2026 trends in Cyber Security

2026 is shaping up to be an exciting year for those of us who work in Cyber Security, with fresh challenges and innovative exploit techniques on the horizon. For many of us, 2025 marked the beginning of another era of rapid technological change, with accelerating adoption of AI in both private and corporate spheres, plus breakthroughs in Agentic AI, quantum computing, autonomous systems and biotechnology. Looking forward to 2026, across the security industry, one major challenge confronts us all – staying one step ahead. For the team at AnchorSec, that begins with investment in research, identifying trends that have the potential to compromise our clients, and supporting them with practical, proactive strategies. In this blog, we’ll explore the key themes shaping cyber security in 2026 and share ideas to help you navigate the changes and protect your business.

Continuing trends:

1. Rising ransomware: While cyber crime as a whole has remained fairly static from 2024 into 2025, the prevalence of ransomware has more than doubled, with an estimated 19,000 businesses affected in 2025. This trend has not reached its peak, as hackers continue to target key infrastructure, public services and manufacturers. This increase is driven in part by lucrative ‘double extortion’ tactics (attackers both encrypt and steal large quantities of data, threatening to leak or sell it, increasing the pressure to pay) and the accessibility of Ransomware-as-a-Service (RaaS) models.

2. Supply Chain Attacks: Third party service providers are the perfect target because they often have lower investment into cyber security, potential access into hundreds of companies through one source, and a gateway to large-scale data breaches. A recent example is the critical n8n vulnerability which carries a CVSS score of 9.9 and can be exploited to allow any authenticated user system-level privileges. N8n is a self-hosted, open-source automation tool used by thousands of companies worldwide. With an estimated 100,000 servers potentially exposed, the attack surface is enormous.  Supply chain vulnerabilities are also inherently difficult to manage, requiring trust between parties to identify, assess and remediate.

3. Increasing vectors for attacks: As traditional defences such as firewalls, monitoring, and compliance checklists become insufficient against rapidly evolving threats, organisations must learn from ethical hackers, and think like an adversary. In addition to software vulnerabilities, attackers are targeting devices such as routers, firewalls and IoT hardware, using zero-day exploits and custom malware. These devices, often overlooked and difficult to secure, are now prime entry points for attackers. Furthermore, as businesses increasingly adopt technological advancements to drive efficiency and innovation, they inadvertently expand their digital footprint, creating a larger and more complex attack surface. This increasing surface creates more opportunities for attackers to find a low resistance path.

4. Advancing AI: 1 in 6 breaches in 2025 involved attackers using AI. The accelerating adoption of AI makes cyber-attacks more frequent and less expensive, as threat actors use AI to augment and scale their attacks. However in 2026, the growing challenge is attacks on AI systems themselves. New vulnerabilities are being rapidly created and exposed through AI integrations, making AI a central force in cybersecurity in 2026.

5. Post-Quantum Cryptography: As we enter 2026, quantum computing is rapidly advancing and reshaping the cybersecurity landscape. The pace of innovation is outstripping how quickly organisations can update their systems, creating a widening security gap. Attackers don’t need fully operational quantum computers to pose a threat; many are already harvesting encrypted data now, planning to decrypt it once quantum capabilities mature. This “harvest now, decrypt later” strategy means long-lived data such as financial records and personal information is increasingly at risk. Legacy encryption methods and outdated systems are becoming obsolete, making the transition to post-quantum cryptography (PQC) more urgent than ever.

New Legislation:

1. The EU Cyber Resilience Act: The Cyber Resilience Act, set to apply from December 2027, makes 2026 a crucial year for organisations to adopt new policies. As regulations tighten, managed service providers (MSPs) are placed under greater scrutiny, with expanded duties around incident reporting, security controls, and transparency. The mandatory Cyber Assessment Framework will soon cover more sectors, requiring both MSPs and their customers to operate with increased discipline. Recent surveys show that most MSPs are already experiencing heightened expectations from clients, highlighting the growing importance of strong cyber credentials in the industry.

2. UK’s Data (Use and Access) Act: Key elements of the act came into force in December 2025, with mandatory digital IDs for Right to Work checks is expected to be implemented in 2028/29. For many of us working in the security industry, this legislation, along with the Age Verification Law enacted in 2025 represents a growing security concern, as organisations collect, store and manage vast amounts of personal data, creating rich targets for data breaches. Furthermore, these data processors are not necessarily UK based, and may operate in jurisdictions with less stringent regulations, increasing the risk of a breach.

3. CISA’s Incident reporting act, CIRCIA: The US Cybersecurity and Infrastructure Security Agency is set to finalise the Cyber Incident Reporting for Critical Infrastructure Act in May 2026. The CIRCIA rule was signed into law in 2022, but the finalised act may be streamlined and mitigate conflicts with other cyber regulations. A public comments period in 2025 revealed a drive to reduce the scope and burden of the proposed rule, so we may see an extension of the 72 hours notice period for critical infrastructure operators experiencing a significant cyber incident, or a narrowing of those affected by this.

 As 2026 unfolds, it’s clear that cybersecurity will keep presenting new challenges, but also new opportunities to improve. By staying proactive, informed and open to new approaches, organisations can not only keep up with the pace of change but help set the standard for what secure businesses looks like in the years ahead.

Here’s our top list of New Year’s resolutions to help you get ahead:

1. Patch! Our number one tip – known vulnerabilities are often the path of least resistance for attackers. Keep on top of patch releases and update regularly.

2. Ensure a layered approach to security, enforce strong access controls and multi-factor authentication, back up critical data and invest in employee training.

3. Treat your third-party services providers as an extension of your internal network and hold them to the same standards. ISO27001 and Cyber Essentials do not provide sufficient assurance for your high-risk providers.

4. Blend structured frameworks (like NIST and ISO) with continuous, real-world attack simulations - mature organisations must move beyond compliance, integrating continuous testing and real-world attack simulations into their operations.

5. Combine expert-led testing with investment in AI-powered security tools. Expert-led testing remains indispensable, as experience and creativity are critical for identifying complex attack chains and validating AI findings.

6. Inventory your assets and map sensitive data flows – this is an essential first step in transitioning to PQC.

7. Familiarise yourself with new legislation - if your organisation sells (or makes available) digital products or components to the EU that interact with a network, you are likely to fall within the scope of the Cyber Resilience Act. For a gap analysis of your organisation, get in touch>