems, third-parties, and leadership. For Irish organisations, reliance on global supply chains, outsourced services, and cloud ecosystems means greater vulnerability than ever. DORA and NIS2 are raising resilience, governance and accountability expectations, making cyber risk both a security and compliance issue.

“One compromised identity, whether it be human or machine, can quickly escalate to the widespread access needed to compromise an entire environment.”

Leonard McAuliffe,Partner, PwC Ireland

What this means for regulation

Governing bodies in Ireland, the EU, and beyond are responding to this new reality. DORA and NIS2 place greater emphasis on governance, accountability and digital risk management, with organisations subject to heavy legal and financial repercussions for failing to adequately safeguard their operations from systemic dependency, concentration risk and third-party disruption.

This means organisations, especially those defined as critical entities under NIS2, must be able to demonstrate robust control of privilege and access management, identify their key dependencies, and satisfy regulators that they can rapidly and appropriately detect, protect, respond to, and report cyber incidents.

The standard is no longer simply to have policies and procedures in place. The expectation is that resilience can be evidenced, tested, and sustained under pressure.

The threat is shifting from infrastructure to identity

The key takeaway from this report is that attackers have pivoted away from traditional attack vectors such as perimeter weaknesses or phishing links. Advances in AI have allowed threat actors to bypass technical controls through asymmetric warfare, exploiting human behavior, credentials, and identity systems.

That shift has major implications for Irish organisations. Identity is now the front line of the cyber war, resilience depends less on technical controls and more on an organisation’s ability to effectively verify and manage users and access privilege, and to proactively identify and respond to suspicious behavior. This is especially relevant where businesses support remote work, depend on external service providers, or operate across multiple jurisdictions.

AI as a force multiplier

AI has revolutionised cyber warfare. The technology has democratised threat activity, significantly lowering the barrier to entry and making it easier, faster, and cheaper than ever before for threat actors to target at scale. Attackers can now produce convincing deep fakes and other exploitation tactics at such speed and volume that conventional controls are proving inadequate, and security teams are being stretched thin. As organisations invest heavily in AI for efficiency and growth, they must also be aware of the increasing and unpredictable risks posed by rapidly advancing AI capabilities.

Trust in third parties is now a core business risk

Many businesses in Ireland depend on a complex and interconnected web of software providers, cloud vendors, developers, logistics partners, and managed services. That model delivers speed and flexibility, but it also extends the attack surface well beyond the organisation’s direct control.

The executive implication is straightforward: third-party risk is no longer solely a line-item in the procurement process. It’s a critical resilience issue that can make-or-break operations, destroy consumer trust, impact revenue, and expose an organisation to significant legal consequences. That is especially true for financial services under DORA and its explicit obligations around ICT third-party risk; and NIS2, which expects that subject entities understand and manage dependencies in their supply chain effectively.

Resilience now depends on coordinated decision-making

Resilience should no longer be considered solely as effective prevention. Organisation's must now assess how quickly and effectively they can identify, contain, and recover from cyber attacks. Having an agile and well-rehearsed management and response process that can limit data exposure and restore operations quickly is particularly crucial for Ireland, where many organisations face a mix of local and global obligations. Poorly managed cyber incidents can quickly become legal, operational, financial, and reputational crises.

In practice, leadership teams must treat cyber readiness as an enterprise capability. It is not enough for the security team to have an incident response plan, if the wider organisation cannot make decisions quickly when a supplier fails, an account is compromised or customer operations are disrupted.

Geopolitics is now a factor influencing cyber strategy

The report also highlights that the cyber threat landscape is increasingly influenced by global geopolitical events. Threat actors are exploiting geopolitical turmoil, becoming political activists in their own right, and influencing events through hacktivism, vandalism, cyber espionage, and financial crime.

It is crucial for Irish organisations to understand the implications, as exposure to their effects may manifest indirectly. A business or entity may not be itself a geopolitical target, but could still be impacted through a supplier, sector dependency, critical technology platform or executive decision linked to international operations. Leaders should not only ask whether they are secure today, but whether their business model is resilient to changes against the broader geopolitical environment.

What this means for regulation

Governing bodies in Ireland, the EU, and beyond are responding to this new reality. DORA and NIS2 place greater emphasis on governance, accountability and digital risk management, with organisations subject to heavy legal and financial repercussions for failing to adequately safeguard their operations from systemic dependency, concentration risk and third-party disruption.

This means organisations, especially those defined as critical entities under NIS2, must be able to demonstrate robust control of privilege and access management, identify their key dependencies, and satisfy regulators that they can rapidly and appropriately detect, protect, respond to, and report cyber incidents.

The standard is no longer simply to have policies and procedures in place. The expectation is that resilience can be evidenced, tested, and sustained under pressure.

“In this environment, advantage belongs to organisations that treat security as a high-performance and agile system, not a collection of fixed controls.”

Pat Moran,Partner, PwC Ireland

What to prioritise now

As identity-led and third‑party-driven threats accelerate, Irish organisations must prioritise practical, evidence-backed resilience steps that stand up to DORA and NIS2 expectations. 

Number one

Strengthen identity controls. Make identity a priority control area. Review privileged access. Tighten joiner, mover, and leaver processes. Increase oversight of high-risk accounts. Ensure suspicious access activity is monitored and investigated in a timely manner.

Number two

Embed governance in AI from the beginning. Treat AI adoption as part of operational risk. Assign accountability. Assess new risks before deployment. Test controls. Update policies and training to reflect how AI is being used inside the business.

Number three

Focus on critical third parties. Identify critical core service suppliers. Understand where dependencies are concentrated. Review contractual escalation paths. Test operational resiliency against the unexpected loss of one or more key suppliers.

Number four

Rehearse cross-functional response. Run practical exercises that involve leadership, legal, operations, communications, and technology teams. Test decisions, not just technical actions. Make sure escalation routes are clear and that teams know who decides what under pressure.

Number five

Measure what works in practice. Move beyond policy ownership alone. Use evidence. Track how quickly access is reviewed, incidents are escalated, suppliers are assessed, and critical decisions are made. Focus on whether controls work under real conditions.

We’re here to help

We help organisations turn cyber risk into cyber resilience. Whether the priority is identity, third-party risk, governance, or incident readiness, we can support leadership teams in improving resilience, meeting regulatory expectations, and improving decision-making under pressure. Contact us today.

Cybersecurity & Privacy

Strengthen resilience and accelerate response in a fast-changing world.

Follow PwC Ireland

© 2024 - 2026 PwC. All rights reserved. PwC refers to the PwC network or one or more of its member firms or both, each of which is a separate legal entity. Please see pwc.com/structure for further details.