In what has been perhaps the worst year on record for cyber attacks, it has become clear that organisations of all categories have been forced to drastically re-evaluate their relationship with cyber security.
After such a dramatic year that has seen government departments, local authorities, high street staples and so much more devastated by digital attacks, going into next year with adequate foresight is a must.
In that spirit, UKTN has asked experts in the field to predict the cybersecurity shifts expected in 2026.
Supplier risk will be treated like liquidity risk – Dr. Aleksandr Yampolskiy, SecurityScorecard
“In 2026, CEOs will manage cyber exposure across their suppliers as tightly as they manage cash flow. Real-time telemetry, automated variance alerts, and board-level KPIs will track vendor health daily.
“Security teams will no longer settle for questionnaires or annual audits. They’ll demand continuous proof of security performance and launch ecosystem-wide hunts to uncover stealthy infrastructure and compromised code libraries.
“With AI now embedded in nearly every digital product, companies will also require full visibility into each partner’s AI model dependencies and data flows. This financial-style approach to risk will turn supply-chain security into a daily operational metric, not an annual checkbox.”
John Macpherson, Ashurst Risk Advisory
“As we look to 2026, boards must broaden their focus. For years, rightly, the spotlight has been on data breaches and privacy enforcement, and that remains critical. But 2025 underscored a broader truth that cyber disruption is now a balance sheet, supply chain and macroeconomic risk.
“The Bank of England’s November report linking GDP softness to disruption from the Jaguar Land Rover cyberattack is a stark signal. Regulators are also losing patience with failures in basic security hygiene.
“Expect intensified rules on operational resilience and recovery, supply chain security, and increased personal accountability for directors. Board-level cyber investigations with multi‑year lookbacks into audits, reporting, remediation, controls and resourcing will become routine.
“The response must be continuous and pragmatic, secure expert advice, plan for worst‑case recoveries, test resilience end‑to‑end, and challenge management on readiness and response. Ultimately, boards must evidence that reasonable steps and practical measures are in place, underpinned by a defendable assessment, throughout 2026 and beyond.”
Crisis readiness will become a board-level KPI – Dennis Martin, Axians UK
“In 2026, organisations will recognise that cyber resilience is not just firewalls and detection tools, but that it hinges on how well people perform under pressure. Crisis readiness will be measured in the same way that organisations track financial or operational performance.
“Boards will expect regular simulations, scenario planning and cross-department training to become core operational requirements as threats evolve, so that operational staff can take coordinated action when the unexpected happens.”
High-volume, complex, democratised cyberattacks – Darren Anstee, NETSCOUT
“In 2026, we expect to see a continued escalation in infrastructure risk, with botnets capable of generating attacks at 20+ terabits per second threatening not only individual targets, but the subscriber and Internet connectivity within Internet Service Provider networks.
“Very high volume and throughput attacks create significant collateral damage, where businesses and consumers with no direct link to the target can be impacted, as they are isolated from cloud services and the wider Internet.
“Another concern is the increasing complexity of DDoS attacks, and the democratisation of sophisticated tooling. This has removed the barrier to entry, giving smaller groups the ability to automate reconnaissance, rotate and randomise attack vectors and adapt in real time – in ways previously limited to top-tier actors.
“This creates a dual challenge of overwhelming volume and machine-driven, intelligent persistence. For defenders, this makes real-time intelligence and adaptive defences more critical than ever.”
