These are the expected cyber threats in 2026
The cyber threat landscape is changing rapidly. New technologies such as AI, dependencies in software supply chains, and geopolitical tensions are increasing its complexity. At the same time, phishing remains an effective attack technique and the threat of ransomware attacks continues to grow. Which threats will play a major role in 2026, and how can organizations prepare for them?
1. AI versus AI security
Artificial Intelligence is evolving rapidly and creating new opportunities for software development and security analysis. Developers are already using AI to identify vulnerabilities more quickly, analyze code, and automatically generate new code. In some cases, AI can even suggest ways to fix security issues.
The rapid development of AI also introduces new risks. Automatically generated code can contain errors, and attackers are using AI to carry out attacks faster and on a larger scale. As a result, the likelihood of new, unknown vulnerabilities (0-days) is increasing.
The use of autonomous AI systems raises an important question: can an AI fix a vulnerability without unintentionally creating a new one? Therefore, the use of AI requires active monitoring and clear governance within your organization’s security strategy.
2. Supply chain attacks are increasing
More and more software relies on external components, such as NPM packages and PyPI libraries, which are automatically updated. This speeds up development but also increases the attack surface.
Attackers are therefore increasingly targeting the source: the developers of these packages or the update mechanisms through which they are distributed. By embedding themselves in external components, they can secretly introduce malicious code.
Supply chain attacks are therefore difficult to detect. Effective patch management, insight into the software components in use (SBOM), and the ability to respond quickly when a component is compromised help organizations identify these attacks earlier.
3. Geopolitical tensions as a cyber risk
Many business processes run on cloud platforms operated by foreign organizations. In a geopolitical conflict, a country may decide to restrict or even block access to these systems. This can directly impact business continuity, access to data, and the availability of applications.
A well-considered cloud strategy helps organizations be better prepared. Organizations can think in advance about possible risk profiles and alternatives for critical business processes. This reduces the risk of business operations being disrupted for an extended period.
4. The further evolution of Ransomware-as-a-Service
The continued evolution of Ransomware-as-a-Service (RaaS) has significantly lowered the barrier for cybercriminals. As a result, the number of ransomware attacks is rising sharply. Malware, infrastructure, and support are now offered as complete services on the dark web.
In addition, attackers’ messages are becoming more direct: pay up, or we will publish your stolen data. In doing so, attackers skip steps in the process, such as first encrypting systems. This makes the situation even more complex and requires a rapid response.
A well-prepared Incident Response Plan (IRP) helps organizations respond more quickly. By making clear agreements in advance about decision-making, communication, and the impact of a data breach, organizations can limit damage and reputational risks.
5. Phishing remains an effective attack technique
Despite all technological developments, phishing remains one of the most successful attack techniques. Attackers exploit human factors such as time pressure, authority, curiosity, and confusion. With the help of AI, phishing attacks are also becoming more realistic, more personalized, and easier to execute at scale.
A recent development is the so-called ClickFix attack, in which users are guided step by step through an error message to unintentionally grant access to their system. This is why security awareness remains an important layer of defense.
Stay informed about cyber threats
Our Threats, News & Insights (TNI) service continuously monitors the most important developments in cybersecurity. We translate these trends into concrete risks and insights that are relevant to your organization.
Curious which threats are relevant to your specific organization and industry? Read more about Threats, News & Insights, or contact one of our consultants. .
