{"id":15542,"date":"2026-01-26T07:06:49","date_gmt":"2026-01-26T07:06:49","guid":{"rendered":"https:\/\/newestek.com\/?p=15542"},"modified":"2026-01-26T07:06:49","modified_gmt":"2026-01-26T07:06:49","slug":"cisos-predictions-for-2026","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=15542","title":{"rendered":"CISO\u2019s predictions for 2026"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

Last year<\/a> was defined by AI hype, new attack models, and intensifying global tensions. As 2026 begins, security teams are asking what the next phase will look like. Will AI continue to accelerate risk, or will controls and governance finally catch up?<\/p>\n

CSO spoke to 10 security leaders about their predictions and aspirations for 2026.<\/p>\n

Governance scrambles to keep pace with AI<\/h2>\n

As AI becomes deeply embedded in day-to-day business operations, security leaders are being pushed to scale governance models far faster than before. For Barry Hensley<\/a>, CISO at Brown & Brown Insurance, this translates to strengthening data guardrails by expanding data loss protection and monitoring, tightening identity controls, and introducing governance across both human and machine identities.<\/p>\n

That push towards structure and oversight is also reshaping how organizations define security at scale. As United Airlines CISO Deneen DeFiore<\/a> puts it, 2026 security will be less about perimeter defense and more about operational resilience at scale. \u201cThreat actors will increasingly use generative AI to automate reconnaissance, social engineering, and exploit chaining, while defenders will rely on AI to prioritize risk, accelerate detection, and reduce response times,\u201d she says. \u201cThe differentiator won\u2019t be whether organizations use AI, but how well they govern, tune, and trust it.\u201d<\/p>\n

Meanwhile, Repurpose It CISO Noel Toal<\/a> predicts that AI risk frameworks will increasingly reach board level. He believes these frameworks will give directors the structure and confidence to ask harder questions about AI exposure, triggering audits and help unlock long-needed security funding.<\/p>\n

DeFiore also expects governance conversations to shift beyond traditional risk management and towards continuous cyber resilience. \u201cBoards and regulators are already asking not just, \u2018Can you prevent an attack?\u2019 but \u201cCan you continue operating when one happens?\u2019\u201d She believes that changes will drive deeper investment in identity security, segmentation, recovery testing, and third-party resilience rather than point solutions.<\/p>\n

AI agents to reshape the threat landscape<\/h2>\n

But those same AI technologies are also changing the threat landscape. Toal points to a recent Anthropic report<\/a> that documented the first large-scale AI-enabled cyberattack as an early warning sign. \u201cI guarantee attackers will be more focused on using AI agents for what they want than a lot of businesses, because businesses in general are still very slow to adopt AI agents.\u201d<\/p>\n

In response, Toal says organizations will need to secure their own<\/em>AI agents with the same rigor applied to human users. \u201cWe\u2019ll have to treat internal AI agents as identities, and monitor what they access, when they run, and whether their behavior makes sense,\u201d he says. Without that shift, he cautions, organizations risk unleashing tools inside their networks that attackers could readily turn against them.<\/p>\n

Challenger CISO Katie Payten<\/a> agrees the rise of agentic AI fundamentally expands the identity attack surface. \u201cThe perimeter isn\u2019t just the external perimeter anymore; identity is the perimeter.\u201d She adds that as organizations deploy AI agents internally, governance must extend beyond human users. \u201cKnowing what your agent has access to, how it\u2019s making decisions, and taking responsibility for that will be essential.\u201d<\/p>\n

As AI becomes more deeply integrated, the sensitive data these systems rely on will become \u201can increasingly attractive target\u201d, with more AI-enabled attack methods<\/a> \u201cpoised to occupy a growing share of the threat landscape,\u201d according to Michael Garvin<\/a>, CISO at Jaggaer. As a result, he believes data security posture management will also become more important. \u201cBecause AI depends on large volumes of high-quality, sensitive data, organizations will need better visibility into how that data is accessed, classified, and protected.\u201d<\/p>\n

For Gergana Winzer<\/a>, partner and cyber security mid-market lead at KPMG, the real threat with AI is not just scale, but autonomy. She warns that AI-driven attacks will increasingly make their own target and execution decisions, reducing the need for human involvement. \u201cEverything can be automated today, not only on the side of companies, but also on the side of the criminals,\u201d she says, raising questions about how AI-enabled threats could extend beyond the digital realm into the physical world through AI-powered drones, for instance.<\/p>\n

Security teams will consolidate visibility and automate response<\/strong><\/h2>\n

When asked about what else 2026 could mean for the global security industry, Ramsay Healthcare CISO Manal Al-Sharif<\/a> believes AI will play a crucial role in helping consolidate telemetry into a single view. \u201cWhen you bring everything in, it\u2019s easy to triage and prioritize,\u201d she says. \u201cHaving that single point of view means you\u2019re correlating everything at the same time, so you know where you\u2019re exposed most \u2026 [and] before those threats become incidents.\u201d<\/p>\n

Garvin expects security strategies to evolve inside SOCs as AI becomes more embedded. \u201cThe biggest shift will be the deeper integration of AI into defensive security operations. Organizations will increasingly invest in securing AI models and data pipelines, and they will evolve penetration testing and adversarial testing approaches to evaluate AI systems with the same rigor applied to traditional applications.\u201d<\/p>\n

Nadia Veeran-Patel<\/a>, CISO at LRMG, has already seen this reshape incident workflows firsthand.<\/strong> \u201cOur analysts were looking at incidents individually as they came through as alerts, but when AI brought them together as a collection, you suddenly realize those alerts are actually a series of events that led to something bigger.\u201d<\/p>\n

DeFiore also expects a fundamental shift in how security teams operate day to day. In 2026, she wants teams spending less time reacting to alerts and more time on anticipation and enablement, by using automation, better data, and tighter integration with IT and business partners to reduce friction and accelerate decision-making.<\/p>\n

She adds what\u2019s equally important is continued investment in people and culture. \u201cTechnology evolves quickly, but resilient organizations are built by teams that are well-trained, empowered, and aligned to a shared mission,\u201d she says. \u201cCreating clarity around risk ownership and decision-making is just as critical as any tool we deploy. Ultimately, success looks like a security program that enables innovation, withstands disruption, and earns trust at every level of the organization, from the boardroom to the front line.\u201d<\/p>\n

Toal expects AI-driven orchestration to become a defining feature of modern SOCs in 2026, as AI increasingly isolates compromised endpoints, blocks malicious IPs, rolls back ransomware in real time, and maps an attacker\u2019s path. \u201cThe mean time to response would be vastly reduced. Instead of taking hours to respond to an incident, you could start to respond hopefully within seconds \u2026 [and] engage properly.\u201d<\/p>\n

SMEs will become prime targets amid rising automation<\/h2>\n

Winzer adds 2026 will mark a decisive shift, with SMEs becoming primary targets for ransomware. According to the 2025 Verizon data breach report<\/a>, ransomware made up 44% of all breaches globally, and SMEs represented a disproportionate percentage of victims.<\/p>\n

\u201cWhy? Because they\u2019re easy now \u2026 the rationale is they have limited security maturity and they cannot absorb outages, so they end up paying [the ransomware], even though the government is saying, \u2018Don\u2019t pay\u2019. But it\u2019s really difficult for them to negotiate because they don\u2019t have the budget to put proper recovery plans in place.\u201d<\/p>\n

Winzer warns that AI-driven reconnaissance is accelerating this trend. \u201cAI today is very capable. You can press a button and very quickly do a huge amount of damage within a few seconds.\u201d Combined with gaps in mid-market MSSP coverage, which are \u201cnot necessarily as complete\u201d, she says that makes it very easy for the attackers to go after SMEs.<\/p>\n

Veeran-Patel has seen a similar escalation in criminal tactics. \u201cWe have seen attackers routinely employing what we call triple extortion, where they combine not only data encryption, data leaking\/extortion, and also leveraging third parties, like customers, regulators, and vendors, to put pressure on their victims to pay the ransoms.\u201d<\/p>\n

Even so, Winzer is cautiously optimistic that vendors will begin delivering more tailored solutions to the mid-market. \u201cThey did not do before. Now they\u2019re realizing this is a huge target, and it\u2019s also an opportunity to provide services.\u201d<\/p>\n

Supply chains remain vulnerable as nation-state activity intensifies<\/h2>\n

Winzer sees critical infrastructure as a primary cyber battlefield. Operational environments are \u201cfar more reachable,\u201d she says, due to IT\/OT convergence, cloud-connected control systems, and remote-access pathways that remain exposed even when partial segmentation exists.<\/p>\n

Payten warns that data risk is increasingly hidden within complex supply chains, as organizations rely on expanding ecosystems of third-party and SaaS providers. That reliance, she says, quietly compounds exposure. \u201cWe\u2019re using so many third parties, and those third parties use their own third parties; they become fourth parties,\u201d she says.<\/p>\n

The challenge is not just assessing vendors at the point of engagement but maintaining visibility over where sensitive data ultimately resides. \u201cYou can\u2019t outsource your accountability,\u201d Payten says. \u201cYou still own the data.\u201d<\/p>\n

Healthcare and local councils remain high-risk targets as well, driven by low cyber budgets, sensitive population data and the high cost of downtime, Winzer adds. \u201cBefore [attackers] were going after the cash only. But now they\u2019re looking at reputational damage, because that causes organizations to pay faster.\u201d<\/p>\n

Veeran-Patel expects nation-state pressure to intensify too, warning that geopolitical conflict is increasingly being played out in cyberspace. \u201cCyber warfare is a real thing,\u201d she says. \u201cWars are no longer going to be fought on the front lines with soldiers on the ground. They are likely going to be fought with buttons.\u201d Her concern is that many governments are still not treating the risk with the level of urgency it requires, despite signs of critical infrastructure in developing nations already being taken offline by hostile actors.<\/p>\n

Vendors must deliver secure-by-design products<\/h2>\n

Al-Sharif believes 2026 will be the year when the industry confronts a long-ignored truth that non-malicious insiders are not the main problem. \u201cMy issue is with the technology makers,\u201d she says. \u201cThey still give me a car with no brake, no lock, no seatbelts. They sell it to me and find a way for me to sign away my rights \u2026 my issue is that technology makers need to be held accountable for creating flawed technology.\u201d<\/p>\n

She predicts insecure defaults will become untenable as incidents continue to trace back to weak authentication and outdated access controls. She says the problem is especially visible in healthcare, where connected devices still arrive with default passwords and cannot be patched without voiding warranties. \u201cI want the government to make sure there\u2019s a way to measure how secure those devices are before I connect a life support machine to them.\u201d<\/p>\n

Payten echoes concerns about insecure defaults and poorly secured connected devices. From routers to smart appliances, she highlights default credentials and weak configurations remain widespread. \u201cThere are still people with default passwords on their routers \u2026 and now there are so many connected devices.\u201d<\/p>\n

Now is the time to prepare for post-quantum cryptography<\/h2>\n

Zoe Hearn<\/a>, head of cybersecurity strategy and governance at Insignia Financial, says rising expectations from customers, regulators, and governments are pushing organizations to take a more proactive role in preparing for the post-quantum era. She points out how simply complying with emerging standards will not be enough.<\/p>\n

\u201cWith quantum-vulnerable encryption set to be phased out by 2030, now is the time to invest in future-ready security infrastructure,\u201d she says. For Hearn, the shift demands leadership, not just technical uplift, as quantum risk increasingly becomes a board-level conversation.<\/p>\n

Timothy Youngblood<\/a>, CISO in residence at Astrix Security and former CISO at McDonald\u2019s and T-Mobile, shares the same concern. He expects progressive enterprises to begin mapping their quantum security in preparation of the mainstream arrival of the technology. \u201cThe more progressive enterprises are going to start to assess their quantum security gaps, who are the partners that they need to address that,\u201d he says. \u201cIt has the potential to be another Y2K. It\u2019s a slow-moving Y2K. Of course, people are going to be caught off guard whenever quantum becomes mainstream, and that\u2019s coming. It\u2019s time to assess what the strategies are.\u201d<\/p>\n

Toal believes boards will soon pay closer attention to quantum risk as well. He notes that attackers are already harvesting encrypted data today in anticipation of future decryption. \u201cIt might still be slightly behind AI recognition, but I think boards are going to realize they have a longer-term problem,\u201d he says.<\/p>\n

Auditors, he predicts, will begin raising quantum preparedness in security reviews, forcing it onto roadmaps. \u201cIf they\u2019re not addressing the fact that a minor breach today could become a major problem in the near future, that\u2019s a gap boards will need to reckon with.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Last year was defined by AI hype, new attack models, and intensifying global tensions. As 2026 begins, security teams are asking what the next phase will look like. Will AI continue to accelerate risk, or will controls and governance finally catch up? CSO spoke to 10 security leaders about their predictions and aspirations for 2026. Governance scrambles to keep pace with AI As AI becomes… <\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-15542","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15542","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=15542"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15542\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=15542"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=15542"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=15542"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}