Cybersecurity is no longer a matter of isolated breaches or rogue malware. It has become a defining issue of the digital age, with implications that stretch far beyond IT departments. As the global cost of cybercrime climbs into the trillions, the threats facing organizations are evolving into complex, systemic risks that touch every facet of business and society.

Kris Lovejoy, Global Security and Resiliency Practice Leader at Kyndryl, said the world is entering a new era — one shaped by five interconnected transformations. From the rise of autonomous AI to the fracturing of the global internet, these shifts are not just technological but geopolitical and economic. They demand a fundamental rethinking of how organizations approach risk, resilience and leadership.

Here, Lovejoy discusses this new threat landscape and explains why the old security playbook is insufficient. What emerges is a call to action for business and technology leaders to embrace foresight, agility and integrated strategy in the face of accelerating digital turbulence.

 

 

What makes today’s cybersecurity landscape unlike anything we’ve seen before?

The nature of cyber risk has changed. It’s no longer about isolated incidents like stolen credentials or malware infections. We’re seeing a convergence — multiple threat vectors interacting in ways that create systemic, cascading risks. These risks are not just technical but financial, societal and geopolitical. The projected global cost of cybercrime reaching trillions by 2030 reflects that shift.

 

 

How is AI reshaping both offensive and defensive strategies in cybersecurity?

AI is the most transformative force in cybersecurity today. It’s dual-use, meaning both attackers and defenders are using it. On the offensive side, adversaries are using generative AI to craft highly convincing phishing campaigns and deepfakes. There was a case in Hong Kong where attackers used deepfake video to impersonate a CFO and steal $25 million. On the defensive side, AI is helping us move from reactive to proactive security. Algorithms now analyze trillions of data points to detect anomalies, and security orchestration, automation and response (SOAR) platforms are automating threat response. But this is just the beginning.

 

 

In what ways is the human workforce being disrupted by AI, and how does that affect cybersecurity?

AI is displacing some jobs, and that economic disruption is creating new motivations for cybercrime. People who feel economically marginalized are more vulnerable to radicalization or may turn to cybercrime out of necessity. This adds a social dimension to cybersecurity. It’s not just about protecting systems — it’s about understanding the broader human context in which these threats emerge.

 

Blue sky and clouds reflecting in windows of modern office building

Strengthening cyber resilience in the age of AI

Fight AI with AI by investing in next-gen platforms for threat detection and automated response. Help secure digital trust with deepfake-resistant authentication and establish governance to protect your internal AI systems from the inside out.

 

How are geopolitical tensions influencing the cybersecurity landscape?

The internet is fracturing. We’re seeing the rise of the “splinternet,” where regional blocs enforce different rules on data privacy, localization and access. Over 100 restrictive data localization laws are already in place across 40 countries. This fragmentation turns the digital supply chain into a geopolitical battleground. State actors are also weaponizing AI-driven disinformation to destabilize societies and institutions. It’s a new kind of conflict, fought in the digital realm.

 

The splinternet refers to the fragmentation of the internet into separate, disconnected networks. This split can arise from religion, politics, policy or commerce.

 

 

Speaking of geopolitical risks, what does the future of AI-driven conflict look like?

We’re heading toward autonomous cyber warfare. Today’s AI-assisted attacks could evolve into swarms of AI agents capable of independently identifying vulnerabilities and executing coordinated campaigns. At the same time, adversaries are developing adversarial AI — these are tools designed to deceive and corrupt our own defensive models. By next year, real-time deepfake technology will be fully commoditized, and the very concept of digital trust will be under siege.

 

 

What role does the third-party ecosystem play in this evolving threat environment?

Third-party risk is now one of the most critical vulnerabilities. An organization’s risk surface extends far beyond its own infrastructure to include every vendor and partner in its digital supply chain. According to the latest data, 30% of breaches involve third-party vendors, and supply chain attacks have surged by over 400% since 2021. This includes risks from dominant cloud providers, opaque AI models in vendor software and geopolitical exposure.

 

Happy businesspeople working in a modern co-working space. Three business colleagues smiling while having a discussion. Team of diverse entrepreneurs collaborating on a new project.

Boosting digital defenses

Navigate the “splinternet” by investing in geopolitical intelligence to guide IT and vendor decisions, and evolve third-party risk management with tools that continuously monitor vendor security. Additionally, mandate radical transparency by requiring a Software Bill of Materials (SBOM) and preparing for AI oversight with an AI Bill of Materials (ABOM).

 

Why is quantum computing considered a cybersecurity concern today?

Quantum computing poses a direct threat to current cryptographic systems. Once quantum machines reach a certain threshold, they’ll be able to break widely used encryption methods. That’s why we need cryptographic agility — the ability to switch to quantum-resistant algorithms quickly. The time to prepare is now, not after the threat materializes.

 

 

What is meant by the fragility of foundational digital infrastructure?

It means the systems we rely on — cloud platforms, power grids, communication networks — are increasingly vulnerable to disruption. A cyberattack on any of these can have cascading effects across industries and geographies. Cybersecurity must now integrate physical and digital risk management. A secure network is meaningless if the power grid goes down.

 

 

What strategic shifts are required from leadership in this new era?

Leaders must move from a mindset of prevention to one of continuous assurance. That means investing in AI-driven defenses, demanding transparency from vendors, achieving cryptographic agility and integrating cyber risk into every strategic decision. The old playbook — focused on perimeter defense and compliance checklists — is obsolete. What’s needed now is radical resilience: the ability to adapt, recover and thrive in a world of constant disruption.

 

Read our report to learn more about converging cyber threats and how to stay ahead.

Business people, computer and men with programming, night and internet with software update. AI expert, coworking and employees with pc, evening and coding with specialist and research for database.
Kris Lovejoy

Global Security and Resiliency Practice Leader