Cyber and resilience trends in 2026
Image courtesy Beyond Blue
As we move forward into 2026, the cyber and resilience community is once again dusting down its crystal ball and turning its attention to what may lie ahead for the industry in the next year.
However, before we look forward, how can the events of the past 12 months prepare us for the uncertain world that undoubtedly lies ahead?
A year defined by fragile supply chains, geopolitical tension, large-scale attacks and outages
It is undeniable that 2025 was a pivotal time in the cyber and resilience landscape. The attacks we faced were some of the largest in history, digital events increasingly had physical impacts in ways we had not experienced before, while the geopolitical landscape became more intrinsically linked with cyber and simultaneously fuelled by AI and misinformation.
State-backed groups, criminal gangs and organised threat actors all played a part in driving disruption across the UK.
Supply chain compromises continued their upward trajectory but 2025 also saw a surge in highly targeted social engineering campaigns, particularly against IT help desks and managed service providers.
Even more concerning was the rise in insider recruitment schemes, with overseas cyber groups, such as those operating within North Korea, paying employees for access or, in extreme cases, embedding operatives directly inside targets to steal sensitive data.
In addition to this, the UK also experienced its most significant cyber incident to date, beginning at a major automotive manufacturer and cascading across thousands of small businesses. The economic shock, which recent estimates predict is up to £3 billion, forced government intervention to protect firms whose survival was put at risk as a result of the subsequent downtime caused by the attack.
However, not all crises were the result of hostile activity.
Twenty twenty-five also exposed the fragility of the systems we rely on every day.
The collapse of the Iberian power grid plunged millions into darkness. A single transformer failure at North Hyde substation brought the UK’s busiest airport to a standstill. Cloud outages at AWS and Microsoft revealed hidden dependencies that many organisations didn’t even know they had, thrusting them to a halt.
These events underscored a hidden reality, that the interconnected world is brittle and without resilience things can easily break.
If there is one lesson from 2025, it is that resilience can no longer be treated as optional.
In 2026, resilience will therefore be the key theme for both governments and organisations.
Organisations will need to break down silos between cyber security, digital operations and business continuity teams, realising that true resilience requires a unified approach, which must be tested, exercised and validated thoroughly, regularly.
Perhaps it’s time to evolve beyond the traditional Confidentiality, Integrity and Availability (CIA) triad and embrace a new trinity: Security, Safety and Resilience.
So, how can these events of 2025 prepare us for the future?
Predictions for 2026:
Compliance will advance but resilience will remain a challenge
The Cyber Security and Resilience Bill (CSRB) will work its way through Parliament and a ban on ransomware payments for CNI providers may be introduced.
However, within the CSRB, there is much on cyber security but far less on resilience.
The EU is pressing on with its Critical Entities Resilience Directive, which is designed to improve the resilience of key services and isn’t confined to digital but the UK doesn’t have a comparable framework.
Only time will tell if this is something the government will aim to tackle in the year ahead.
However, true resilience cannot be achieved by only focusing on cyber threats. The last year has clearly demonstrated that not all disruptions in the digital world are malicious.
Geopolitics will fuel a new phase of information warfare
Global tensions will continue to shape the cyber landscape in the year ahead.
While hopes for peace in Ukraine remain, friction between Russia and the West is likely to intensify, driving hybrid operations designed to test UK resilience and disrupt its support channels.
US and China relations will also influence supply chains and spur cyber activity aimed at economic advantage.
Across Europe, concerns about Foreign Information Manipulation and Interference (FIMI) are also rising.
Deepfakes and AI generated content are becoming more convincing, and 2026 may be the year when distinguishing fact from fiction becomes increasingly difficult for citizens.
In an increasingly volatile environment, the impact of these campaigns could be very dangerous.
AI will transform state and criminal cyber threats
Of course, no prediction would be complete without a reflection on AI.
We will see AI find its role in transforming both state and criminal cyber threats.
Expect far more effective AI-enabled social engineering, more effective targeting of vulnerable firms and more creative AI-enabled exploitation of stolen data. Rapid and often shadow adoption of AI will find sensitive client data appearing in all too many large language models.
Improving the governance around AI (and managing the use of shadow AI within firms) will be on the agenda for many, although regulation in this space will be complicated by geopolitics.
Expect ethical debates on the application of AI to lag technology development as society tries to play catch-up and entrepreneurs race ahead with highly leveraged investment.
Looking ahead
The year ahead will bring new challenges that will be complex and messy for both governments and organisations.
Resilience in the brave new world is not just about cyber security. It is about surviving in the face of changing threats, geopolitics and digital disasters, regardless of how they occur or where they come from.
