If 2024 and 2025 were years when organizations felt the strain of tightening budgets, then 2026 is the year when these decisions will fully manifest themselves in their exposure to cyber risk. In both the private and public sectors, years of belt-tightening have led to staff cuts, aging infrastructure and delayed modernization. Analyst reports show that growth in cybersecurity spending has slowed markedly, and many security teams are working with fewer people than they were three years ago. The cumulative effect of this means fewer defenders, slower detection and weakened resilience at a time when adversaries become more ambitious and sophisticated.
The past year has provided compelling evidence that these gaps directly lead to risk. Major compromise in the supply chain Oracle Cloud millions of records were reportedly exposed and more than 140,000 tenants were affected. Salesloft/Drift violation demonstrated how attackers can leverage interconnected SaaS ecosystems to cascade access to multiple organizations. Meanwhile, Jaguar Land Rover The cyber incident halted car production and disrupted supply chains for weeks, demonstrating how even relatively mature, well-funded industries can be brought to a standstill by a single compromise. These incidents highlight a systemic weakening of third-party defense capabilities and oversight.
This is the backdrop against which 2026 begins, and the legacy of recent budget cuts will continue to weaken the defensive posture of many organizations. With smaller teams and limited resources, attackers will have longer latency, greater freedom of movement, and more opportunities to exploit unpatched systems. Supply chain compromise and zero-day exploitation will remain major attack vectors, especially in environments where patch cycles have slowed or asset inventory is incomplete. The situation is aggravated by the fact that several national cyber organizations have themselves experienced financing and workforce reductionwhich limits their ability to coordinate incident response at scale. In short, the powerful attacks of 2025 should unfortunately not be seen as peak situations, but as early indicators of a worsening trend.
However, budgetary pressure is not the only factor changing the threat landscape. A parallel shift is emerging, driven by the rise of what might be called random cyber aggression, beyond more predictable threats such as nation states or organized crime. Across the UK, several high-profile incidents in 2025 involved individuals with loose connections. often teenagersowning regular hacking tools, rented botnets, and downloadable exploit kits. These attackers are not motivated by complex financial schemes or geopolitical goals, but are driven by curiosity, frustration, social approval, or the simple thrill of fame.
This behavior is fueled by two converging forces. First, the availability of attack tools has increased dramatically. Automated scripts, ransomware-as-a-service platforms, and AI-based intelligence tools require minimal technical knowledge, lowering the barrier to entry. Second, there has been a dramatic increase in the volume of open source intelligence, from corporate data leaks to widely published social media profiles. Leaders, public figures and organizations leave digital traces that can be combined into highly convincing social engineering campaigns. For potential attackers, the path from idea to action has never been shorter.
At the same time, what appears to be weakening—perhaps due to the frequency of attacks or complacency—is the perceived risk of consequences. Arrests and prosecutions for cybercrime remain rare relative to the scale of the attacks; and in the online communities where many of these people operate, reputation and bravado often outweigh caution. Coupled with social unrest and worsening economic pressures, hacking is becoming a form of digital expression for some, offering an accessible outlet with very real consequences and very little consequence.
In 2026, this will lead to the expectation of more indiscriminate and attention-grabbing attacks from small groups or individuals using widely available tools. While these incidents may lack technical sophistication, their public visibility and spillover impact, especially when targeting government services, transportation networks, or large consumer brands, will make them strategically significant. They also risk undermining public trust in digital services at a time when that trust is already fragile.
Of course, it wouldn't be a look into the future without mentioning, among other things, the rapid development of artificial intelligence in the field of cybersecurity. Back in 2020, predictions that AI would change defensive strategies seemed optimistic; today they look reserved. By 2025 IBM report found that more than two-thirds of organizations reported using AI in their cybersecurity programs, and nearly a third relied heavily on it. AI now powers anomaly detection, automated response, threat hunting and vulnerability management. But cybercriminals took it just as aggressively. Research shows that most email attacks now use artificial intelligence, and extortion campaigns using it are becoming the norm.
Generative AI has made it much easier to create spear phishing emails, robust social engineering scenarios, and realistic fake impersonations. For sensitive entities such as executives, excessive sharing of personal and professional information online significantly increases risk. And the growing maturity of agent-based AI, those autonomous systems capable of performing multi-step tasks, opens up both powerful defensive capabilities and new attack opportunities.
Taking all this into account, three trends can be identified.
First, the side effects of underinvestment will continue; that is, there will be fewer disruptions overall, but those that do occur will be larger, more complex, and more disruptive due to longer wait times and interconnected supply chains.
Second, random cyber aggression will become more visible, testing societal resilience and forcing policymakers to rethink digital accountability.
Third, the AI ​​arms race will accelerate on both sides, with defenders and attackers deploying increasingly autonomous systems, leading to the next stage of the cat-and-mouse game.
It's fair to say that 2026 won't necessarily be the most catastrophic year for cybersecurity, but it could be one of the most significant. The choices organizations make now in restoring investment, rebuilding cyber skills, and managing AI responsibly will determine whether the curve shifts toward sustainability or further fragility.
Anthony Young – CEO of the company Bridewellmanaged security service provider operating in the UK and US.
