Sophisticated attacks and the incorporation of AI tools, talent shortages, and tight budgets are some of the challenges commonly cited when it comes to managing cybersecurity in organizations. In a changing environment, the key is no longer to stay one step ahead, but to maintain a resilient infrastructure that ensures a rapid response when — not if — a cyberattack occurs. In the coming months, many of the key issues from previous years will recur, but there will also be specific challenges: “2026 is shaping up to be a year in which attacks will be faster, cheaper, and more credible, as AI and automation now perform much of the work that previously required time and skill,” explains Marijus Briedis, CTO of NordVPN. Briedis also warns of what he calls “the growing monoculture of the internet,” in which the supply of cloud platforms, CDNs, and productivity tools is concentrated among a few players, and therefore compromising any of these systems or providers has a significant impact.
“The most important change, however, is trust,” says Briedis, referring to deepfakes, voice cloning, synthetic identities, and automated phishing chats, among others, which “will continue to erode trust … as criminals increasingly focus on authentication and cloud access, rather than just devices.” He also draws attention to the quantum risk to digital security, with criminal strategies such as “collect now, decrypt later” forcing cybersecurity departments to improve their privacy and information protection tools.
For Ángel Ortiz, director of cybersecurity at Cisco Spain, by 2026 “cybersecurity will evolve towards models based on speed, automation, and continuous identity verification.” He highlights the impact of generative and agentic AI in defining “an increasingly complex threat landscape,” based on “large-scale automated cyber operations. Identity has become the new security perimeter, as attackers no longer need to break in but simply log in with stolen credentials.” Cisco anticipates demand for “security architectures that prioritize business resilience, alignment with business objectives, and the integration of AI as a foundational element for cyber defenses.”
