KPMG Consulting Announces 'Cybersecurity Considerations 2026'
KPMG Consulting has released a report outlining eight critical cybersecurity issues that leaders should prioritize in 2026. The report emphasizes strategic resilience in the face of rapid AI evolution, geopolitical risks, and expanding attack surfaces.
📋 Article Processing Timeline
- 📰 Published: April 28, 2026 at 20:00
- 🔍 Collected: April 28, 2026 at 11:31
- 🤖 AI Analyzed: April 28, 2026 at 13:37 (2h 5m after Collected)
KPMG Consulting Co., Ltd. (Headquarters: Chiyoda-ku, Tokyo; Representative Directors: Yutaka Seki, Atsushi Taguchi, Masahiko Chino; hereinafter 'KPMG Consulting') has released a report titled 'Cybersecurity Considerations 2026.' This report summarizes eight critical points that cybersecurity leaders, such as Chief Information Security Officers (CISOs) and executives, should prioritize for consideration in 2026.
The evolution of technology is accelerating, and new digital technologies, starting with AI, are providing companies with growth opportunities while simultaneously amplifying cyber risks. Furthermore, the management environment surrounding companies is becoming increasingly complex due to rising geopolitical risks, regulatory pressures, and supply chain disruptions, with challenges spanning a wide range. In this context, cybersecurity leaders are increasingly required to play a strategic role—not just defending against risks, but also strengthening the overall resilience of the digital and operational attack surfaces to support large-scale innovation.
This report is composed of insights from more than 20 KPMG cybersecurity professionals around the world, as well as the views of executives from KPMG's cybersecurity alliance partners, including Google, Microsoft, Palo Alto Networks, and ServiceNow, and the results of research reports previously conducted by KPMG.
Eight Key Cybersecurity Considerations for 2026:
1. Preparing Cyber Talent for Autonomous Security
As security automation progresses, AI agents are taking on more intelligence-led tasks in compliance, risk management, and identity management, in addition to security operations center (SOC) duties.
2. Navigating Geopolitical Risk and Building Resilience and Compliance
Both digital defenses and physical assets are increasingly likely to be exposed to state-level attacks. It is crucial for organizations to evaluate potential risks while utilizing AI, automation, and analytics to streamline controls, accelerate evidence collection, and strengthen regulatory compliance.
3. Securing AI Systems
As AI becomes core to an organization's operations, AI security is not just a technical challenge but a necessity that intersects with compliance, trust, and operational resilience.
4. Managing Non-human Identities
Non-human identities, such as AI agents, service accounts, and machine credentials, have already expanded to outnumber human users. Organizations are required to rethink identity governance for both humans and machines.
5. Achieving Trusted IT/OT Hyperconnectivity
Connected environments are becoming common due to the embedding of sensors and the spread of IoT devices. Protecting hyper-connected systems requires dynamic mesh architectures, clarification of responsibility, and monitoring across the boundaries of cyber and physical spaces.
6. The Transition to Post-Quantum Cryptography
The transition to post-quantum cryptography is becoming a global reality, and avoiding it is considered difficult. Guidelines and regulations regarding the transition are being introduced worldwide to manage quantum cyber risks, making it a critical business continuity issue in sectors like finance and defense.
7. Protecting the Supply Chain through Detection and Response
Complex supply chains create vast digital attack surfaces, including AI and countless IoT devices. It is necessary to expand the scope of third-party risk management through continuous monitoring and supervision to maintain operational resilience.
8. The Expanding Role and Influence of the CISO
As security is more deeply integrated into business and operations, and the cyber and physical domains merge, the scope and responsibility of the CISO continue to expand. Simultaneously, CISOs are strongly required to manage both the opportunities and threats associated with large-scale AI implementation.
About KPMG Consulting:
KPMG Consulting is a comprehensive consulting firm that supports corporate and organizational transformation by combining industry knowledge across five areas: Strategy, Business Transformation, Technology/Digital, Risk Consulting, and Business Innovation.
The evolution of technology is accelerating, and new digital technologies, starting with AI, are providing companies with growth opportunities while simultaneously amplifying cyber risks. Furthermore, the management environment surrounding companies is becoming increasingly complex due to rising geopolitical risks, regulatory pressures, and supply chain disruptions, with challenges spanning a wide range. In this context, cybersecurity leaders are increasingly required to play a strategic role—not just defending against risks, but also strengthening the overall resilience of the digital and operational attack surfaces to support large-scale innovation.
This report is composed of insights from more than 20 KPMG cybersecurity professionals around the world, as well as the views of executives from KPMG's cybersecurity alliance partners, including Google, Microsoft, Palo Alto Networks, and ServiceNow, and the results of research reports previously conducted by KPMG.
Eight Key Cybersecurity Considerations for 2026:
1. Preparing Cyber Talent for Autonomous Security
As security automation progresses, AI agents are taking on more intelligence-led tasks in compliance, risk management, and identity management, in addition to security operations center (SOC) duties.
2. Navigating Geopolitical Risk and Building Resilience and Compliance
Both digital defenses and physical assets are increasingly likely to be exposed to state-level attacks. It is crucial for organizations to evaluate potential risks while utilizing AI, automation, and analytics to streamline controls, accelerate evidence collection, and strengthen regulatory compliance.
3. Securing AI Systems
As AI becomes core to an organization's operations, AI security is not just a technical challenge but a necessity that intersects with compliance, trust, and operational resilience.
4. Managing Non-human Identities
Non-human identities, such as AI agents, service accounts, and machine credentials, have already expanded to outnumber human users. Organizations are required to rethink identity governance for both humans and machines.
5. Achieving Trusted IT/OT Hyperconnectivity
Connected environments are becoming common due to the embedding of sensors and the spread of IoT devices. Protecting hyper-connected systems requires dynamic mesh architectures, clarification of responsibility, and monitoring across the boundaries of cyber and physical spaces.
6. The Transition to Post-Quantum Cryptography
The transition to post-quantum cryptography is becoming a global reality, and avoiding it is considered difficult. Guidelines and regulations regarding the transition are being introduced worldwide to manage quantum cyber risks, making it a critical business continuity issue in sectors like finance and defense.
7. Protecting the Supply Chain through Detection and Response
Complex supply chains create vast digital attack surfaces, including AI and countless IoT devices. It is necessary to expand the scope of third-party risk management through continuous monitoring and supervision to maintain operational resilience.
8. The Expanding Role and Influence of the CISO
As security is more deeply integrated into business and operations, and the cyber and physical domains merge, the scope and responsibility of the CISO continue to expand. Simultaneously, CISOs are strongly required to manage both the opportunities and threats associated with large-scale AI implementation.
About KPMG Consulting:
KPMG Consulting is a comprehensive consulting firm that supports corporate and organizational transformation by combining industry knowledge across five areas: Strategy, Business Transformation, Technology/Digital, Risk Consulting, and Business Innovation.