SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Business person monitoring network digital devices with cyber threats shadowy figures
#
Data Protection
#
Encryption
#
Edge Computing

AI-driven cyber threats & global rules to challenge firms by 2026

Thu, 20th Nov 2025
Author image
By Sean Mitchell, Publisher

Organisations will face an increasingly complex and demanding cybersecurity landscape by 2026, according to IO (formerly ISMS.online). The proliferation of artificial intelligence (AI), the evolution of supply chain attacks, and fragmented global regulations are among the areas forecast to shape corporate security and compliance strategies.

AI-fuelled cyber threats

AI is set to drive more sophisticated cyberattacks. Phishing, credential theft, and deepfake tactics are likely to become harder to detect as AI systems grow more capable. Attackers are also targeting the AI models themselves, attempting to manipulate or "poison" them for theft or disruption.

"AI will supercharge cybercrime in 2026. Expect to see phishing, social engineering, and credential theft campaigns that are faster, smarter, and harder to spot, including deepfake voice calls, hyper-personalised emails, and automated vulnerability scanning. Attackers are also targeting AI systems themselves, trying to 'poison' or manipulate models for access or sabotage," said Sam Peters, Chief Product Officer, IO.

Executive oversight

Incidents related to autonomous or semi-autonomous AI tools are predicted to elevate AI risk to board level. Executive teams are expected to treat AI as a core governance issue, with boards taking direct ownership of oversight, risk models, and accountability measures.

"In 2026, AI will no longer be just a technology issue. It will become a governance issue, one that's owned by the board, not just IT," said Peters.

Supply chain exposure

The volume of breaches via suppliers and partners is expected to increase, affecting entire business ecosystems. Open-source libraries and managed service providers present new vectors for compromise, demanding robust third-party assurance processes across industries.

"Compliance platforms that connect supplier risk data are no longer optional; they're essential," said Peters.

Focus on identity

The expansion of hybrid work and AI means identity and privilege management will form the primary security perimeter. Attackers are likely to increasingly target machine credentials alongside those of human users, making comprehensive zero trust approaches a necessity.

"You can't protect what you can't authenticate," said Peters.

Legacy vulnerabilities

Older systems remain a major vulnerability. Unpatched software and misconfigurations are likely to underpin many incidents. As businesses move further into cloud and edge computing, the risk associated with legacy technology is anticipated to scale accordingly.

"Technology transformation must include updating legacy systems; otherwise, they'll keep undoing your best efforts to stay secure," said Peters.

Continuous compliance

Risk in complex environments now changes rapidly. Static annual audits are unlikely to provide sufficient assurance. Organisations are expected to move towards continuous monitoring and real-time compliance tools for ongoing risk visibility.

"The winners in 2026 will be those who can prove their compliance in real time, not after the fact," said Peters.

Infrastructure challenges

The growth of internet of things (IoT), operational technology (OT), and edge devices is expanding the security landscape. Board-level attention to these expanding network edges is expected to increase, with tailored compliance strategies required for every connected device.

"Compliance strategies must extend to every connected device, not just your core systems," said Peters.

Insurance scrutiny

Cyber insurance providers are tightening their standards. By 2026, demonstrable and continuous security maturity will factor more heavily into coverage and premiums. Evidence of persistent controls will be required, rather than simple certification.

"Compliance isn't just about avoiding fines; it's becoming the ticket to insurability," said Peters.

Data protection issues

AI increases risks around data privacy. Potential threats include model theft, data poisoning, and malicious extraction of sensitive data from AI outputs. Clear data lineage and encryption methods are likely to become key compliance requirements.

"The future of compliance will depend on knowing where data goes and how models use it," said Peters.

Global regulatory fragmentation

Regulatory approaches in the US, EU, and China are diverging, rather than converging. Multinational organisations will require highly adaptable compliance frameworks. Platforms able to unify multiple standards will become necessary to streamline compliance efforts and respond to differing regulations in each jurisdiction.

"Platforms that unify multiple frameworks will be vital for staying ahead," said Peters.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Oxylabs experts forecast AI bubble risks & browser wars
AI reshapes cyber threats as experts warn on automation
Tenable hack of Copilot AI agent exposes fraud risks
Agentic AI surge in 2026 sparks fresh cyber security risks
AI-driven cyber threats spur surge in intel spending

Top stories

Enterprises pivot to risk-aware, human-centric AI in 2026
Cyber leaders warn resilience gap as boards eye 2026
AI bubble cools as HR shifts to outcomes & new roles
Keeper links identity security alerts into ServiceNow
Safe AI coaches staff to cut cyber attack errors