Research firm Gartner lists resiliency as one of three key themes for CISOs in 2026, noting that “cyber resilience goes well beyond IT recovery plans — it includes legal, public relations, market disclosures, and supplier readiness. It’s about full, end-to-end coordination and readiness across departments.”
Aaron McCray, field CISO for technology solutions and services company CDW, says more CISOs are focused on resiliency as security leaders work to align with business strategy and see security as a business enabler.
“CISOs are looking at how they can recover from operational events, not just cyber events, they’re looking at how to retain functions during crises and how to restore functions in real-time,” McCray adds.
Grappling with geopolitical risk
CISOs in 2026 are paying more attention to geopolitical risks, says Betsy Soehren Jones, a partner at technology consulting firm West Monroe.
There is good reason for the heightened interest in international affairs, as global events can spur those nation-states already engaged in cyberattacks to ramp up their activities, Soehren Jones explains. Global events can also disrupt supply chains and resources, including offshore workers and software services, she adds, which can have implications for CISOs and their teams.
Soehren Jones, who formerly worked as director of security strategy at an energy company, advises CISOs to join intelligence communities, such as industry ISACs, as well as to review White House executive orders, federal directives, and similar material to glean information on emerging geopolitical risks and threats.
She also advises CISOs to work with their company’s federal affairs office, if their company has one, to better understand and prepare for the global issues that concern the company. CISOs should also work with trade associations and follow the US Chamber of Commerce to stay abreast of geopolitical risks, she adds.
PwC’s 2026 Global Digital Trust Insights found that 60% of the 3,887 business and tech executives across 72 countries surveyed for the study ranked cyber risk investment in their top three strategic priorities in response to ongoing geopolitical uncertainty.
