Ranking of cyber risk concerns, by organizational resilience level TABLE 5 Rank Insufficient resilience Medium resilience High resilience 1 Ransomware attack Ransomware attack Supply chain disruption 2 Cyber-enabled fraud and phishing Cyber-enabled fraud and phishing Exploitation of software vulnerabilities 3 Exploitation of software vulnerabilities Exploitation of software vulnerabilities Cyber-enabled fraud and phishing 4 AI vulnerabilities AI vulnerabilities Ransomware attack 5 Supply chain disruption Supply chain disruption AI vulnerabilities With AI doubling in compute every three months or so, the risks of technology- enabled sophisticated cybercrimes have never been greater in human history. No matter how high your walls, every business faces an elevated risk of being breached. As perpetually adaptive enterprises, our focus has to be on building strong resilience and recovery frameworks, so that we can get our businesses, societies and economies up and running rapidly after an incident has taken place. The businesses that thrive in the future will not be those that have never been hit by cyber hacks or crimes, but those which have built the strongest capability to recover from them. K. Krithivasan, Chief Executive Officer and Managing Director, Tata Consultancy Services40% 20% 80% 60%Third-party and supply chain vulnerabilities Rapidly evolving threat landscape and emerging technologies Insufﬁcient incident response and recovery planning Lack of fundsCybersecurity skills and expertise shortage Regulatory compliance and governance complexities Legacy systems Lack of visibility across IT, OT and IoT environments High resilience (%) Insufﬁcient resilience (%) 0%What is your organization’s greatest challenge to becoming cyber resilient? (select up to three) 14%15%17%22%31%35%67%71% 23% 41% 53% 15% 35% 28% 37% 52%Organizational resilience barriers, by resilience level FIGURE 36 Global Cybersecurity Outlook 2026 43