2026 is about risk and resilience when it comes to cybersecurity, industry observers say.
Martin Creighan, VP, Asia Pacific at Commvault said the most visible shift in the maturing of AI is in AI assistants "powering customer engagement, operations, and even cyber response". "But these systems are only as trustworthy as the data they learn from. In 2026, AI integrity will become a central pillar of resilience with the ability to trace, verify, and restore the truth in machine learning models," he said."What’s emerging next is the use of conversational interfaces to run resilience itself. Instead of navigating dashboards and scripts, teams will ask – in natural language – to protect a workload, check a policy, or validate recovery readiness across SaaS, multicloud, and hybrid environments. Resilience begins to feel like an always-on, conversational control layer over critical services."
Resilience
 |
| Source: Kyndryl. Lim. |
"In 2026, the organisations that stay secure will be those embedding protection across the entire AI lifecycle—and aligning leadership, engineering and operations around a single principle: secure intelligence is the foundation of enterprise resilience," predicted Andrew Lim, MD, Kyndryl ASEAN & Korea.
Jan Bee, CISO, TeamViewer said: “Cybersecurity is shifting from a technical concern to a business-wide responsibility. As cyber risk becomes inseparable from financial and operational risk, boards and security leaders will need to align more closely and speak a shared language of resilience.
 |
| Source: TeamViewer. Bee. |
"Organisations that treat cyber resilience as a strategic capability, rather than a compliance exercise, will be better positioned to recover from incidents and maintain confidence among customers and investors.”
Brian Spanswick, Cohesity's CIO, said that cyber resilience will emerge as the primary cybersecurity objective in 2026. "Organisations must move beyond prevention alone and balance investments with strategies that minimise business impact when breaches occur," he said.
"Expect at least one-third of cybersecurity budgets to prioritise rapid response, clean-room recovery, and AI-driven tools that accelerate detection, investigation, and restoration at scale. These capabilities empower IT teams to contain incidents faster, reduce data exfiltration risk, and restore systems quickly—minimising disruption and safeguarding trust."
 |
| Source: Cohesity. Spanswick. |
Carl Windsor, CISO, Fortinet, is all for resilience as well, calling for 'Chief Resilience Officer' to replace the CISO title. "The CISO title belies the fact that the role is not purely security-focused. Our daily role is that of enabling business transformation and innovation while doing so in a safe and secure manner," he explained.
"Most of all, though, we have to keep the business running at all times. It is this last point that is sometimes missed, but is one of the most important roles of a CISO.
"There have been multiple cases of businesses grinding to a halt in 2025 due to security incidents. It is crucial, therefore, for CISOs to understand the minimum viable business (MVB) required to keep the organisation running and ensuring this is available at all costs. We all must become Chief Resilience Officers."
Windsor expects attacks on multibillion-dollar multinational organisations to continue in 2026, driven by AI simplifying reconnaissance, the continued growth of cybercrime-as-a-service, and further nation state–sanctioned activity. "CISOs need to plan for failure and wrap their arms around building a business continuity plan. This includes helping to define the MVB needed, practical testing of the plan, and conducting regular tabletop exercises," he said.
Windsor also advised CISOs to build resilience as their first priority. "Assume disruption is inevitable and invest in business continuity, segmentation, and recovery readiness," he said. He also suggested CISOs:
Treat AI as a governed capability, not a shortcut. "Use it to enhance detection and response – but protect models, data, and access with the same rigour as any other critical system," Windsor said.
Harden identity everywhere. "As human and machine agents multiply, non-human identities must be secured and continuously verified," he suggested.
Strengthen collaboration. "Break down silos between security, operations, and leadership. Resilience depends on shared understanding and unified response," he added.
Stay informed and adaptive. "Threat actors innovate as quickly as technology evolves, which means that continuous learning and testing are now core security disciplines," Windsor said.
 |
| Source: Rubrik. Nithrakashyap. |
Arvind Nithrakashyap, Co-Founder and CTO, Rubrik, said there is an increased urgency for CISOs to adopt an 'assume breach' mindset and prioritise ensuring data integrity and recovery. "When an attack occurs, the time to get a business up and running is the critical metric. However, in 2026, the new imperative is to ensure data integrity and the ability to recover to a verified, clean point quickly," Nithrakashyap said.
"AI tools can rapidly generate malware and exploit known vulnerabilities. Organisations must pivot to recovery strategies that utilise integrity validation and isolated 'cyber vaults'. The recovery strategies will guarantee the restored environment is free of malicious code, making robust recovery engines a necessity, not a convenience."
Daniel Toh, Chief Solutions Architect, APJ at Thales, said that systemic cloud outages and cascading dependencies will mandate a fundamental shift from prevention to mandatory operational resilience.
"The risk of failure in cloud architecture is paramount. When incidents occur, they are rarely complex zero-days; rather, they are caused by internal, foundational failures. Recent industry analysis shows that 44% of all cloud security incidents are traced back to misconfigurations in identity and access management (IAM). This highlights that the most effective way to compromise the cloud is through poor access control, and a clear customer failure in the shared responsibility model," Toh shared.
"In 2026, organisations will prioritise resilience over total prevention, accepting that vendors will fail. This mandates a return to the foundational principles of crisis preparedness. CISOs will enforce the Zero Trust principle of least-privilege vendor access and aggressively implement multiregion/multicloud redundancy for critical data stores. The mandate will be to design for failure by continuously testing response plans and ensuring controlled access (IAM) limits the downtime incurred due to compromise or outages."
"This strategic return to resilience fundamentals minimises the business impact of unavoidable third-party failures, protects data from systemic vendor risk, and ensures continuity of critical business functions," Toh added.
Resilience will involve isolated recovery environments (IREs), said Matthew Oostveen, VP & CTO, Asia Pacific & Japan, Pure Storage. "In 2026, IREs will move from a niche security measure to a boardroom mandate across Asia-Pacific. As ransomware and destructive cyberattacks continue to escalate, organisations will recognise that traditional backups are no longer enough. The focus will shift from simply recovering data to assuring recovery itself, and secure isolation will become the new benchmark for cyber resilience," he explained."Several forces will converge to make IREs mainstream. Regulators will begin demanding demonstrable recovery integrity, insurers will link premiums to verifiable isolation, and boards who are still reeling from high-profile outages. They will push for architectural assurance rather than procedural promises. In response, enterprises will design recovery environments that are physically and logically segregated, automated, and continuously validated.
"Across APJ, IRE adoption will accelerate first in financial services, critical infrastructure, and manufacturing; sectors where downtime equals revenue loss or public risk. But the real shift will be cultural: IREs will redefine how organisations think about resilience, transforming backup from an operational afterthought into a core element of business continuity strategy."
Risk
Andy Zollo, Senior VP of Application and Data Security, APJ at Thales, expects boards to quantify and govern cyber risk, transforming security from a technology cost into a fundamental business duty.
"Cyber risk is now seen as a top strategic priority by 60% of business and tech leaders globally. This executive focus, driven by geopolitical instability and new regulatory rules, means boards can no longer treat security as just an IT compliance exercise. They need clear, financial metrics on the true risk exposure," Zollo said.
"By 2026, CISOs’ primary function will shift from managing technical defenses to quantifying financial risk. Boards will demand cyber risk quantification (CRQ) to measure the potential dollar impact of security gaps. This new mandate ensures foundational security programmes like Zero Trust and data discovery are adequately funded and monitored, as executives are held personally accountable for maintaining basic cyber hygiene."
Zollo observed that the shift would provide security leaders with the necessary budget and executive support, "effectively turning security investment into a measurable enabler of business stability and competitive advantage".
Windsor shared that the top CISO concern over the past three years has been the cybersecurity skills gap. "Fortinet has been working to close this gap by helping train 1 million people in cybersecurity by the end of 2026, and we are well on the way to achieving that goal. However, our 2025 Cybersecurity Skills Gap Report shows that multiple issues remain," he said, highlighting that:
IT leaders stated that the leading causes of breaches were the lack of security awareness (56%) and the lack of IT security skills and training (54%).
Forty-nine percent of leaders do not think their board members are aware of the risks posed by using AI.
"More than ever, the CISO’s place in the boardroom is critical. We need to communicate the benefits of new technologies like AI, along with their associated business risks, as clearly as possible so that so the board can determine their appetite for risk. The good news for CISOs is that cybersecurity is becoming so critical to the board that we are beginning to see CISOs becoming board members themselves, thereby broadening the experience of the board," he said.
"The role of the CISO has never been more vital. Success in 2026 will belong to those who can combine technical depth with strategic vision, turning security from a reactive function into a force for resilience, trust, and growth."
Shifting left
Simon Wistow, Co-Founder & VP of Strategic Initiatives, Fastly, said that AI success will hinge on developer and security team collaboration.
"As the race to develop and implement AI-powered tools continues in 2026, organisations that foster close collaboration between developer and security teams will come out ahead," he said.
"Developer teams are under pressure to innovate and implement AI quickly, while security teams are tasked with identifying and fixing security issues before deployment. When developers and security professionals work in tandem from the early stages of AI model based development, they can put proper safeguards in place and mitigate potential security gaps before they arise. This new developer-security partnership model will result in a more secure and reliable AI ecosystem, where innovation and security go hand in hand," Wistow explained.
Ransomware
"To effectively counter ransomware, start by enabling dedicated protection across all endpoints. For non-industrial companies, implement anti-APT and EDR tools to enhance threat discovery, detection, investigation, and rapid incident remediation. Additionally, equip SOC teams with up-to-date threat intelligence and ongoing professional training, all of which can be accessed through comprehensive platforms...to build a resilient defence strategy," said Kaspersky's Fabio Assolini, Head of Research Center, Americas and Europe, Global Research & Analysis Team.
Assolini also suggested that organisations in the industrial sector adopt a specialised ecosystem which combines OT-grade technologies, expert insights, and a native extended detection and response (XDR) platform tailored for critical infrastructure.
AI security platforms
AI security platforms provide a unified way to secure third-party and custom-built AI applications and will be increasingly popular with businesses, Gartner has forecast. By 2028, Gartner predicts that over 50% of enterprises will use AI security platforms to protect their AI investments.
They centralise visibility, enforce usage policies, and protect against AI-specific risks such as prompt injection, data leakage, and rogue agent actions, the consultancy firm predicted.
"These platforms help CIOs enforce use policies, monitor AI activity, and apply consistent guardrails across AI," the consultancy said in a list of 2026 predictions.
 |
| Source: SentinelOne. Steward. |
"LLM vendors are showing us the future: what was 15 applications is now a single familiar interface, operating the underlying machinery to do each different task. This means we’ll no longer be considering which individual tool can handle this threat but rather looking at the bigger picture of what security outcome we’re aiming to drive. If there’s one system that can detect identity attacks as well as behavioural ones, why are we maintaining artificial product boundaries? That unification of systems is happening across the SaaS landscape, and security is next in line."
Cooperation
Steward said: "In 2026, organisations will finally realise that collective security requires collective contribution. Companies expect the benefits of shared intelligence through their vendors, but they only share data after the fact; a myopic view of protecting themselves from risk.
"The challenge is how to build systems that allow us to disseminate valuable information across the customer base, while excluding information that customers find problematic to share. The key will be increasing customer comfort
with the understanding that sharing some of their information will ultimately benefit and de-risk them. This will help customers realise, concretely, that the safety of one is the safety of all."
"An individual customer is not an island, and an individual alone can’t defend against attackers who share information freely," Steward added.
APT stands for advanced persistent threat, CTEM is short for continuous threat exposure management, and EDR for endpoint detection and response. LLM is the acronym for large language model; SaaS refers to software-as-a-service. SOC is an acronym for security operations centre. UEBA refers to user and entity behaviour analytics.
Explore AI cybersecurity in 2026
The attack and defence playbook
A broader attack surface with agentic AI
Hashtag: #2026Predictions
No comments:
Post a Comment