A new PwC report frames a threat landscape increasingly defined by identity-centric attacks, where adversaries exploit legitimate access rather than breach perimeters, reflecting a broader shift toward stealthier, persistent operations tied to geopolitical and ideological conflict. In its report, ‘PwC Annual Threat Dynamics 2026,’ AI is amplifying this dynamic, lowering barriers for attackers while simultaneously accelerating defensive capabilities, forcing organizations to rethink resilience beyond traditional controls.
The report underscores that cyber risk is no longer a standalone technical issue but a strategic business concern shaped by global instability, talent shortages, and evolving technologies. Organizations are being pushed to embed cybersecurity into enterprise decision-making, invest in AI-driven capabilities, and address gaps in workforce skills and governance as the threat landscape grows more complex and interconnected.
The PwC Annual Threat Dynamics 2026 examines the threat actors, trends, and motivations defining the cyber threat landscape. It includes an overview of the factors influencing an overall increase in threat activity, as well as emerging trends, the evolving TTPs (tools, techniques, and procedures) of notable threat actors across various motivations, and the impact of wider geopolitics and technological innovation.
Cyber threat landscape is evolving at an unprecedented pace, with traditional boundaries breaking down and long-standing assumptions about defense no longer holding.
Identity has emerged as the central battleground, as adversaries increasingly log in rather than break in, exploiting credentials, session tokens, and federated access to bypass perimeter defenses. Social engineering is growing more sophisticated, driven by AI-enabled deepfakes, IT helpdesk impersonation, stolen identities used for fraudulent remote work, and multi-stage phishing campaigns that target both human and machine identities. At the same time, expanding SaaS ecosystems and cloud dependencies are widening the attack surface, where a single compromised identity can trigger cascading access across entire environments.
Looking ahead, identity will remain the primary attack vector even as organizations adopt zero-trust architectures. Threat actors are expected to evolve further by spoofing device posture, abusing non-human identities, and targeting AI-driven automated workflows, making identity governance a strategic, board-level priority rather than a technical afterthought.
The PwC Annual Threat Dynamics 2026 noted that AI is accelerating both sides of the cyber race, with threat actors treating it not as an enhancement but as a core part of their tradecraft. They are using AI to automate reconnaissance, craft highly convincing phishing campaigns, accelerate malware development, and scale social engineering across languages and platforms. The window between public release of AI capabilities and their weaponization is shrinking rapidly, raising concerns about autonomous agents capable of executing full attack sequences without human input. At the same time, AI offers defenders a critical advantage, enabling faster detection, automated containment, and intelligence-driven decision-making at scale.
Looking ahead, AI-driven threats are likely to outpace traditional detection and response models, while advances such as quantum computing could further disrupt the landscape. Organizations should expect malware designed to natively leverage AI for evasion and precision targeting of high-value data, alongside a growing pool of less skilled attackers empowered by AI tools. Keeping pace will require sustained investment in AI-enabled defenses, integration of AI into threat modeling, and preparation for a post-quantum future.
Cyber risk is now inseparable from business and geopolitical strategy, as global instability increasingly shapes the threat landscape. Threat actors are blending espionage, influence operations, and disruption, while financial crime, insider threats, supply chain compromise, and digital-to-physical risks are converging into a single, complex attack surface. At the same time, motivations are blurring, with ransomware groups trading in sensitive data, state-aligned actors leveraging criminal tools, and North Korea-linked operations industrializing fraudulent employment schemes and cryptocurrency theft at scale.
Looking ahead, cyber incidents will continue to reflect broader geopolitical dynamics, including trade tensions, elections, and conflict. Organizations that integrate geopolitical awareness and supply chain risk into strategic decision-making, while aligning cyber, legal, HR, finance, and communications functions, will be better positioned to navigate an increasingly volatile and interconnected risk environment.
Last October, a PwC report identified that OT (operational technology) and IIoT (Industrial Internet of Things) have become pressure points in the current security landscape. Nearly half (47%) of leaders cite a lack of qualified personnel as their top challenge, while 39% point to unclear governance and ownership. Together, the PwC’s 2026 Global Digital Trust Insights reported that these discrepancies expose a deeper issue, that many organisations still lack the structure and expertise to manage increasingly connected operational systems with confidence.
