Cybersecurity is becoming one of the key areas of executive decision-making rather than solely the domain of IT departments, according to the KPMG report “Cybersecurity Considerations 2026.” The analysis shows that competitive advantage is increasingly determined by an organization’s ability to manage cybersecurity risk in an environment of growing complexity—driven by the development of artificial intelligence, geopolitical tensions, and regulatory changes. Market data confirms the scale of the challenge: in Poland, as many as 96% of companies experienced a cybersecurity incident in 2025, while globally 57% of CEOs identify geopolitics as a significant business risk.
Cyber threats have become a permanent element of the business landscape, and organizations now operate in an environment of increasing operational complexity. This complexity stems not only from technological progress but also from regulatory fragmentation and the rapid growth in non-human identities, such as system accounts, APIs, and AI agents.
Organizations are entering an era in which cybersecurity can no longer be treated as an operational cost managed by the IT department. When comparing global and local—Polish—perspectives, a phenomenon emerges that can be described as the “maturity paradox”: companies are consistently building structures and investing in security tools, yet the number of incidents continues to reach record highs because attackers are adopting new technologies at least as efficiently as defenders. Artificial intelligence is the main catalyst of this asymmetry—and this is precisely why the key challenge in the coming years will not be access to the right technical solutions, but rather the ability of management boards to make informed cybersecurity decisions. This requires integrating cybersecurity into organizational strategy on par with areas such as financial management or supply chain management. Companies that successfully implement this shift will gain operational resilience, which is becoming one of the key dimensions of competitive advantage,” says Michał Kurek, Partner and Head of Cybersecurity at KPMG in Poland and Central and Eastern Europe.
New Risk Areas – AI, Identities, and Supply Chains
The KPMG report identifies several areas that require particular attention from management boards. These include, among others, the protection of artificial intelligence systems as a foundation for trust and regulatory compliance, as well as the management of non-human identities, whose numbers are rapidly increasing and escaping traditional control models.
Another significant shift is the transformation of the approach to supply chain security—from periodic audits to continuous monitoring and shared responsibility across ecosystems.
Artificial Intelligence Redefines the Security Model
Artificial intelligence lies at the center of cybersecurity transformation. On one hand, it enables process automation, faster threat detection, and more effective incident response. On the other, it significantly enhances the capabilities of cybercriminals, allowing them to conduct more advanced and scalable attacks, including AI-powered phishing campaigns and deepfake-based fraud.
The development of autonomous systems is also reshaping the operation of Security Operations Centers (SOCs). Increasingly, operational tasks are being handled by AI-driven systems, shifting the role of specialists toward supervising algorithms, interpreting risk, and managing complex technological environments.
Geopolitics and Regulation Increase Complexity
Cybersecurity is becoming increasingly intertwined with geopolitics. Organizations must account for risks arising from international conflicts, shifts in supply chains, and a growing body of regulations such as NIS2, DORA, and the Cyber Resilience Act. As a result, companies are moving away from uniform global security models toward more distributed and localized approaches.
In the Polish market, threats related to hacktivism are gaining importance, while the perceived risk from state-sponsored groups has partially declined.
Preparing for the Post-Quantum Era
The development of quantum computing is calling into question the effectiveness of current encryption methods. Organizations must already begin preparing for a transition to post-quantum cryptography, including inventorying existing solutions, adapting supplier requirements, and implementing multi-year migration programs.
About the Report
The “Cybersecurity Considerations 2026” report was developed by KPMG International in collaboration with cybersecurity experts from multiple regions and technology partners such as Google, Microsoft, Palo Alto Networks, and ServiceNow. Its conclusions are based on an analysis of market trends and global KPMG research, supplemented in this edition by data from the “Cybersecurity Barometer” survey conducted among organizations operating in Poland.
