Cybersecurity is transitioning toward a systemic resilience model based on identity and trust. Risks associated with OAuth integrations, low-noise attacks, and AI are the current priorities, pointing to governance to ensure business continuity.
In 2026, cybersecurity is becoming a structural issue linked to global geopolitics and the digital economy, says NTT DATA. In this context, digital identity acts as the new perimeter against adversaries with advanced operational maturity.
“The CISO must evolve into a systemic risk strategist with direct responsibility for business resilience,” says Maria Torres, Head of Cybersecurity, NTT DATA. This evolution is necessary because attackers no longer prioritize immediate visibility; instead, they seek stealth, permanence, and long-term control over corporate environments.
NTT Data Cybersecurity Trends report indicates that cybersecurity is deeply intertwined with corporate governance, legal frameworks, and executive leadership. Organizations are moving away from purely technical defensive architectures toward a model that prioritizes the resilience of the entire business ecosystem. This change, says Torres, is driven by a shift in the threat landscape where adversaries demonstrate high operational maturity.
“Threats are no longer isolated technical disruptions but systemic phenomena that impact the digital economy and institutional trust,” says Torres.
In previous years, security was often relegated to a siloed technical department. However, the modern environment demands that security decisions be integrated into the core business logic. For the modern CISO, the primary objective is to interpret technical risks as executive decisions that protect the competitive advantage of the corporation.
Identity and OAuth as the New Perimeter
NTT Data’s report argues that identity has become the primary perimeter for modern enterprises. Attackers increasingly prioritize the use of compromised credentials, token abuse, and poorly governed Open Authorization (OAuth) integrations.
OAuth was originally designed to facilitate interoperability and improve the digital experience, but it has become a critical risk vector. This risk is especially prevalent when corporations lack a clear governance structure for permissions, life cycles, and privileges.
Torres says that managing both human and non-human identities is now a strategic decision. Organizations must understand who is accessing specific data, the duration of that access, and how these permissions impact the overall risk exposure.
The shift toward cloud services and SaaS platforms has moved the focus of security from the technical perimeter to the context and behavior of users. Consequently, identity, OAuth, and digital trust must be managed as critical corporate assets.
The Rise of Low-Noise Attacks
A significant trend identified in the NTT Data report is the consolidation of low-noise attacks. These operations do not utilize traditional malware; instead, they rely on legitimate system tools and valid credentials to remain undetected. This methodology allows attackers to bypass standard defensive architectures that look for known malicious signatures.
To counter these threats, Torres suggests that detection must become contextual. Security teams must ask which behaviors or access requests do not align with the normal logic of the business. Effective detection requires breaking down the silos between the security, identity, operations, and business departments.
By focusing on behavioral context rather than just technical indicators, corporations can build a more robust defensive posture against sophisticated adversaries.
The Evolution of Ransomware and AI Threats
Ransomware has transitioned from a technical challenge to a highly optimized economic model. Modern attackers often forgo data encryption in favor of data-based extortion, selective leaks, and reputational pressure. This evolution reduces the reliance of the attacker on the technical success of a lockout and focuses on the financial and social impact on the target.
Because of this change, resilience is now measured by the ability of the organization to respond in a coordinated manner. This response includes managing internal and external communications, complying with regulators, and protecting the trust of clients and partners. Cybersecurity is now a matter of corporate survival that requires the active participation of legal and executive leadership.
AI is a significant operational multiplier for cyberthreats. It automates target recognition, improves social engineering tactics, and lowers the barrier of entry for less sophisticated actors. However, the report also highlights that organizations that integrate defensive AI and automation significantly reduce the economic impact of security incidents.
A new responsibility for the CISO is the governance of AI usage within the corporation. The phenomenon known as shadow AI increases the attack surface and can erode digital resilience. AI must be consciously integrated into the risk model of the organization to ensure it serves as a defensive advantage rather than an unmanaged liability.
“The most exposed organizations are those that fail to connect their security strategy with their business context,” says Torres. “Resilience is not a reactive measure; it must be designed, governed, and exercised continuously to protect the future of the company. “
