Skip to main content

      April 2026, Kuwait: The cyber-attack surface continues to expand, fueled by rapid technological change, the rise of non‑human threat actors, geopolitical shifts, and an increasingly complex compliance landscape. As organizations accelerate digital transformation and adopt artificial intelligence on a scale, cybersecurity has emerged as a defining factor of trust, resilience, and innovation.

      According to KPMG’s latest global report, Cybersecurity Considerations 2026, cyber risk is no longer a technical issue confined to IT teams. Instead, it has become a core business imperative shaping investment decisions, regulatory compliance, and long‑term competitiveness.

      The report presents insights from more than 20 leading KPMG cyber experts around the world, alongside senior leaders from KPMG’s cybersecurity alliance ecosystem, including Google, Microsoft, Palo Alto Networks, and ServiceNow.

      Spanning multiple sectors, the paper explores eight key considerations on the agenda of Chief Information Security Officers (CISOs) and other senior leaders across the enterprise. At a time of heightened cyber threats and disruption, the report aims to inform the future direction of cybersecurity, highlighting opportunities to strengthen resilience, improve organizational performance, and embed AI securely and responsibly.

      Speaking about the report, Majid Makki, Partner and Head of Management Consulting and Technology Advisory at KPMG in Kuwait, said:

      The cyber threat landscape has evolved significantly in recent times, driven by agentic AI in security operations, the rise of non‑human identities (NHIs), geopolitical shifts, and growing local compliance requirements. With so many forces at play, we believe the role of the CISO is expanding — evolving into a forward‑thinking leader who aligns cybersecurity with business strategy and embeds security across the broader enterprise.
      Majid Makki

      Partner and Head of Management Consulting and Technology Advisory

      KPMG Kuwait

      The report highlights eight key cybersecurity priorities, with supply chain risk, geopolitics, and non‑human identity management rising to the top. These considerations include:

      • Preparing the cyber workforce for autonomous security

        As AI‑powered agents take on increasingly complex security tasks, organizations must rethink skills, roles, and governance models to maintain effective human oversight.

      • Navigating geopolitics, building resilience and compliance

        Rising geopolitical tensions, fragmented regulations, and data sovereignty requirements are forcing organizations to redesign technology architectures and compliance approaches.

      • Safeguarding AI systems

        With AI deeply embedded across critical operations, securing AI models, data, and agent behavior has become a strategic priority directly linked to trust and regulatory expectations.

      • Managing non-human identities

        Machine identities, service accounts, and AI agents now outnumber human users, expanding the attack surface and fundamentally reshaping identity governance.

      • Enabling trusted IT/OT hyperconnectivity

        The convergence of IT, operational technology, and AI is increasing cyber risk across critical infrastructure sectors, driving the need for dynamic, zero‑trust security architectures.

      • Transitioning to post-quantum cryptography

        Quantum computing presents a real medium‑term threat to current encryption standards, requiring urgent action to protect sensitive data and future‑proof digital systems.

      • Protecting the supply chain through detection and response

        Complex, multi‑tier supply chains have become prime attack vectors, demanding continuous monitoring and proactive threat detection beyond traditional vendor assessments.

      • Broadening the role and influence of the CISO

        CISOs are increasingly evolving into strategic business leaders, translating cyber risk into financial, operational, and reputational impacts at board level.

      The report calls on organizations to build a holistic risk culture by aligning people, processes, technology, and regulation around resilience and trust. Key priorities include embedding security by design across AI, cloud, data, and identity; adopting zero‑trust architectures supported by continuous monitoring; preparing early for post‑quantum cryptography; and extending cyber resilience across increasingly complex supply chains.

      Leaders are also urged to integrate geopolitical and regulatory risk into cyber programs, keep humans firmly in the loop as AI adoption accelerates, and strengthen collaboration across security, risk, legal, and business teams. 

      “Organizations that embed cybersecurity into strategy, operations, and culture are better positioned to reduce the cost of capital, maintain regulatory confidence, and enable the secure adoption of emerging technologies such as AI. Cybersecurity is no longer about building higher walls — it is about enabling safer, more resilient operations that allow organizations to move faster with confidence,” Majid concluded.

      As organizations across Kuwait and the wider region accelerate digital and AI‑driven transformation, the report underscores the importance of treating cybersecurity as a strategic capability rather than a technical function. The findings call on leaders to act now — strengthening resilience, safeguarding innovation, and building trust in an increasingly volatile digital landscape.

      Download the report below:

      Cybersecurity considerations 2026

      Building trust and enabling innovation in a dynamic world

      Learn more
      A professional woman in the foreground looks confidently at the camera while blurred figures move behind her against a blue and purple background.

      Have a media inquiry?

      If you're a member of the press and have a query, connect with us to learn how KPMG is making the difference.

      Contact us
      arab man walking in sand, desert