{"id":15406,"date":"2026-01-05T07:03:08","date_gmt":"2026-01-05T07:03:08","guid":{"rendered":"https:\/\/newestek.com\/?p=15406"},"modified":"2026-01-05T07:03:08","modified_gmt":"2026-01-05T07:03:08","slug":"cybersecurity-leaders-resolutions-for-2026","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=15406","title":{"rendered":"Cybersecurity leaders\u2019 resolutions for 2026"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

As the AI-hype dust settles, CISOs have a lot to focus on 2026. From ongoing struggles such as ensuring teams are not burning out to current and future concerns, which includes finding effective business cases for AI, focusing on spotting a breach before it happens to planning for looming fear of breaking quantum encryption, CISOs from different industries share what is top of their agenda for 2026.<\/p>\n

1. Prioritize resilience over reactive security<\/h2>\n

Emphasis on resilience and architectural discipline, particularly as organizations face even greater reliance on cloud infrastructure, is part of Fortitude Re CISO Elliott Franklin<\/a>\u2019s resolutions. \u201cOur approach will focus on well-structured project management and intentional design,\u201d he says.<\/p>\n

Any new initiative will start with a clear architectural plan and a deep understanding of end-to-end dependencies and potential points of failure. \u201cBy taking a thoughtful, engineering-driven approach \u2014 rather than reacting to outages or disruptions \u2014 we aim to strengthen the stability, scalability, and reliability of our systems,\u201d he says. \u201cThis foundation enables the business to move with confidence, knowing our technology and security investments are built to endure and evolve.\u201d<\/p>\n

2. AI will dominate the agenda<\/h2>\n

Standard Chartered group CISO Cezary Piekarski expects his agenda to be dominated by AI in two ways: defining both the threat landscape and defensive architecture.<\/p>\n

\u201cSpeed is essential when mitigating attacks so leveraging AI and orchestration tools allows us to quickly automate detection and streamline incident response,\u201d Piekarski says. \u201cThis reduces dwell time significantly and accelerates remediation, ensuring that threats are contained before they escalate.\u201d<\/p>\n

As new attack surfaces emerge with AI-driven applications and systems, Piekarski\u2019s priorities will focus on defending and hardening the environment against AI-enabled threats and tactics. \u201cIt\u2019s harnessing the opportunities of AI across the cyber stack and enabling the bank to use AI securely and safely.\u201d<\/p>\n

Qiagen CISO Daniel Schatz<\/a> expects artificial intelligence to remain a core theme across 2026 \u201cin terms of using AI to improve security controls and operations, and ensuring AI is securely integrated into products.\u201d<\/p>\n

He expects a notable escalation in the sophistication and scale of generative AI enabled threats.<\/p>\n

\u201cWhat we have observed so far are largely handcrafted AI-supported campaigns, but they will likely evolve into more automated and industrialized social-engineering operations, following the same pattern seen with most emerging threats,\u201d Schatz says. \u201cWith generative AI becoming ubiquitous, technologies that help organizations understand, manage, and secure the AI attack surface will quickly rise in importance. It\u2019s critical that the industry embeds appropriate security controls from the start, so we avoid repeating the mistakes seen during the early days of web development.\u201d<\/p>\n

3. Achieve visibility and control, especially with AI<\/h2>\n

The priority for Conal Gallagher,<\/a> Flexera\u2019s CIO and CISO, is balancing productivity with protecting intellectual property as Flexera teams use AI tools and chatbots. \u201cWe\u2019re working to standardize trusted, enterprise-grade AI solutions, while putting controls in place to prevent data leakage from unsanctioned tools.\u201d<\/p>\n

In practice, SaaS management and discovery tools will be used to get a handle on shadow IT and unsanctioned AI usage. Automation for compliance and reporting will be important as customer and regulatory requirements around ESG and security continue to grow, along with threat intelligence feeds and vulnerability management solutions that help Gallagher and the team stay ahead of what\u2019s happening in the wild.<\/p>\n

\u201cThe common thread is visibility and control; we need to know what\u2019s in our environment, how it\u2019s being used, and that we can respond quickly when things change,\u201d he tells CSO.<\/p>\n

4. Manage human and non-human identities<\/h2>\n

Schatz is focused on managing human and non-human identities<\/a>. He expects technologies that enable effective identity management will continue to be critical. \u201cHuman identities remain challenging to protect, and non-human identities are only beginning to grow in scale with the emergence of agentic AI,\u201d he says.<\/p>\n

With a similar plan, Franklin is prioritizing identity and privilege management \u2014 across both human and non-human identities.<\/p>\n

\u201cIt\u2019s [about] ensuring that service accounts, APIs, and automation tools are governed with the same rigor as user accounts,\u201d Franklin says. \u201cAs automation grows, effectively managing these digital identities will be critical to maintaining trust, traceability, and control in complex environments.\u201d<\/p>\n

The goal is to strengthen the organization\u2019s overall resilience while enabling productivity and collaboration.<\/p>\n

5. Build security into agentic AI products<\/h2>\n

Some are prioritizing building security directly into agentic AI products to mitigate sophisticated attacks. \u201cWe\u2019re moving beyond simply trying to stop AI risks to engineering security directly into our agentic solutions, ensuring the secure path to innovation is the fastest path for our teams,\u201d Qualtrics CSO Assaf Keren<\/a> says.<\/p>\n

Keren will be utilizing AI to strengthen security capabilities, automate and accelerate internal functions like SOC triage and control testing.<\/p>\n