Data Security Decoded

Episode: Top CISO Priorities and Global Digital Trust with Morgan Adamski

Date: December 2, 2025
Host: Caleb Tolan (B)
Guest: Morgan Adamski (A), Senior Cybersecurity Leader, PwC

Episode Overview

This episode delves into the top data security priorities for CISOs, the evolving threat landscape, and the findings from PwC’s 2026 Global Digital Trust and Insights Report. With her extensive background at the NSA and US Cyber Command, Morgan Adamski shares practical strategies for mitigating risk, the importance of collective defense, the intersection of geopolitics and cyber investment, and how organizations are deploying AI to defend against increasingly sophisticated attacks.

Key Discussion Points & Insights

1. Shifting from Reaction to Proactive Defense

[00:02, 10:12]

Only 24% of organizations are significantly investing in proactive security measures; most spending still gears toward recovery and liability.
Proactive measures include monitoring, consistent validation, protections to prevent initial breaches.
Quote: “If you're constantly preparing for a bad day and not trying to stop it from ever happening, you're just kind of assuming that you're going to be a victim.” —Morgan Adamski [10:12]

Strategies for Improvement:

Build foundational proactive measures (Zero Trust, exposure management, patching, segmentation, third-party controls).
Use threat intelligence to prioritize patching.
Prepare playbooks and define clear roles and responsibilities for incident response.
Balance investments between prevention and response.

2. Geopolitics Driving Cyber Investment & Risk Awareness

[09:29, 10:12]

60% of business and tech leaders now include cyber risk investment as a top three strategic priority, motivated by rising geopolitical tensions and threat actor sophistication.
China's prepositioning in US critical infrastructure has forced national conversations spanning multiple sectors and raised awareness of societal risks tied to cyber.
Recent public sector-private sector collaboration has led to disrupting adversary infrastructure and improved threat intelligence sharing.
Quote: “It wasn't just about cyber. Right. It was about geopolitical risk... These actors wanted to be in these systems and these networks to cause societal panic at a time of their choosing.” —Morgan Adamski [05:11]

Progress & Ongoing Challenges:

Enhanced collective defense and information sharing across sectors.
Nation-state tactics increasingly mirrored in criminal attacks (e.g., Scattered Spider).
Need to keep the conversation alive—these threats are ongoing, not historical.

3. The Role of Cyber Insurance

[13:20]

39% of organizations are reconsidering their cyber insurance policies—often as an exercise in assessing and improving security hygiene, not just as a financial backstop.
Quote: “They’re not necessarily looking at it as a financial product. They're looking at it more as a way to assess their overall hygiene.” —Morgan Adamski [13:45]

4. CISO Priorities: AI, Threat Hunting, and Behavioral Analytics

[14:43, 15:30]

Top focus areas: Threat hunting, agentic AI, event detection, behavioral analytics.
Leading organizations use AI agents to augment, not replace, SOC analysts—optimizing effectiveness and efficiency.
Emphasis on governance, guardrails, and “human-in-the-loop” approaches.
Quote: “Right now we're trying to create capability to allow cyber defenders to deal with their daily workload, which is always significant... But we always... need to validate some of the findings... You've got to pair a lot of different data sets, and cyber defenders are just really well positioned at times to say, that doesn't look right.” —Morgan Adamski [15:30]

5. Lack of Confidence in Withstanding Advanced Attacks

[18:14]

Many respondents lack confidence in defending against attacks on specific vulnerabilities.
Challenges stem from interconnected legacy systems, supply chain dependencies, and constantly evolving authentication requirements.
Real-world crises and geopolitical shocks have highlighted interdependencies and the difficulty of mapping all risks.
AI agents introduce new authentication challenges as their capabilities expand.
Quote: “Very few people are going to come out and say, I know all the things I can protect against everything... So... I have to prepare for the worst.” —Morgan Adamski [18:14]

Notable Quotes & Memorable Moments

“If you're constantly preparing for a bad day and not trying to stop it from ever happening, you're just kind of assuming that you're going to be a victim.” [10:12]
“This isn't just a CISO cyber problem. Everyone needs to fundamentally understand at the C-suite, board level... that investing in cybersecurity protects their overall business.” [12:47]
“Clients leading in this space are using AI agents to augment their SOC analysts... there’s a lot of discussion around will an AI agent replace me? And that’s not where we’re at.” [15:30]
On attackers: “Living off the land is not a new technique... They’re getting creative and adapting to how cyber defenders are being able to find them.” [07:39]
“Authentication of AI agents is going to be a fascinating thing as we move forward.” [20:38]

Timestamps for Key Segments

National Security Career Reflections & Pop Culture Banter: 02:04–04:12
China’s Prepositioning & Progress Since 2023: 04:12–08:35
Mainstream Conversation on Infrastructure Threats: 08:35–09:29
PwC Global Digital Trust Insights Report Findings: 09:29–13:45
Cyber Insurance as a Security Hygiene Tool: 13:20–14:43
Top CISO Priorities & AI in the SOC: 14:43–17:22
Challenges with Interconnected Systems, Supply Chain, and Authentication: 18:14–21:19
Resources & Further Reading: 21:30–22:04

Where to Find More

Morgan Adamski: LinkedIn
PwC’s thought leadership: pwc.com
- Topics: Agentic AI, 2026 forecasts, quantum, 6G, etc.

Episode Tone

Conversational and candid, yet pragmatic and grounded in real-world experience. Both host and guest use relatable analogies and foster an open acknowledgment of the persistent challenges in cybersecurity—never shying away from the complexity, but always focusing on teamwork, continuous improvement, and tangible advice.

This episode is richly packed with practical takeaways for security leaders, policy makers, and practitioners seeking to fortify both their posture and their organization's digital trust in a volatile geopolitical age.

Data Security Decoded

Episode: Top CISO Priorities and Global Digital Trust with Morgan Adamski

Date: December 2, 2025
Host: Caleb Tolan (B)
Guest: Morgan Adamski (A), Senior Cybersecurity Leader, PwC

Episode Overview

Key Discussion Points & Insights

1. Shifting from Reaction to Proactive Defense

[00:02, 10:12]

Only 24% of organizations are significantly investing in proactive security measures; most spending still gears toward recovery and liability.
Proactive measures include monitoring, consistent validation, protections to prevent initial breaches.
Quote: “If you're constantly preparing for a bad day and not trying to stop it from ever happening, you're just kind of assuming that you're going to be a victim.” —Morgan Adamski [10:12]

Strategies for Improvement:

Build foundational proactive measures (Zero Trust, exposure management, patching, segmentation, third-party controls).
Use threat intelligence to prioritize patching.
Prepare playbooks and define clear roles and responsibilities for incident response.
Balance investments between prevention and response.

2. Geopolitics Driving Cyber Investment & Risk Awareness

[09:29, 10:12]

60% of business and tech leaders now include cyber risk investment as a top three strategic priority, motivated by rising geopolitical tensions and threat actor sophistication.
China's prepositioning in US critical infrastructure has forced national conversations spanning multiple sectors and raised awareness of societal risks tied to cyber.
Recent public sector-private sector collaboration has led to disrupting adversary infrastructure and improved threat intelligence sharing.
Quote: “It wasn't just about cyber. Right. It was about geopolitical risk... These actors wanted to be in these systems and these networks to cause societal panic at a time of their choosing.” —Morgan Adamski [05:11]

Progress & Ongoing Challenges:

Enhanced collective defense and information sharing across sectors.
Nation-state tactics increasingly mirrored in criminal attacks (e.g., Scattered Spider).
Need to keep the conversation alive—these threats are ongoing, not historical.

3. The Role of Cyber Insurance

[13:20]

39% of organizations are reconsidering their cyber insurance policies—often as an exercise in assessing and improving security hygiene, not just as a financial backstop.
Quote: “They’re not necessarily looking at it as a financial product. They're looking at it more as a way to assess their overall hygiene.” —Morgan Adamski [13:45]

4. CISO Priorities: AI, Threat Hunting, and Behavioral Analytics

[14:43, 15:30]

Top focus areas: Threat hunting, agentic AI, event detection, behavioral analytics.
Leading organizations use AI agents to augment, not replace, SOC analysts—optimizing effectiveness and efficiency.
Emphasis on governance, guardrails, and “human-in-the-loop” approaches.
Quote: “Right now we're trying to create capability to allow cyber defenders to deal with their daily workload, which is always significant... But we always... need to validate some of the findings... You've got to pair a lot of different data sets, and cyber defenders are just really well positioned at times to say, that doesn't look right.” —Morgan Adamski [15:30]

5. Lack of Confidence in Withstanding Advanced Attacks

[18:14]

Many respondents lack confidence in defending against attacks on specific vulnerabilities.
Challenges stem from interconnected legacy systems, supply chain dependencies, and constantly evolving authentication requirements.
Real-world crises and geopolitical shocks have highlighted interdependencies and the difficulty of mapping all risks.
AI agents introduce new authentication challenges as their capabilities expand.
Quote: “Very few people are going to come out and say, I know all the things I can protect against everything... So... I have to prepare for the worst.” —Morgan Adamski [18:14]

Notable Quotes & Memorable Moments

“If you're constantly preparing for a bad day and not trying to stop it from ever happening, you're just kind of assuming that you're going to be a victim.” [10:12]
“This isn't just a CISO cyber problem. Everyone needs to fundamentally understand at the C-suite, board level... that investing in cybersecurity protects their overall business.” [12:47]
“Clients leading in this space are using AI agents to augment their SOC analysts... there’s a lot of discussion around will an AI agent replace me? And that’s not where we’re at.” [15:30]
On attackers: “Living off the land is not a new technique... They’re getting creative and adapting to how cyber defenders are being able to find them.” [07:39]
“Authentication of AI agents is going to be a fascinating thing as we move forward.” [20:38]

Timestamps for Key Segments

National Security Career Reflections & Pop Culture Banter: 02:04–04:12
China’s Prepositioning & Progress Since 2023: 04:12–08:35
Mainstream Conversation on Infrastructure Threats: 08:35–09:29
PwC Global Digital Trust Insights Report Findings: 09:29–13:45
Cyber Insurance as a Security Hygiene Tool: 13:20–14:43
Top CISO Priorities & AI in the SOC: 14:43–17:22
Challenges with Interconnected Systems, Supply Chain, and Authentication: 18:14–21:19
Resources & Further Reading: 21:30–22:04

Where to Find More

Morgan Adamski: LinkedIn
PwC’s thought leadership: pwc.com
- Topics: Agentic AI, 2026 forecasts, quantum, 6G, etc.

wavePod

Top CISO Priorities and Global Digital Trust with Morgan Adamski

Powered by Wave AI

Summary

Data Security Decoded

Episode: Top CISO Priorities and Global Digital Trust with Morgan Adamski

Episode Overview

Key Discussion Points & Insights

1. Shifting from Reaction to Proactive Defense

2. Geopolitics Driving Cyber Investment & Risk Awareness

3. The Role of Cyber Insurance

4. CISO Priorities: AI, Threat Hunting, and Behavioral Analytics

5. Lack of Confidence in Withstanding Advanced Attacks

Notable Quotes & Memorable Moments

Timestamps for Key Segments

Where to Find More

Episode Tone

Summary

Data Security Decoded

Episode: Top CISO Priorities and Global Digital Trust with Morgan Adamski

Episode Overview

Key Discussion Points & Insights

1. Shifting from Reaction to Proactive Defense

2. Geopolitics Driving Cyber Investment & Risk Awareness

3. The Role of Cyber Insurance

4. CISO Priorities: AI, Threat Hunting, and Behavioral Analytics

5. Lack of Confidence in Withstanding Advanced Attacks

Notable Quotes & Memorable Moments

Timestamps for Key Segments

Where to Find More

Episode Tone