Connecting IT, OT, Clouds, Humans, AI Agents, Physical, Business, SOCs, and Boardrooms
It’s that time of year again. As the calendar year comes to a close, we look ahead to try and predict the major threats, the shifting regulatory landscape, and the dominant cybersecurity narratives for the coming year. 2025 was certainly defined by attackers accelerating their time to exploit, shrinking the window for defenders. This makes preparing 2026 cyber strategies crucial for meeting the constantly evolving threat landscape. However, before we unveil our 2026 predictions, it’s essential to reflect on the trends we thought would shape 2025.
Top Trends of 2025
- CISO Role Expansion: “The CISO role will encompass strategic leadership, regulatory adaptability, and continuous and clear communication to the board, executive team, customers, and investors when an incident occurs.”
- Increasing Regulation Scrutiny: “If you are involved in a multinational organization, and depending on if you’re in finance in the European region, you’re going to be impacted by the Digital Operational Resilience Act (DORA).”
- Critical Infrastructure as a Top Target: “War is going to create some unexpected challenges for IT systems, corporations, and critical infrastructure agencies.”
- An Emergence of Cyber Risk Quantification (CRQ): “CRQ vendors that have invested in attack surface and attack path management will be well positioned as these markets continue to overlap.”
We revisited 2025’s most influential security voices and paired their insights with our team’s expertise to forecast what CISOs and organizations can expect in 2026. Same themes or major shift? To find out, here’s what they have to say:
The Blurring Line Between Cyber and Physical Security and How CISOs Should Adapt
Reuven “Rubi” Aronashvili, Founder and CEO, CYECybersecurity is no longer confined to the digital realm; it has now become a physical concern. Recent incidents abroad suggest attackers leverage cyberspace to gather intelligence before moving into the physical world. On top of this, AI is moving faster than governance and agentic systems being adopted before organizations are ready.
As a priority in 2026, CISOs will fully step into enterprise security, not just cybersecurity. With this boundary between digital and physical risk breaking, we are already seeing attackers use cyber intelligence to enable real-world targeting. The role’s pressure will increase not only in scope but in responsibility as leaders balance board expectations, regulation and workforce readiness.
The most effective CISOs will need to be part technologist, operator, and educator to build resilience against a new generation of threats that increasingly blur the line between the cyber and physical worlds.
CISOs Elevate Their Role as Cybersecurity Solidifies as a Board-Level Risk
Tim Brown, FCISO of SolarWinds2025 has moved slower than I expected. Great news we have not seen additional public litigation against CISOs and we have seen less litigation against companies from government entities. There are definitely calls for more CISOs in the boardroom and expectation of closer attention being paid to cyber security. It is now included when companies/boards talk about risk factors. I think many CISOs have been able to elevate the role, but it is based on skills and aptitude of the individual CISO.
Cyber Thrillers Become Reality: Geopolitical Conflict Fuels Real-World Cyber Threats
Deb Radcliff, Author of “Breaking Backbones: Information Is Power. Book I of the Hacker Trilogy”Everything is moving faster than I imagined it would in my predictions. Multiple reports in 2025 reveal that routers, drones, and other OT manufactured in China (and those from other “adversarial countries”) can’t be trusted. For example, a Dark Reading article published in March reveals back doors associated with China in Juniper networks devices, with downstream impacts on all Telco’s, internet infrastructure, companies, and government agencies using these devices.
I’ve been sounding this alarm for decades. In 2005, for a story on fake network gear that placed in top three for a Neal Award, I remember asking Cisco’s head of fraud why they still send manufacturing to China? It was hard to get into his office, but when I did, he had this map of China behind his desk, with red pins all over. Cisco and other networking infrastructure companies still send part or all of their manufacturing to what are increasingly adversarial countries. This puts our entire networking infrastructure at risk and there is no easy solution other than ripping out and starting over with 100% U.S.-made components, which I know won’t happen in my lifetime.
The U.S. government is also sounding alarms over other infrastructure, such as ship to shore cranes, also made in China and controlled, patched and updated by Chinese manufactures. Supply chain attacks against utilities, targeting of industrial control systems, and ransomware attacks against critical infrastructure systems continue to rise. Not to mention, there is general concern that state actors, including from China, are hiding inside our infrastructure poised to launch their cyber attacks as political tensions heat up. The same can be said for U.S. entities lurking in their systems. I think of this as a standoff akin to the cold war, with the potential to cripple economies and put human lives at risk across the globe should they decide to launch.
Meanwhile, an arms war to enable autonomous digitally-controlled, lethal war fighting devices with AI continues to heat up. The question I’ve been asking is, who’s responsible for these devices should they misfire and kill innocent civilians? Who’s responsible if they’re hacked and used to kill and maim? If it’s the manufacturer, I would argue that many of them are based in “adversarial” countries including China. And, indeed, many of these OT vendors who I visited at the International Security Consortium West conference in Las Vegas were based in China. And even those that weren’t, still used manufactured components and chips from China. When I visited the vendor booths and asked about their cyber security measures to prevent such a catastrophe, no one had any answers. Granted, they were salespeople and integrators, but you would think the integrators understand the seriousness of this issue.
So where are we going in 2026? Unless political tensions soften between countries, I worry that the “fictionalized” stories in my cyber thriller books will come to life. I hope not, but if they do, every sector will be embroiled in the outcome – not just energy, military and other OT system-heavy industries, but also communications, cloud systems, and the entire Internet every business and person relies upon.
That means preparing for this type of scenario should be a top priority in 2026. How do we build in redundancy, failover, and backup to “keep the lights on” so to speak, should the worst happen?
AI in Cybersecurity: Pivoting from Hype to a Reliable Source
Tom Levi, Senior Manager, Cyber Client Strategy & Risk at CYECIOs and CISOs are approaching 2026 with a pragmatic view of AI in cybersecurity. After a year full of high promises around agentic and autonomous AI, much like an election year, they are now focused on what actually works in real-world environments. While AI is being used by attackers to scale phishing, reconnaissance and vulnerability discovery, defenders are beginning to see tangible benefits in areas like policy, alert triage, asset and big data correlation and threat prioritization.
For 2026, security leaders want AI solutions that move beyond visibility to actionable defense, with clear governance and risk frameworks to safely guide AI-driven decisions. They want to start seeing AI acting as their most potent team member that can act on their behalf, but for that, one needs to build trust. The focus is no longer on hype or promises, but on AI that delivers reliable, measurable, operational value that genuinely strengthens cyber defenses while fitting into the realities of enterprise security.
The Agentic SOC Consumers 2026 and Beyond
Andrew Braundberg, Principal Analyst at OmdiaThe ability of agentic tools to automate traditional SecOps tasks is showing substantial early promise. More than 50 Agentic SOC start-ups have appeared in the market, and practically every leading vendor across security operations product segments has pivoted their product development resources into introducing agentic features or standalone agents. The goal of creating an Agentic SOC will consume much of the energy in the market in 2026 and beyond.
Staying Ahead in 2026: Turning Predictions into Safer Cybersecurity
2025 showed us that predicting the pace of change is harder than predicting its trajectory. Trends such as the expansion of the CISO role beyond technical expertise, the regulatory impact of DORA and critical infrastructure rising as a prime target all materialized – just not all at once.
This year, those foundations have evolved into a more complex reality: cyber and physical security are converging, geopolitical tensions are driving real-world cyber operations, and AI has moved decisively from hype to operational impact. Together, these shifts make one thing clear for 2026, managing incidents is no longer enough. A proactive approach focused on continuous visibility, prioritization, and reduction of real business risk, will be essential for organizations looking to stay ahead in an increasingly accelerated threat landscape.
By strategically combining real attack surface, the live threat landscape, and unique business profiles, organizations can gain a clear, dynamic view of their exposure, enabling better, data-driven decisions in real time. That way, by the time 2027 predictions are made, we can expect to see significant advancements in the cybersecurity landscape.
Share your predictions for what you see in your 2026 “cyber crystal ball” by connecting with us on LinkedIn.
