Cyber risk isn’t being rewritten by a shiny new framework, it’s being forced to evolve because the way organisations use technology has changed. We unpack eight shifts already surfacing in incidents, audits and boardrooms.

The latest Global Cybersecurity Outlook from the World Economic Forum highlights three forces reshaping cyber risk in 2026: artificial intelligence, geopolitics and cyber enabled fraud. For many boards, that’s going to raise questions such as “how much loss are we really exposed to?”, and “where should the next pound of investment go?”.

AI is increasingly playing an essential role in cyber defence, yet every layer of automation carries both benefit and trade-off. The benefit lies in speed, scale, and consistency. The trade-off lies in the gradual displacement of human interpretation. The question is not whether automation is valuable but whether it remains an extension of human intent or becomes a substitute for it.

The digital landscape continues to evolve at an unprecedented rate, bringing forth new challenges and amplifying the urgency for robust cybersecurity measures.

The KPMG annual Cybersecurity considerations report identifies eight key considerations that CISOs should prioritise in 2024 to help mitigate risk, drive business growth and build resilience.

Cyber Human Risk Management (HRM) is essential to cybersecurity culture, as the way people manage technology is the window through which threat actors can infiltrate organisations.

Organisations around the world need to factor the geopolitical risk to cyber security – and the cyber-driven elements of geopolitical risk – into their strategic decision making.