Over the past few years, cybersecurity has become more important than ever before. Cyberattacks are on the rise, with the NCSC reporting an average of four ‘nationally significant’ cyber attacks every week.
Because of this, both businesses and individuals are looking for new, effective ways to protect their data online.
For businesses, a data leak can be catastrophic, breaking down trust and putting customers at risk. Reputationally, this can be a big step back and according to gov.uk, the average cost of a significant cyber attack for an individual business in the UK is almost £195,000 – making it expensive too.
How Is Cybersecurity Evolving?
The rise of AI and remote work has meant that cybersecurity is evolving, and fast.
Companies are now able to use AI to create better defences from cybercriminals, allowing them to predict threats and improve response times. But it also means that cybercriminals can use AI to find any weaknesses in a company’s systems, making them vulnerable.
Because of this, companies are setting out to make cybersecurity more effective. The rise of Security as a Service means that businesses no longer need to build their own infrastructure from scratch, but can use existing tools to help.
But as cyberattacks become more complex, how is the industry staying ahead of the curve? To find out, we asked the experts…
Our Experts
- Rob O’Connor, EMEA CISO at Insight
- Spencer Starkey, Executive Vice President, SonicWall EMEA
- Rob Juncker, CPO at Mimecast
- Simon Hodgkinson, Strategic Adviser at Semperis and Former BP CISO
- Adam Marrè, CISO at Arctic Wolf
- Alex Laurie, GTM CTO at Ping Identity
- Elyse Gunn, CISO at Nasuni
- Justin Kuruvilla, Chief Cyber Security Strategist at Risk Ledger
- Corey Nachreiner, Chief Security Officer at WatchGuard Technologies
- Chris Harris, EMEA Technical Director at Thales
- Nick Walker, Regional Director EMEA at NetSPI
- Darren Guccione, CEO and Co-Founder at Keeper Security
- Mike Perez, Director at Ekco
- Ravi Soin, Chief Information Security Officer at Smartsheet
- Duncan Curtis, SVP of GenAI & Product at Sama
- Callum Mitchell, SOC Technical Lead at e2e-assure
- Ben Peters, CEO and Co-Founder at Cogna
- Mandy Andress, CISO at Elastic
- Greg Fuller, Vice President of Skillsoft Codecademy
- Sergey Toshin, Founder, Head of Security Research at Oversecured
For any questions, comments or features, please contact us directly.
Rob O’Connor, EMEA CISO at Insight
“Attackers will shift from short, opportunistic deepfake tricks to sustained identity impersonation, using AI to mimic behavioural patterns across communication, authentication and system usage for days at a time. Rather than forging a momentary credential or voice message, adversaries will convincingly inhabit a persona inside a supply-chain relationship. This will push organisations toward continuous verification that measures behavioural drift rather than static identifiers, and will spark disputes between clients and vendors over who is accountable for spotting these long-form identity breaches.”
Spencer Starkey, Executive Vice President, SonicWall EMEA
“Cyber attacks in 2026 will increasingly try to erode public confidence in digital public services by targeting UK government bodies. Local authorities, with outdated systems and where IT teams are already stretched by budget pressures, face sustained attacks designed to disrupt essential citizen services. These attacks will have second-order consequences, slowing service delivery for millions of people and creating long-term administrative backlogs outlasting the breach itself.
“Integrity of data rather than just its availability is under attack. Instead of simply encrypting or stealing information, attackers will alter datasets. Corrupting financial records, manufacturing specifications, or patient medical files- and demanding payment to restore accuracy. This ‘data poisoning’ model creates more uncertainty and chaos, as public sector organisations struggle to determine what information they can trust even after systems are back online.
“Looking ahead to 2026, it’s clear UK sectors once seen as low-risk for cyber attacks are now very much in the spotlight. Groups like Scatter Spider have shown how devastating their attacks can be. Their blend of social engineering using compromised identities make modern attackers just as sophisticated as the Zero-days many fear, they just need access. In highly connected industries this access is easier to obtain than many organisations would like to admit.
“In an economy where every service is digitally linked, a compromise in one node can ripple across the entire system. Without substantial investment in modern defences, particularly those capable of identifying and countering AI-driven threats, 2026 could see significant disruptions affecting millions of consumers and businesses across the UK.”
Rob Juncker, CPO at Mimecast
“In 2026, shadow AI will make shadow IT look like a minor inconvenience. If organisations thought managing SaaS sprawl was challenging, wait until they face the surge in AI agents quietly deployed across departments – often without IT or security knowing. Picture a VP of Sales rolling out dozens of AI-driven assistants to accelerate productivity, none of which have gone through the organisation’s governance process.”
“By the second quarter of 2026, the typical enterprise is likely to have 10x the number of unsanctioned AI agents than unauthorised cloud applications. This shift will fundamentally change how CISOs approach visibility and control. The mantra will evolve from “trust but verify” to “assume it exists and hunt it down”. Managing this new wave of shadow AI will demand a combination of advanced detection tools, tighter governance and a cultural shift in how organisations think about innovation and risk.”
“Until now, cybersecurity teams have focused on protecting people from zero-click attacks – threats that compromise a user without any interaction. But 2026 will mark the moment when these attacks transcend the human layer altogether. We’ll see the rise of AI-to-AI attacks, in which malicious autonomous agents target legitimate corporate AI systems, exploiting APIs, model context protocols and SDK integrations.”
“The result is an attack surface that multiplies exponentially, often without a single alert or human noticing. To stay one step ahead, organisations must begin managing AI agents as first-class digital identities, ensuring every autonomous system is authenticated, monitored and governed. This next era of cyber defence will also demand a new form of AI risk literacy, not just for CISOs, but for every employee who authorises or installs an AI tool.”
For any questions, comments or features, please contact us directly.
Simon Hodgkinson, Strategic Adviser at Semperis and Former Bp at CISO
“Given the impact cyberattacks have on businesses, organisations need proper crisis and risk management. We’re no longer dealing with ‘cyber crises’, we’re dealing with full-blown business crises. Businesses and their entire supply chains coming to a halt due to a cyberattack simply cannot be the norm.
“Security teams have spent years trying to prevent cyber incidents from happening. And it hasn’t worked. The focus needs to be on cyber resilience instead. Organisations must have an assume breach mindset; expect the unexpected. Tried and tested recovery capabilities are needed with well-orchestrated, well-rehearsed incident response across teams and across all levels of the business. The ability to quickly recover the infrastructure needed to keep core, critical business functions running is critical.
“But, there is a huge gap between how prepared companies think they are and reality. Slow response is often due to communication gaps in the incident response. Semperis’ ransomware risk research showed that 96% of companies globally say they have a cyber crisis response plan, yet 71% experienced at least one high-impact cyber event that halted critical business functions last year.”
Adam Marrè, CISO at Arctic Wolf
“Humans have always represented a significant risk in cybersecurity because of the complexity of the modern technology environment, and recent research shows that nearly 80% of breaches involve a human factor. Attackers know it’s easier to trick a person through social engineering than defeat a complex security system and AI is making this process simpler.
“In 2026, organisations will put an end to outdated security practices. Tick-box training is out of step with modern threats; its ineffectiveness highlighted by the fact even security leaders are fooled by certain social engineering tactics. Instead, new engaging training methods will be combined with a fundamental shift in mindset. Building a culture of shared ownership, where all employees feel able to speak out about mistakes, will be essential as the first line of defence in combating social engineering attempts.”
Alex Laurie, GTM CTO at Ping Identity
“The use of digital wallets and digital identification will continue to accelerate globally next year. However, as governments and organisations expand these systems, the risk of social engineering scams will remain a significant concern. With AI enabling hyper-realistic phishing attempts, fake payment portals and government gateways, identity theft fears will only intensify – and with 76% of Brits already concerned, awareness is critical.
“Decentralised identity offers a solution. By using verifiable credentials with selective disclosure, individuals can retain control of their personal data while governments and organisations can securely issue and authenticate digital identities. This cryptographic verification and data minimisation method will become more widely adopted in the year ahead, combating advanced social engineering attempts.”
For any questions, comments or features, please contact us directly.
Elyse Gunn, CISO at Nasuni
“Organisations that truly embrace risk in 2026 as part of their wider operating strategy will strengthen their cybersecurity and boost their competitive advantage. By taking a scientific approach to understanding, measuring and monitoring risk – right across a business, from competitive strategy to security posture – cybersecurity will become an asset, delivering wider benefits and a stronger market position.
“Take the example of the casino industry: casinos are in the business of managing and monitoring risk all day long, in every aspect of operations, from the buffets to the card tables, yet there’s the understood concept that “the house always wins.” The secret lies in the casino industry’s risk thinking, which involves taking a systematic approach to measuring the benefits and costs of risk, so they know exactly when they’re willing to deploy resources across their operations to achieve a high financial reward, and more importantly, exactly where they are not.
“This year, CISOs must apply this rigorous casino thinking to cybersecurity operations to strengthen their organisation’s ability to innovate, when external risks are increasing but funding resources may be limited or declining. For example, while the benefits of dedicated security system access for the company’s C-level team may carry high costs, risk profiling shows that enhanced company-wide security access controls can maximise risk reduction across the business, while also unleashing more individual contributors’ productivity. It’s the CISO’s responsibility to ensure that in these operating areas where there’s a very clear value-add to the wider organisation, these game-changing opportunities don’t go begging.”
Justin Kuruvilla, Chief Cyber Security Strategist at Risk Ledger
“Enterprise supply chains will continue to be highly complex and interconnected. As organisations adapt to increasing data localisation requirements, this complexity will only increase, as they balance regulatory compliance with the need to maintain a unified, global operational view. Supply chain attacks will continue to remain an extremely popular attack vector for both its ability to provide malicious actors with numerous victims by attacking a single supplier or to leverage trusted relationships and network connectivity to reach the ultimate, well-defended target.
“Resilience will increasingly be viewed as a competitive advantage, given the geopolitical risks. However, that advantage is constrained by an organisations’ visibility across the entirety of the supply chain. Seemingly small or low-risk suppliers can have an outsized impact on both individual organisations and entire sectors, as seen with numerous high-profile supply chain attacks from smaller vendors. The inability to identify hidden risks at the third-, fourth-, and nth-party suppliers limits the understanding of scenarios that must be prepared for to ensure critical business functions remain resilient in the face of a cyber incident.”
Corey Nachreiner, Chief Security Officer at WatchGuard Technologies
“The fall of traditional VPN and remote access tools will lead to the rise of Zero Trust Network Architecture (ZTNA)
“Traditional Virtual Private Networks (VPNs) and remote access tools are among the top targets for attackers due to the loss, theft, and reuse of credentials, combined with the common lack of multi-factor authentication (MFA). It doesn’t matter how secure VPNs are from a technical perspective; if an attacker can log in as one of your trusted users, the VPN becomes a backdoor giving them access to all your resources by default.
“At least one-third of 2026 breaches will be due to weaknesses and misconfigurations in legacy remote access and VPN tools. Threat actors have specifically targeted VPN access ports over the past two years, either stealing users’ credentials or exploiting vulnerabilities in specific VPN products.
“As a result, 2026 will also be the year when SMBs begin to operationalise ZTNA tools because it removes the need to expose a potentially vulnerable VPN port to the internet. The ZTNA provider takes ownership of securing the service through their cloud platform, and ZTNA does not give every user access to every internal network. Rather, it allows you to grant individual user groups access to only the internal services they need to perform their jobs, thereby limiting the potential damage.”
For any questions, comments or features, please contact us directly.
Chris Harris, EMEA Technical Director at Thales
“Cyber and compliance fatigue will encourage greater board focus on organisations’ posture management. 2026 will be the year of visibility as management boards seek greater assurance that security teams know how secure their data is, not just where it is. This is key to not only achieving regulatory compliance, but having robust data visibility, monitoring, and threat detection too. As many organisations seek to roll out AI capabilities, rigorous posture management is also important in protecting the infrastructure this AI runs on. Cyberattacks are an inevitability – the most advanced organisations have accepted this and are building their abilities to detect and stop attacks quickly, making breaches harder, slower, and less rewarding for hackers.”
Nick Walker, Regional Director EMEA at NetSPI
“By 2026, the fortress walls will have moved. Endpoints will be hardened, networks segmented, and cloud infrastructure hidden behind SaaS layers. Attackers, however, will not disappear, they will adapt. As traditional entry points close, identity becomes the new frontline. Every employee, contractor, and service account is now a potential doorway to compromise.
“Single Sign-On has become both a gift and a curse. A single stolen session or OAuth token can bypass MFA and open the entire enterprise. Attackers no longer need to break in, they simply sign in. MFA fatigue, privilege sprawl, and poorly correlated identity logs leave organisations blind to subtle breaches that spread laterally, often without triggering reauthentication.
“The illusion of safety from MFA and conditional access policies will shatter as identity is recognised as the new perimeter. In 2026, the most forward looking CISOs will treat identity systems as critical infrastructure, auditing roles, verifying tokens, and correlating logs like financial ledgers. The ones who don’t, will find their next breach starts not with malware, but with a login.”
Darren Guccione, CEO and Co-Founder of Keeper Security
“The quantum era will usher in extraordinary innovation and unprecedented risk. In 2026, business leaders will be faced with the reality that preparing for the post-quantum future can no longer wait.
“Harvest now, decrypt later” attacks are already underway as cybercriminals intercept and archive encrypted traffic for future decryption. Large-scale quantum computers running Shor’s algorithm will shatter existing encryption standards, unlocking a time capsule of sensitive data. From financial transactions and government operations to information stored in cloud platforms and healthcare systems, any data with long-term value is at risk.
“While the timeline for practical use of quantum computers capable of breaking public-key cryptography remains uncertain, business leaders must take action now. Regulators worldwide are urging enterprises and public-sector organisations to inventory cryptographic systems, prepare for migration and adopt crypto-agile, quantum-resistant strategies.
“In 2026, expect the conversation around quantum risk to shift from theoretical to tactical. Organisations will begin treating encryption not as a background control, but as a measurable component of operational resilience. Discussions once limited to cryptographers will move into boardrooms and procurement teams, as leaders demand visibility into how long their data can remain secure under existing models. The focus will broaden from purely technical readiness to governance, understanding where every key, certificate and encryption method is deployed across the enterprise and how quickly each can be replaced.
“Forward-looking organisations will also start piloting hybrid cryptography that blends classical and post-quantum algorithms, testing performance, integration and cost. These early implementations will surface new challenges around key management, compatibility and standardisation, driving broader collaboration between governments, technology providers and enterprises.
“Organisations that act decisively today by inventorying assets, hardening controls and adopting agile, quantum-resistant approaches will shape the foundation of post-quantum security. The choices made now will define tomorrow’s trust and innovation.”
For any questions, comments or features, please contact us directly.
Mike Perez, Director at Ekco
“This year’s major outages, from the global Microsoft 365 disruption to the AWS and Cloudflare incidents that took major services offline, have reminded businesses how fragile modern operations can be, and how quickly they can lose control of critical services when a few shared platforms fail. Firms that concentrated workloads with a single provider, without building in redundancy, discovered they had little room to manoeuvre when issues arose, and the scale of disruption brought operational risk into sharp focus.
“In 2026, the differentiator won’t be who uses which cloud, but who truly understands their technological crown jewels and who can demonstrate resilience. The outages we have seen this year will push organisations to demand clear maps of critical services and their dependencies, and to prove that their recovery and failover plans actually work.”
Ravi Soin, Chief Information Security Officer at Smartsheet
“In 2026, the perimeter will finally give way to the platform. The old “defend and deny” mindset will be replaced by an integrated security model where protection is built into every system and workflow. We’re entering an era where agents talk to agents and systems interconnect across enterprises, so security can no longer live in isolation. The organizations that embed trust and transparency into how people and technologies collaborate will be the ones that stay ahead.”
“Despite the rise of automation, the human element of security will come back stronger. The most resilient enterprises will invest as much in people as in platforms, training teams to think securely, share intelligence, and recover quickly. In a world where AI can scale attacks, the culture of openness and collective defense will be what truly protects organizations.”
Duncan Curtis, SVP of GenAI & Product at Sama
“AI in 2026 will finally start to feel organised. The jumble of vendors, patchy data pipelines, and improvised oversight will give way to something that looks more like a real supply chain. Teams will want cleaner handoffs, faster feedback loops, and clearer visibility into every step from data collection through deployment. Human expertise will move into the centre of that process, shaping how models improve rather than sitting on the sidelines.
“The companies that embrace this shift will pull ahead because they can build, test, and ship with far greater confidence. The ones that stick with fragmented setups will find themselves slowed by gaps they can no longer ignore. As the supply chain tightens, expectations will rise, and a more defined line will appear between organisations that invest in stable foundations and those hoping their early experiments will carry them forward.”
For any questions, comments or features, please contact us directly.
Callum Mitchell, SOC Technical Lead at e2e-assure
“Attackers’ efforts to gain access are now routinely being thwarted due to more stringent controls, forcing them to explore other avenues such as ransomware recruitment. A recent target was Joe Tidy, the BBC’s cyber security correspondent, who was rattled by tactics that ranged from the proverbial carrot (a percentage of the ransomware) to the stick (MFA bombing). He’s not alone with organisations now repeatedly telling us their staff have been openly approached by these gangs. Going forward, certain employees are also likely to be targeted because they’re more susceptible. New starters, for instance, may not be au fait with payment processes and their eagerness to please makes them more likely to act on an email or a deep fake phish. AI is also making it easier than ever to automate these attacks, with phone conversations and the back-and-forth exchanges associated with an attack like Business Email Compromise (BEC) now all conducted via AI before the final handover to the human attacker. It’s for these reasons that organisations need to consider if they have sufficient checks and side channels in place that allow these employees to verify whether the instruction they’ve received is genuine.”
Ben Peters, CEO and Co-Founder at Cogna
“In 2026, the survivors won’t be those who raised the most or built the largest infrastructure. They’ll be the companies that figured out how to package AI into workflows addressing specific, high-value problems that really matter come rain or shine, with the customer retention to prove it. Foundation models will always be needed, but the durable value is in what you build on top. The test is whether you’ve built something defensible solving problems that matter and persist through economic cycles.
“That’s especially true in regulated industries where AI has to work within compliance frameworks, not around them. Durability in these sectors comes down to solving the last 10%: the edge cases, integrations, and domain-specific requirements that only deep expertise can handle. This is where defensibility lives. The companies that spent 2024-25 optimising pilots and proving unit economics are positioned to weather any downturn next year.”
Mandy Andress, CISO, Elastic
“The cybersecurity landscape is going to get tougher before it gets better, but we are reaching a turning point. As defenders start to leverage the same advanced technologies as attackers, and as these tools are deployed more widely, we’ll start to see real progress. AI-driven systems will increasingly be trusted to take action in real time, isolating a system under attack, proactively protecting the organisation, rather than just reacting. Behavioral analytics will play a critical role here, helping teams detect anomalies and understand patterns of risk across users, devices, and applications.
“2026 will be the year we see broader adoption and smarter integration of these capabilities. But the real game changer will be context: the missing link in both security and AI operations. Modern AI can analyse threats at speed and understand their impact within each organisation’s environment. By combining context with behavioural insights, companies can move from predefined responses to adaptive actions that reflect the reality of their systems in real time. It’s a shift that will usher in a new era of cybersecurity, faster, more precise, and far more resilient.”
For any questions, comments or features, please contact us directly.
Greg Fuller, Vice President of Skillsoft Codecademy
“AI auditing will move from annual checklists to continuous, autonomous oversight embedded into workflows. Imagine a dashboard that not only tracks your AI’s decisions but explains them in real time—this is Explainability-as-a-Service. Think of it like a financial audit that happens every second instead of once a year. These systems will monitor algorithms for bias, compliance, and ethical risk, providing transparency to regulators and customers alike. In 2026, algorithmic accountability will be a competitive differentiator, far beyond a compliance checkmark.
“Additionally, we now have validated evidence of agentic AI successfully completing large scale cyberattacks. While cybersecurity has slowly but surely moved towards proactive defense, the ability to jailbreak publicly available AI models means threats have grown exponentially as the need for human expertise and involvement lessens. Furthermore, human error has been the fault of 98% of cyberattacks by some estimates, but AI is taking over as both attacker and victim. Companies, especially those with access to sensitive data like financial organizations or government institutions, must prioritize widespread AI fluency and consider using AI preemptively in areas like threat detection, vulnerability assessment, and incident response.”
Sergey Toshin, Founder, Head of Security Research at Oversecured
“We expect several major data breaches in 2026 traced to mobile-specific vulnerabilities. The biggest threat: on-device AI assistants with deep system access.
“While companies rush to patch security holes in ChatGPT, they’re missing a critical architectural risk. Manufacturers are embedding AI assistants like Galaxy AI and Apple Intelligence directly into the operating system with elevated privileges. Unlike regular apps that run in restricted sandboxes, these assistants need broad access – reading your screen, controlling apps, accessing file systems – to function properly.
“The attack scenario: Indirect Prompt Injection via local content. An attacker embeds hidden instructions in an email or webpage. Your phone’s AI scans this content to summarize it, reads the hidden command, and because it operates as a trusted component with administrator rights, executes it. The AI becomes what security researchers call a “confused deputy” – a legitimate system component manipulated into acting maliciously.
“This allows attackers to bypass traditional OS security barriers. The AI extracts data from protected storage like Samsung Knox or Apple Keychain and sends it out, all while you see nothing suspicious.
“US and EU regulators will likely mandate audits of these system-level components. Businesses should assess their mobile security now: every corporate device potentially carries a pre-installed insider with access to everything.”
For any questions, comments or features, please contact us directly.
