Navigating Cybersecurity Crossroads: Key Lessons for 2026

2025 delivered brutal lessons about the fragility of our digital infrastructure. In January, PowerSchool, a cloud-based education platform tracking over 55 million students in more than 90 countries, fell victim to a breach. A 19-year-old Massachusetts student allegedly attempted to extort $2.85 million from the company, after compromising data on reportedly 1.2 million students and staff. The breach serves as a stark reminder that fundamental security hygiene remains non-negotiable, regardless of an organisation's scale or sophistication. 

In February, SimonMed reported a ransomware-related breach affecting more than 1.2 million people, with the compromise linked to a vendor incident and a confirmed period of attacker access. In healthcare, this type of intrusion is not only a privacy event. It creates material risk of operational disruption where imaging, scheduling, and clinical workflows depend on digital availability. 

2025 also marked a turning point for AI security. Prompt-extraction attacks against large language models were publicly observed, demonstrating how adversaries could manipulate models into revealing sensitive system prompts. In one well-documented research case involving DeepSeek, engineered role-playing scenarios were used to bypass guardrails and expose internal model logic. 

In September, Jaguar Land Rover’s cyber incident halted production for close to six weeks. Analysis from the Cyber Monitoring Centre, cited by Reuters, estimated the cost to the UK economy at about £1.9bn and suggested disruption affected more than 5,000 organisations across the supply chain.  

October brought a breach at WestJet, widely attributed by security researchers to the ShinyHunters group, which exposed data from 1.2 million passengers. In November, a breach at Miljödata affected 25 companies and 200 Swedish municipalities, disrupting operations across multiple organisations, including Volvo. In December, 120,000 internet-connected cameras in South Korea were compromised, with stolen footage used to produce large volumes of illicit content — a stark example of how irreversible the damage from poor IoT security can be. 

The key takeaway from 2025 is that third-party risk is as critical as internal security, resilience matters when outages last weeks rather than hours, and organisations must assume incidents ‘will’ happen to them and to prepare for it. The real differentiator is whether systems, people and processes can function when core technology fails. It’s better to do this under a simulated attack rather than in the midst of the real thing. 

AI's double-edged sword 

As we move into 2026, AI is redefining the threat landscape at speed. 

Shadow AI has emerged as the new partner to shadow IT. While unauthorised Dropbox installations and Google drives have provided exfiltration opportunities for years, we now face employees inputting sensitive data into public AI models. This was famously exemplified by the Director of Cyber Security Infrastructure Agency (CISA) putting sensitive data into ChatGPT. This data may be retained or used to train future models, creating a perpetual security leak. 

At the same time, “citizen developers” are vibe-coding AI-generated applications across enterprises with little oversight. These tools often accumulate technical debt that no one is equipped to service, while previously approved enterprise platforms and applications ship with new embedded AI features indistinguishable from core functionality. Where does this data go? How is it secured? 

AI browsers such as Arc, Dia, Brave Leo and Comet introduce further risk. In December, researchers demonstrated a proof-of-concept on how Comet could be manipulated via a malicious email to carry out destructive actions, including deleting a user’s Google Drive content. We are increasingly granting AI agents autonomous access to digital estates without fully understanding the implications. Analysts, including Gartner, have warned that unmanaged AI agents represent a growing enterprise risk unless strong governance is implemented. 

Deepfakes represent an evolution of a 40-year-old threat. Phishing, which emerged in 1985, trained us to spot typos and grammatical errors. Today's AI-generated attacks feature perfect spelling, flawless grammar, seamless translation and increasingly sophisticated audio and video that's virtually impossible to detect. According to Sumsub’s 2025–2026 Identity Fraud reporting, deepfake-related fraud attempts in the UK rose by 94% in 2025. With only seconds of audio required to clone a voice, any business process relying on voice verification is now vulnerable. 

In November, Anthropic’s Claude was reportedly used by a Chinese state-sponsored group to target 30 organisations, with 80–90% of intrusion tasks performed autonomously. While imperfect, this marked the first reported case of AI-orchestrated state-backed attacks and demonstrated how similar techniques could be adapted to compromise other large language models. 

Organisations must test critical business processes against deepfake scenarios, while multi-channel verification should become standard and AI must be secured and governed rather than simply banned. Attacks are accelerating in both speed and scale, so defences must keep pace. 

When digital and physical worlds converge 

The next phase of cybersecurity will be shaped by a convergence of technologies that blur traditional boundaries. Autonomous agents are set to replace the one-to-one “human plus copilot” model with swarms of AI assistants. In a 3,000-person organisation, even three to five agents per employee could mean up to 15,000 autonomous entities operating simultaneously. Monitoring activity alone won’t be enough; organisations will need to understand intent, logic and inter-agent coordination. Managing your workforce may soon include managing and auditing a team of agents. 

IoT proliferation accelerates with around 39 billion devices projected by 2030, with continued strong growth beyond that at roughly 14% year-over-year. We face a coming crisis of unpatchable legacy hardware, smart meters, medical monitors and industrial sensors that remain functional but legally and technically abandoned when manufacturers go bankrupt or discontinue product lines. Ransomware is moving from virtual to physical, with attackers disabling air conditioning in manufacturing plants or agricultural sensors, spoiling crops. Digital-only security teams must now consider physical safety implications. 

Humanoid robotics will disrupt physical workplaces as profoundly as agents disrupt virtual ones. China operates over 2 million factory robots, far exceeding any other single country. Companies like Figure AI, Tesla Optimus, Unitree B2, and Boston Dynamics are pushing boundaries despite well-documented failures. The cybersecurity implications are staggering, blurring lines between physical and digital security, creating unprecedented ethical and identity challenges and the potential for hacked robots to cause physical harm by freezing brake pads on automated vehicles or causing havoc in warehouses. 

Underpinning everything is quantum computing which is potentially more disruptive than Y2K. When quantum chips combine with Shor's algorithm, existing encryption mechanisms protecting banking, finance and secure communications will collapse. The UK's National Cyber Security Centre already provides guidance urging organisations to inventory their cryptographic assets and embrace crypto-agility by implementing both classical and post-quantum cryptographic solutions. 

Acting now for a secure future 

These challenges won’t be solved overnight, but organisations can act now. Critical decisions should be verified through multiple channels to counter deepfakes. Implement zero-trust architectures for non-human identities. Segregate IoT devices with multiple defence layers and develop strategies for when legacy patching becomes impossible. Start the transition to post-quantum cryptography. 

The future of cybersecurity is bright but not because threats are diminishing, but because there's never been a more critical time for our profession. Technology and threats will evolve, but one thing remains constant in that we will not be short of challenges anytime soon. 

Read the Summer 2026 edition free online →

Stay connected with NI's tech community:

• Subscribe to our newsletter – Get the latest tech news, job opportunities, and events delivered to your inbox
• Visit Sync NI – Your daily source for Northern Ireland technology news