Cybersecurity has moved from the IT function to the boardroom. PwC's Global Digital Trust Insights Survey 2026, the industry's largest annual cybersecurity study, drawing on 3,887 executives across 72 countries including 37 in Ireland, finds 57% of Irish organisations are increasing cyber risk investment, 38% are re-evaluating critical infrastructure, and 32% are adapting operating policies to manage exposure. For digital transformation leaders, cyber resilience is now the enabling condition for AI adoption at scale.

The direction of travel is right, but the posture remains predominantly reactive. PwC finds that globally only 24% of organisations significantly favour proactive cyber investment over incident response, remediation, and litigation. Enterprises investing in cyber to satisfy NIS2 and DORA compliance obligations capture only a fraction of the return. The best positioned treat cyber as the governance architecture that makes AI deployment trustworthy, auditable, and commercially viable.

The financial case for proactive investment is strong. PwC's Irish findings show 38% of Irish organisations experienced a breach costing over €500,000 in the past three years, with some exceeding €18 million. Third-party and supply chain breaches are the primary threat, cited by 48% of Irish respondents. As enterprises deepen reliance on cloud, SaaS, and AI vendors, the attack surface expands in proportion to transformation investment, making third-party risk governance a prerequisite for scaling.

AI and cybersecurity are converging on the C-suite agenda. AI is the top cybersecurity investment priority for 36% of organisations globally, yet 42% of Irish firms cite lack of knowledge as their barrier to using AI for cyber defence. The EY CEO Outlook Ireland 2026 finds 30% of Irish CEOs rank cybersecurity as their top concern when prioritising AI investment, confirming digital trust and AI strategy are inseparable.

Quantum readiness is an emerging dimension of urgency. PwC finds just 8% of Irish organisations are implementing quantum-resistant technologies, compared with 22% globally, despite consensus that quantum computing could compromise current encryption by 2030. The national Cyber Security Strategy committed under Digital Ireland 2030 provides a policy anchor for this transition. Encouragingly, 43% of Irish firms say ongoing security training will shape their cyber spend, well ahead of the 28% global average, a strong training culture on which to build.

Three priorities should define enterprise cyber strategy. First, commission a third-party risk audit aligned with DORA and NIS2, mapping vendor dependencies before the next AI integration cycle. Second, build an AI-for-cyber roadmap, identify specific defence use cases, and engage managed security providers to fill interim capacity gaps. Third, initiate a post-quantum cryptography assessment, benchmarking encryption against the 2030 risk horizon and prioritising the most exposed data assets for early migration.

PwC's 2026 survey confirms Irish enterprises recognise the strategic weight of cybersecurity investment. The next step is converting that recognition into proactive governance that enables digital transformation. As the National Digital & AI Strategy 2030 enters its delivery phase, organisations that build digital trust as a foundational capability, rather than a compliance response, will scale AI with the confidence and stakeholder trust that durable competitive advantage requires.

(The views expressed by the writer are his/her own and do not necessarily reflect the views or positions of BusinessRiver.)