Cyber Resilience: How Confident Businesses Strengthen Defenses

Globally, organizations appear to be fairly confident in their cyber resilience.

This assessment emerged from the first edition of the Global Security Outlook report, produced by the World Economic Forum in partnership with Accenture. It dates back to 2022. Two-thirds of respondents (67%) believed their organization met the minimum requirements. Nearly one in five (19%) felt they exceeded them. Only 14% reported an insufficient level of cyber resilience.

Since then, across four subsequent editions, the level of confidence has remained high. In 2026, this confidence overall continues to rise.

State Cyber Resilience Viewed Less Positively

For this 2026 edition, 804 responses were considered, drawn from 92 countries. Of these, 544 came from C-levels, including 316 CISOs and 105 CEOs. The remaining sample consisted of civil society and academia, along with public sector “cybersecurity leaders.”

When responses are broken down by sector, the private sector appears more confident about its cyber resilience.

Respondents do not judge the cyber resilience of the country where their organization is based as positively as they do their own organization’s resilience. They are, in any case, 37% to express confidence in the country’s ability to respond to incidents affecting critical infrastructure (versus 42% in 2025). And 31% to state they are not confident (versus 26% in 2025).
If we focus on CEOs in the private sector, the share of confident respondents is slightly higher (43%, with 31% not confident).

Geopolitical Risk Nudges Cyber Budgets… to a Point

When asked how geopolitics is shaping their organization’s cyber resilience strategy, respondents most often selected the option “increased focus on threat intelligence related to state actors” (36%). Following items include:

• Increased interactions with government agencies or information-sharing groups (33%)
• Rising cyber budgets (21%)
• Changes—or intent to change—suppliers (19%)
• Suspension of activities in certain countries (14%)

When we zoom in on the CEOs, by level of resilience estimated:

Challenges Correlated with Estimated Resilience Level

When asked to select up to three elements that pose a challenge to cyber resilience, respondents chose the following:

• 61% identify the rapidly evolving threat landscape and emerging technologies
• 46% point to third-party vulnerabilities and the supply chain
• 45% highlight a lack of skills
• 31% cite legacy systems
• 30% mention insufficient funding
• 24% note a lack of visibility into IT/OT/IoT environments
• 24% reference governance and compliance complexities
• 22% point to inadequate incident-response planning

In the private sector, the top concerns are the threat landscape (59%), third-party vulnerabilities (53%), skills shortages (38%), and funding gaps (26%).
In the public sector and large organizations, the ranking is similar, except that skills shortages are considerably more cited (57%). The NGOs show a comparable pattern, with many respondents also lamenting funding shortfalls (62%).

Across the entire sample, by level of estimated resilience:

For CEOs, still by level of estimated resilience, the argument of funding is invoked more often:

* Notably, on the French side, Christophe Blassiau (CISO, Schneider Electric Group), who engaged in focus groups to complement the qualitative portion of the study.