As organizations look toward 2026, infrastructure security is becoming one of the most defining challenges for cybersecurity leaders. Expanding cloud adoption, hybrid IT environments, growing reliance on APIs, and a rapidly widening digital footprint are making it harder for organizations to understand what assets they actually own and expose to the internet. Against this backdrop, attack surface visibility is emerging as a central concern for CISOs shaping their long-term cybersecurity strategy.
To understand how security leaders are prioritizing these challenges, The Cyber Express (TCE) conducted a LinkedIn poll asking, “What will be the top infrastructure security priority for CISOs in 2026?”
The results point clearly to a growing consensus: before organizations can defend effectively, they must first gain visibility into their expanding digital attack surface.
The Cyber Express Poll Results: Attack Surface Visibility Takes the Lead
The poll generated strong engagement from cybersecurity professionals across roles and industries. The final results were:
- Attack surface visibility – 40%
- Cloud and hybrid security – 25%
- Identity and access security – 25%
- Ransomware resilience – 10%
With 40% of respondents selecting attack surface visibility, it emerged as the top infrastructure security priority for CISOs heading into 2026. The result reflects a growing recognition that organizations cannot secure what they cannot see — particularly as assets are spread across cloud platforms, SaaS tools, APIs, endpoints, development environments, and third-party services.
Both cloud and hybrid security and identity and access security tied for second place, each receiving 25% of the vote. Ransomware resilience, while still a major operational concern, ranked lower at 10%, suggesting that many security leaders are shifting focus toward foundational controls that reduce exposure before attacks occur.
Why Attack Surface Visibility Is Rising to the Top
The dominance of attack surface visibility in the poll reflects a practical reality facing modern enterprises. Infrastructure today is no longer limited to on-premise servers and corporate networks. It now includes cloud workloads, remote endpoints, APIs, shadow IT, and externally facing services that change constantly.
Without accurate, real-time visibility into these assets, even mature cybersecurity strategies struggle to apply controls consistently or detect threats early enough to prevent impact.
Marcos S, Founder & CEO and Senior Full Stack Developer specializing in email infrastructure and cybersecurity, highlighted this shift in focus.
He said, “It’s interesting to see how organizations are adjusting their focus towards infrastructure security as digital transformation accelerates. Investing in robust API security solutions could play a crucial role when facing evolving threat landscapes.”
His comment underscores how modern attack surfaces are increasingly shaped by APIs, integrations, and digital services that were not part of traditional security models.
“They’re All Intertwined” — The Link Between Visibility, Cloud, and Identity
While attack surface visibility topped the list, the close ranking of cloud and hybrid security and identity and access security shows how interconnected modern infrastructure security priorities have become.
Mary Teisserenc, who works in MFA and access security for Active Directory, captured this reality in a comment on the poll.
She wrote, “It’s hard to alienate all of these, they’re so intertwined. How do you have hybrid security without strong IAM?”
Her observation reflects a common challenge for CISOs: visibility alone is not enough if identity controls are weak or cloud environments are misconfigured. Each layer of infrastructure security depends on the others to be effective.
CISO Priorities for 2026: Identity, AI, and Leadership
The themes emerging from the TCE poll closely mirror what senior security leaders are already predicting.
Adam Palmer, CISO at First Hawaiian Bank, recently shared his top three predictions for cybersecurity in 2026:
- AI becomes the foundation of security operations, but governance lags adoption.
- Boards will continue to seek CISOs who translate risk into business decisions.
- Identity becomes the dominant control strategy led across PAM, Zero Trust, and SSO.
He added, “Across all three predictions, the differentiator will not be technology. It will be leadership.”
Palmer’s post reinforce why identity and access security and attack surface visibility are gaining traction as top CISO priorities for 2026. Both are foundational controls that support AI-driven operations and help translate cyber risk into business impact.
AI, Scale, and a Growing Digital Attack Surface
Matthew Rosenquist, Founder of Cybersecurity Insights and CISO at Mercury Risk, also pointed to artificial intelligence as the defining force shaping cybersecurity in 2026.
He warned that attackers will use AI to scale proven techniques faster and more effectively, while defenders struggle to keep pace.
He said: “AI is an amazing tool for computing, but in 2026, there will be significant pain, public failures, and a few uncomfortable Board conversations.”
As attacks become faster and more automated, blind spots in the digital attack surface will become far more dangerous — further elevating the importance of continuous visibility.
From Strategy to Execution
Industry research is also pushing CISOs toward execution-focused priorities.
William Luders, Business Development Associate at Gartner, highlighted key initiatives leaders have recently prioritized:
- Developing an actionable zero-trust strategy
- Maturing governance with NIST CSF 2.0
- Embedding cybersecurity into GenAI governance
- Enhancing data security with cyberstorage
- Monitoring and managing OT, IoT, and IIoT systems
He asked, “Which of these initiatives will you prioritize in 2026? And how will you measure success?”
A Clear Shift Toward Foundational Security
Taken together, the poll results and industry perspectives reflect a practical shift in how CISOs are approaching infrastructure security. Rather than prioritizing isolated threat categories, leaders are increasingly focusing on core capabilities that support every layer of defense — particularly attack surface visibility, identity control, and governance.
The strong preference for attack surface visibility highlights a growing recognition that security programs cannot function effectively without a clear understanding of what needs to be protected.
As CISO priorities for 2026 continue to evolve, infrastructure security is shaping up to be less about deploying more tools and more about strengthening fundamentals — visibility, identity, leadership, and execution.