SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Ai cyber espionage ransomware small business office night scene
#
Ransomware
#
Drones
#
IoT Security

AI & state-backed cyber spies to drive 2026 threats

Tue, 23rd Dec 2025
Author image
By Shannon Williams, News Editor

Cyber security experts expect state-backed espionage and artificial intelligence-driven attacks to shape the threat landscape in 2026, with European defence industries, small and midsize businesses and the fast-growing drone sector singled out as key targets.

Predictions from researchers at security firm ESET and from Cork Cyber point to a year of more aggressive activity by major nation states and criminal groups, as well as rising financial losses from phishing and business email compromise.

Drone espionage

Jean-Ian Boutin, Director of Threat Research at ESET, said unmanned systems will sit at the centre of future intelligence operations by the so-called "Big 4" adversaries.

"In 2026, the proliferation of unmanned aerial vehicles (UAVs) in military and commercial spheres will attract the attention of major threat actors of the Big 4 (China, Russia, Iran, North Korea), seeking to steal intellectual property and gather military intelligence. Russia will maintain a relentless focus on Ukraine's drone capabilities, leveraging cyber and traditional intelligence assets. North Korea and Iran are poised to ramp up their own espionage against European and global targets, aiming to accelerate the modernisation of their drone arsenals. China, meanwhile, is expected to intensify efforts to track Taiwan's UAV build-up. As unmanned surface vehicles (USVs) and unmanned ground vehicles (UGVs) mature technologically, similar patterns of espionage and cyber intrusion will likely emerge around these domains," said Boutin, Director of Threat Research, ESET.

Governments have ramped up investment in unmanned platforms in recent years. Defence organisations and manufacturers have also increased digital integration across fleets, supply chains and control systems, which expands the attack surface for intrusions.

The expected focus on UAVs, USVs and unmanned ground systems highlights the link between cyber operations and battlefield logistics. It also underlines the risk of industrial espionage against firms that design sensors, navigation software and communications components for these platforms.

Russia's shifting targets

Boutin said Russian state-linked actors will continue to use criminal groups and destructive techniques while broadening their geographical focus.

"Russia will continue to leverage cybercriminal groups for espionage, and collaboration between state-sponsored threat actors is expected to become more frequent - a marked departure from previously siloed operations. Wiping attacks will persist, targeting energy infrastructure as winter approaches and focusing on the grain sector, which is critical to Ukraine's economy. Espionage operations will also increasingly target the military drone industry.

"While Russia-aligned threat actors are currently concentrated on Ukraine, 2026 will likely see a diversification of their targeting as European countries - including Germany, France, and Poland - undertake major rearmament programs. We anticipate an uptick in Russian cyberactivity in targeting defence contractors, supply chains, and critical infrastructure in efforts to track and undermine Western military modernisation," said Boutin.

European governments have announced multi-year spending plans on equipment, munitions and industrial capacity. Security analysts expect this investment will draw sustained interest from foreign intelligence services that want insight into new systems and procurement strategies.

Energy grids and agricultural logistics remain under pressure from destructive malware, according to recent technical reporting from multiple security vendors. That reporting points to wiper attacks against operational technology and data systems in Ukraine and allied countries.

AI-driven attacks

Dan Candee, CEO of Cork Cyber, said the growing use of artificial intelligence by attackers will change the nature of day-to-day threats that small and midsize firms face.

"In 2026, cyberattacks are expected to become increasingly driven by artificial intelligence. Threat actors will leverage generative AI to launch highly sophisticated, large-scale phishing campaigns, create polymorphic malware that evades detection, and automate the exploitation of vulnerabilities. This marks a major escalation in both the volume and complexity of attacks, significantly challenging the defensive capabilities of small and midsize businesses (SMBs) and their IT providers. In 2025 out of 4.4 million compliance events, 62.5% of Cork Cyber's payouts to SMBs were from phishing attacks for ACH wire transfer fraud," said Candee, Cork Cyber CEO.

Security teams already face a surge in social engineering that uses cloned websites, deepfake audio and convincing fraudulent invoices. Generative AI tools lower the barrier for less skilled actors and can support rapid customisation of lures at scale.

The reference to polymorphic malware indicates concern that malicious code will change its structure frequently. That makes signature-based detection much less reliable for traditional antivirus and email filters.

SMB business risk

Candee said the financial consequences of a breach next year could go well beyond headline ransom figures, especially for smaller companies.

"The financial impact of a serious breach in 2026 could be devastating, potentially enough to bankrupt an SMB. Beyond ransom payments, the true costs include extended downtime, lost revenue, recovery and remediation efforts, regulatory penalties, and lasting damage to brand reputation. To survive in this threat landscape, SMBs must view cybersecurity as a critical business risk rather than just an IT expense. Effective security programs should be well-documented, regularly reviewed, and aligned with established security frameworks," said Candee.

Insurance data and incident reports across the industry show consistent growth in claims linked to business email compromise and payment fraud. Analysts say this trend reflects both the rising sophistication of attackers and gaps in basic controls at many organisations.

Vendors and consultants expect regulators and customers to place more emphasis on documented security processes and regular reviews across supply chains in 2026.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Deepfake boom fuels relentless wave of celebrity scams
Visionplatform.ai adds AI agents to Milestone XProtect
Ofcom probes X over Grok deepfake sexual imagery risk
European privacy teams warn of cuts amid rising risks
Phishing services drive 389% surge in account breaches

Top stories

Executive-level CISO titles surge amid rising scope strain
UK unveils Software Security Ambassadors to push new code
Dun & Bradstreet outlines seven key compliance trends
Asimily boosts Cisco ISE with new device microsegmentation
Cyb3r Operations raises $5.4m to tackle cyber risk