The State of Cyber Security: Inside Stories and Predictions for the Year Ahead

As 2026 unfolds, we caught up with our Group CISO, Darren Humphries, and SOC Threat Hunting Lead, Antonia Nisioti, to tap into 2025 trends, disruptive reality checks, and key predictions for the year ahead. Their insights, shaped by hands-on experience and world-class intelligence, provide a crystal clear view of the state of cyber security.

2025 in Review: The Good, The Bad & The Ugly

Shifting Threats and Realities

Last year saw cyber attackers shifting tactics:

1. Supply chains became prime targets, with attackers successfully exploiting human processes and vulnerabilities among vendors and software suppliers to breach several organisations through a single weak link.
2. Legacy system weaknesses, especially in long-standing technologies like Active Directory, continued to be bypassed, as outdated controls and insufficient monitoring allowed attackers to move with ease.
3. Development teams and their toolkits also attracted attention, exposing risk through poorly monitored code and malicious packages.
4. Identity and configuration issues were a recurring theme, with basic missteps such as weak multi-factor authentication and poorly configured privileges, giving attackers a clear route for breach opportunities.

AI in Cyber: Beyond the Hype

The hype around AI-powered cyber attacks reached new heights in 2025, but the reality doesn’t quite match this energy. While AI is and will continue to be used for orchestration and lowering the barrier for entry-level attackers, there is no concrete evidence of AI independently generating complete attack chains. Most observed attacks remained largely human-driven, with AI assisting in specific tasks rather than replacing the attacker.

With this being said, we can’t ignore the fact that AI has significantly improved the quality of attack techniques such as phishing emails, eliminated language errors and made campaigns more convincing, especially for non-native speakers, which has contributed to the rise in successful social engineering attacks and shows that it acts as a force multiplier for those already in the game.

Ransomware and Threat Group Evolution

Last year, attackers showed a greater level of coordination and adaptability. Ransomware-as-a-Service made it easier for more people to get involved, and threat groups formed alliances for major campaigns before breaking up to avoid detection.

High-profile attacks that hit the news proved that the purpose of attacks also developed, with some groups targeting critical business operations and supply chains, using destruction as leverage rather than just data theft. The aim of the game now is to cause as much disruption as they possibly can.

What’s On The Cards For 2026?

Predictions, Priorities and POV’s

Looking forward, we can expect this year to highlight several key themes:

1. AI to become even more sophisticated with predicted advancement every 6 months, supporting breach orchestration and vulnerability discovery. The human-in-the-loop element will very much continue to remain a crucial player in both attack and defence camps.
2. Ransomware 2.0, as we call it, is set to become more aggressive and destructive, with attacks on core business functions and supply chains expected to rise. And ransomware-as-a-service models will continue to encourage new participants to join threat groups.
3. Deep fakes and advanced social engineering will make fraud harder to detect, while legacy vulnerabilities will continue to expose organisations that haven’t addressed even the basic weaknesses.

Accountability, Investment, and the Boardroom

Another shift is the way boards and leadership teams approach cyber risk. There’s a growing preference and appetite for evidence-based reporting and external governance oversight, with less appetite for speculative decisions or rash investments in new technology. Instead, organisations are being asked to demonstrate maturity, fixing foundational flaws and focusing on measurable improvement, rather than simply buying the latest solution on the shelf.

Overall, we believe that cyber security investment has remained consistent, with budgets typically tracking standard index rates. Despite significant investments, the effectiveness of spending varies. Organisations are still failing to address fundamental weaknesses such as legacy Active Directory vulnerabilities, illustrating the need for more strategic allocation of resources.

That’s a Wrap: Staying Ahead

Cyber security remains a dynamic field, requiring both vigilance and adaptability, but to stay ahead, you can take a few practical steps:

• Prioritise modern identity management: Migrate away from outdated platforms and address technical debt to reduce the risk of attacks targeting legacy systems.
• Safeguard sensitive information: Implement robust governance controls and segment critical data to prevent attackers from exploiting AI assistants with fabricated emails and malicious data.
• Deliver comprehensive cyber awareness training: Ensure all staff, not just board members, receive practical training. Give particular attention to development, HR, and finance teams, who are often targeted, equipping them to recognise phishing, smishing, and QR code attacks.

With fresh insights from our leadership team, organisations can focus not just on emerging tools and threats, but on building resilience through strong fundamentals and a shared culture of security awareness. As 2026 takes shape, the emphasis is on evidence, maturity, and making steady progress, because today’s attackers move quickly, but so can you.