From the U.S. government letting CISA expire to recent “internet-breaking” updates sent out by various companies that form the backbone of web infrastructure, cybersecurity and resilience is more important than ever.
Though, according to IBM’s 2025 Cost of a Data Breach Report, global data breach costs have declined ungoverned AI systems are more likely to be breached and more costly when they are.
Here, security experts share their predictions for incoming threats, security measures, and more in 2026:
Expect major incidents by mid-2026: Here's the paradox: while security threats escalate, AI is eliminating entry-level tech jobs. New graduates face a career ladder missing its bottom rungs. When the crisis hits, will we have enough defenders who know how to fight it? Attacks on SaaS infrastructure are exploding. Threat actors have shifted from targeting individual companies to the platforms powering entire ecosystems. Crack one widely-deployed firewall, and you've exposed one-eighth of the world's networks. The real danger? Microsoft, Amazon, and Google control the backbone of global computing. A low-level breach in any of these could cascade into economic catastrophe. 2026's lesson may be that cybersecurity's biggest vulnerability isn't technology—it's concentrated infrastructure risk and a disappearing talent pipeline.—Mike Puglia, GM, security at Kaseya
Cyber resilience mandates will reshape public-private risk models: In 2026, the U.S. will implement a national cyber-resilience mandate for critical infrastructure and federal supply-chain partners. Organizations will be required to meet minimum cybersecurity standards or risk losing contracts, insurance coverage, or regulatory standing. With budgets tightening and election-year scrutiny rising, policymakers will shift from voluntary frameworks to enforceable baselines tied to resilience metrics. Expect CISA and sector regulators to blend elements of CMMC, CIRCIA, and FISMA into a unified model, with private-sector data helping validate performance at scale. Insurers and investors will follow suit, rewarding verified resilience and penalizing poor cyber hygiene, making 2026 the year cybersecurity becomes a regulated national priority.—Michael Centralla, head of public policy, SecurityScorecard
AI agents will be cyberattack targets in 2026: As organizations increasingly deploy AI agents to handle tasks from customer service to code generation, threat actors are licking their chops as these autonomous systems are prime targets for cyberattacks. Unlike traditional applications, AI agents have broad access to data, can make decisions without human oversight, and operate across multiple systems simultaneously, making them both valuable and vulnerable—a losing combo. In 2026, AI agents are going to come under attack. It’s up to security teams to address critical gaps including zero-trust architectures extended to non-human identities and credential management for AI agents interacting with internal systems.—Frédéric Rivain, chief technology officer at Dashlane
Identity sprawl will remain a major risk in 2026: With organizations struggling to govern an expanding mesh of digital identities across human, machine, and AI entities, over-permissioned roles, shadow identities, and disconnected IAM systems will continue to expose organizations to credential-based attacks and lateral movement.?AI will also reshape traditional social engineering: synthetic voices, deepfakes, and adaptive phishing will erode the reliability of static authentication, forcing organizations to adopt continuous and context-aware verification as the new baseline.—Benoit Grange, chief product and technology officer, Omada
Compliance as a catalyst for innovation: Compliance will evolve from a chore to a catalyst. In 2026, the most innovative organizations will treat regulation not as a constraint, but as a framework for building confidence with their stakeholders, protecting consumers, and advancing responsible data and AI use.—Inmar Intelligence chief technology officer Srini Varadarajan
Escalation of Cyberattacks on Critical Infrastructure: In 2025, cyberattacks on critical infrastructure will intensify, targeting sectors such as energy grids, water supply systems, and communication networks. Driven by a range of factors, including geopolitical tensions, these attacks will disrupt essential services and erode public trust. Governments and private sectors will be forced to fortify their detection systems, enhance threat intelligence sharing, and take proactive measures to defend against increasingly sophisticated and coordinated threats, including those from nation-states.—Karl Holmqvist, founder and Ceo, Lastwall
The end of optional MFA: The shared responsibility model in cloud security is breaking down, which will push cloud providers to enforce mandatory MFA for all customers. Rising supply chain attacks and multi-cloud complexities demand tighter collaboration between security teams and cloud-savvy developers. This shift will spark a critical push for both providers and customers to elevate security standards in an increasingly volatile landscape.—George Gerchow, faculty, Ians Research and interim CISO/head of trust, MongoDB