Cyber Daily Report

None--securityboulevard.com
published date: 2025-12-28 00:00:00 UTC

None

<p><main id="readArticle" class="Page-main" data-module="" data-padding="none" morss_own_score="4.2569992821249105" morss_score="12.39195073843559"></main></p><p><a href="https://www.govtech.com/blogs/lohrmann-on-cybersecurity">Lohrmann on Cybersecurity</a></p><h1>The Top 26 Security Predictions for 2026 (Part 2)</h1><h2>Welcome to the second installment of this comprehensive annual look at global cybersecurity industry prediction reports from the top security vendors, publications and thought leaders.</h2><div>December 28, 2025 • </div><p><a href="https://www.govtech.com/authors/dan-lohrmann.html"><span>Dan Lohrmann</span></a></p><figure> <p><img decoding="async" src="https://erepublic.brightspotcdn.com/dims4/default/332796e/2147483647/strip/true/crop/7333x3824+0+83/resize/840x438!/quality/90/?url=http%3A%2F%2Ferepublic-brightspot.s3.us-west-2.amazonaws.com%2Fe9%2F31%2Fee7ba1c644aab7ae48bff5a368b5%2F2026-loading.jpeg"></p> <div>Adobe Stock</div> </figure><div class="Page-articleBody RichTextBody" morss_own_score="4.296205630354956" morss_score="356.79620563035496"> <p> Last week, in part one of “<a href="https://www.govtech.com/blogs/lohrmann-on-cybersecurity/the-top-26-security-predictions-for-2026-part-1">The Top 26 Security Predictions for 2026</a>,” I covered the top 15 cyber industry company reports and offered a summary of industrywide security predictions, forecasts and trends. In part two, we will cover:</p> <ul> <li>Security Prediction Reports 16 to 26</li> <li>Five bonus reports worth a second look</li> <li>Honorable mention reports and prediction lists</li> <li>Awards for the best reports and predictions in various categories</li> <li>My final thoughts on what may be missing from these 2026 security predictions</li> </ul> <p><i>Reminder: This ranking covers organizational reports and not just individual predictions. Most reports offer six to 10 predictions or more, and the top reports group their predictions and themes into categories. Also, the research and details behind each security prediction (or trend) offer vital context. I urge readers to visit these companies’ websites, read their full reports (or articles/blogs) and see the details on each item — sometimes in video, PDF or other formats. My goal is to point you in the right direction and encourage you to visit website links for more details. Also, the cutoff date for these prediction lists was Dec. 17, 2025, to allow time for editing and ranking decision work.</i></p> <p><b>16) Secureframe: </b>Secureframe’s <i>Cybersecurity and Compliance 2026 Benchmark Report </i>is<a href="https://secureframe.com/blog/2026-cybersecurity-and-compliance-benchmark-report">summarized here and can be downloaded</a> for free, and it offers a different approach to cybersecurity trends for 2026. They surveyed over 250 companies, and their top insights can be seen in the list below.</p> <figure> <p><img decoding="async" src="https://erepublic.brightspotcdn.com/dims4/default/64e58ea/2147483647/strip/true/crop/1872x550+0+0/resize/840x247!/quality/90/?url=http%3A%2F%2Ferepublic-brightspot.s3.us-west-2.amazonaws.com%2Fa0%2Fcc%2Ffc0c6bea4187b8b18adc5cceade8%2Fsecureframe-chart.gif"></p> </figure> <p>Secureframe is ranked higher given their unique trend insights heading into 2026 (see extensive details on each item at their report). Here are some top takeaways:</p> <p></p> </div><div>2. Budgets are growing, but so is pressure.</div><div>3. The burden of manual compliance is at a breaking point.</div><div>4. AI is both a threat and an essential tool.</div><div>5. Compliance has evolved from check box to competitive advantage.</div><div>6. Proactive transparency is the new standard for trust. <p>7. The cost of noncompliance is lost revenue and slower growth. (52 percent of companies were compliant in more than one framework.)</p></div><div>8. Small teams are shouldering big expectations.</div><div>On the fifth item: 61 percent needed security compliance to secure contracts, 40 percent used compliance to reach enterprise buyers and 32 percent pursued compliance to satisfy investors or partners. <figure> <p><img decoding="async" src="https://erepublic.brightspotcdn.com/dims4/default/517aef6/2147483647/strip/true/crop/239x297+0+0/resize/840x1044!/quality/90/?url=http%3A%2F%2Ferepublic-brightspot.s3.us-west-2.amazonaws.com%2F79%2Ff3%2F9f55562b4fb88de5e1073574afd2%2Fzerofox-2026.png"></p> </figure> <p><b>17) ZeroFox: </b>Zerofox again released a solid report, entitled <a href="https://www.zerofox.com/2026-predictions/"><i>2026 Key Forecasts 2025 Conclusions</i></a>. Their <a href="https://www.globenewswire.com/news-release/2025/12/16/3206279/0/en/ZeroFox-Releases-2026-Threat-Forecast-Report-Detailing-Intelligence-Expectations-for-the-Cyber-Threat-Landscape.html">press release is here</a>. Here are some of their cybersecurity predictions (see the report for full details):</p> <ul morss_own_score="3.0" morss_score="11.5"> <li>“Generative Artificial Intelligence — In 2026, the use and impact of GenAI is very likely to shape the cyber threat landscape to an even greater extent than observed in 2025. …</li> <li>“Geopolitical and Cyber Convergence — Geopolitical developments will very likely influence the cyber threat landscape during 2026, continuing the trend of increasing convergence between the cyber and geopolitical spheres observed in recent years. …</li> <li>“Deep and Dark Web (DDW) Landscape — The DDW landscape will almost certainly continue to serve as a hub for actors to share information on evolving TTPs, advertise new malicious tools and services, and recruit new affiliates. …</li> <li>“Ransomware and Digital Extortion (R&DE) — R&DE incidents represent an ongoing threat to organizations of all sizes, industries and geographies. 2025 was a record year for R&DE collectives, with more victims identified than in any prior year. The first quarter of 2026 will likely exhibit the highest activity tempo, as observed in Q1 2025.</li> <li>“Social Engineering — Social engineering will remain one of the most exploited threat vectors leveraged by malicious actors in 2026 to gain initial network access, conduct fraudulent activity, or steal data. Malicious actors are very likely to continually evolve traditional TTPs, such as phishing, to exploit a network’s human element and circumvent hardened network defenses.</li> <li>“Initial Access Brokers (IABs) — IABs are very likely to remain key enablers of the global cybercrime space in 2026 by providing unauthorized network access at scale. The IAB marketplace — which maintained steady growth in 2025 — will likely become more sophisticated, specialized, and automated throughout 2026.”</li> </ul> <p><b>18) Forbes: </b>My respected colleague Chuck Brooks does a great job again in a report from Forbes<a href="https://www.forbes.com/sites/chuckbrooks/2025/11/10/cybersecurity-2026-6-forecasts-and-a-blueprint-for-the-year-ahead/"><i>Cybersecurity 2026: 6 Forecasts and a Blueprint for the Year Ahead</i></a>.</p></div><div>Go to the report for details on each item, but, his top six forecasts:</div><div>1. “Agentic AI will become the new attack and defense frontier.”</div><div>2. “Quantum computing has been a threat on the horizon for a long time. In 2026, we reach a turning point.”</div><div>3. “Deepfakes, synthetic media and identity deceptions are on the rise.”</div><div>4. “The attack surface grows as IoT, edge and device proliferation grow.”</div><div>5. “Cybercrime grows into corporate-class businesses.”</div><div>6. “In 2026, the companies that do well will be the ones that see cybersecurity as a strategic pillar for the whole business, not simply an IT cost center.” <p><b>19) Kaseya, SecurityScorecard + Others </b>in this piece from dbta.com: “<a href="https://www.dbta.com/Editorial/News-Flashes/7-Predictions-for-Cybersecurity-and-Resilience-in-2026-172555.aspx">7 Predictions for Cybersecurity and Resilience in 2026.</a>” Note the Kaseya prediction wins an award for “scariest and still believable.”</p></div><div>“Expect major incidents by mid-2026: Here’s the paradox: while security threats escalate, AI is eliminating entry-level tech jobs. New graduates face a career ladder missing its bottom rungs. When the crisis hits, will we have enough defenders who know how to fight it? Attacks on SaaS infrastructure are exploding. Threat actors have shifted from targeting individual companies to the platforms powering entire ecosystems. Crack one widely-deployed firewall, and you’ve exposed one-eighth of the world’s networks. The real danger? Microsoft, Amazon, and Google control the backbone of global computing. A low-level breach in any of these could cascade into economic catastrophe. 2026’s lesson may be that cybersecurity’s biggest vulnerability isn’t technology — it’s concentrated infrastructure risk and a disappearing talent pipeline.” Mike Puglia, GM, security at Kaseya</div><div>“Cyber resilience mandates will reshape public-private risk models: In 2026, the U.S. will implement a national cyber-resilience mandate for critical infrastructure and federal supply-chain partners. Organizations will be required to meet minimum cybersecurity standards or risk losing contracts, insurance coverage, or regulatory standing. With budgets tightening and election-year scrutiny rising, policymakers will shift from voluntary frameworks to enforceable baselines tied to resilience metrics. Expect CISA and sector regulators to blend elements of CMMC, CIRCIA, and FISMA into a unified model, with private-sector data helping validate performance at scale. Insurers and investors will follow suit, rewarding verified resilience and penalizing poor cyber hygiene, making 2026 the year cybersecurity becomes a regulated national priority.” Michael Centrella, head of public policy, SecurityScorecard</div><div>Also see this SecuritySecorecard video: <p><b>20) Cybersecurity Ventures</b> and <i>Cybercrime Magazine</i> always offer a mountain of excellent information, statistics and also predictions. This year they have the “<a href="https://cybersecurityventures.com/official-2026-cybersecurity-market-report-predictions-and-statistics/">Official 2026 Cybersecurity Market Report: Predictions And Statistics</a>” and this <a href="https://cybersecurityventures.com/wp-content/uploads/2023/11/CybersecuritySpending2025-2031.pdf">PDF version of the details</a>.</p></div><div>Here are some highlights, but please read this excellent report at the link: <ul> <li>“Cybersecurity Ventures predicts that the world will spend $522 billion on cybersecurity products and services in 2026.”</li> <li>“Cybersecurity Ventures predicts that cybercrime will cost the world $10.5 trillion annually by 2025, up from $3 trillion in 2015.”</li> <li>“The U.S. spends more than $25 billion on cybersecurity every year, more than any other nation.”</li> </ul> <p><b>21) Security Magazine </b>always has high-ranking security predictions from multiple vendors for the new year (according to Google’s SEO), and these are free (although you do get limited free views per month.) This December offers: “<a href="https://www.securitymagazine.com/articles/102030-5-cybersecurity-predictions-for-2026">5 Cybersecurity Predictions for 2026.</a>”</p></div><div>Highlights include: <ul> <li>“Shadow AI Will Emerge as a Top Threat” (from Darren Williams, founder and CEO of BlackFog)</li> <li>“Compliance and Security Will Converge” (from Chris Radkowski, GRC expert at Pathlock)</li> <li>“Disinformation Security Will Become an Enterprise Priority” (from Sandy Kronenberg, founder and CEO of Netarx)</li> <li>“Quantum Computing and AI Convergence Will Lead to a New Era of Security” (from Arjun Kudinoor, quantum security adviser at Protegrity)</li> <li>“Biometrics Will Be More Utilized as an Access Credential” (from Jake Leichtling, senior director of access control at Verkada)</li> </ul> <p><b>22) Presidio </b>Michael Brown offers <a href="https://www.presidio.com/blogs/2026-cybersecurity-predictions/">eight solid cybersecurity predictions for 2026.</a> (A disclaimer here that I work as field chief information security officer for public sector at Presidio.)</p></div><div>Here’s a headline summary:</div><div>1. “Data Chain of Custody Tracking/Cryptographic Provenance ‘Trust Becomes Verifiable’”</div><div>2. “Securing AI Models Becomes a Board Priority ‘Model Integrity Is the New Data Integrity’”</div><div>3. “Autonomous SOC Tier-1 Analysts ‘The First Line of Defense Becomes Autonomous’”</div><div>4. “Quantum Cryptography Pilot in Financial Services ‘Quantum Countdown Begins’”</div><div>5. “Major OT Industry Control System Breach ‘A Wake-Up Call for Critical Infrastructure’”</div><div>6. “GenAI Fraud Hits Record Levels ‘Deepfakes Become a Daily Threat’”</div><div>7. “Passwordless Authentication Hits Critical Mass ‘The Password Dies — Finally’”</div><div>8. “Boards Face a Cyber Transparency Mandate ‘Boards Must See It, Say It, Own It’” <p><b>23) Security.com </b>offers us<a href="https://www.security.com/feature-stories/five-cyber-predictions-2026">“Five Cyber Predictions for 2026” from Carbon Black + Symantec</a>:</p></div><div>1. “People are the key to unlocking a company’s secrets — A trend we have seen in multiple attacks this year is attackers gaining access to victim networks not by leveraging zero-day vulnerabilities or using sophisticated software supply chain attacks, but rather by taking advantage of organizations’ biggest weakness — the people who work there.”</div><div>2. “Russia and Iran may make cyber reply to real-world pressures — Ongoing geopolitical pressures on Russia and Iran could provoke threat actors in those countries to initiate disruptive or aggravating cyberattacks on their adversaries, such as Ukraine, Israel, the E.U. and the U.S.”</div><div>3. “Agentic AI will change the threat landscape (but not in the way you think).”</div><div>4. “Breaking the unbreakable: the looming quantum computing challenge.”</div><div>5. “Gathering clouds on the horizon.” <p><b>24) Tech Republic Magazine </b>brings us “<a href="https://www.techrepublic.com/article/news-2026-tech-predictions-industry-experts/">7 Tech Predictions Enterprise Leaders Are Watching in 2026.</a>”</p></div><div>These include (with details on each at the link):</div><div>1. “AI flattens technical skill barriers”</div><div>2. “AI’s most reliable wins won’t be flashy”</div><div>3. “The era of one-size-fits-all tech is ending”</div><div>4. “Autonomy replaces lock-in” — “After years of cost hikes and inflexible terms, more teams will be moving to cloud environments that give them the flexibility to choose, adapt and move without being boxed in.”</div><div>5. “Autonomous AI agents create a new attack surface”</div><div>6. “Observability becomes non-negotiable”</div><div>7. “The first AI-agent breach reshapes cyber training” — “The next major change in cybersecurity will be driven by a failure that forces organizations to rethink how people work with autonomous systems.” <p><b>25) Optiv </b>produced an excellent “<a href="https://www.optiv.com/sites/default/files/2025-12/threat-industry-profile-2025.pdf">2025 Industry Threat Profile</a>” that came out in December and lays out the major current threats seen from Oct 1, 2024, to Sept 30, 2025. While this report is more backward-looking (which lowers the score a bit), it does offer some trends and forecasts for the future.</p></div><div>In their words: “Amid an increasingly adaptive and regulated cyber landscape, Optiv is pleased to present the 2025 Industry Threat Profile — our annual analysis of how threat actors, industry dynamics and compliance pressures have converged over the past year. This year’s report moves beyond tracking attack activity to illustrate how threat behaviors have matured, where new pressure points have emerged and how industries can recalibrate their defenses in response to these evolving challenges. …”</div><div>Some highlights include:</div><div>“Threat Profile for Financial Services: Compromise of user or admin accounts — via phishing, credential reuse or forged instructions — remains a dominant attack vector. It enables fraudulent transfers, unauthorized access to regulatory systems and rapid theft of funds.</div><div>“Ransomware continues to be a disruptive vector, targeting both banks directly and their key vendors. Even when core banking systems remain intact, ancillary disruption impacts service continuity and trust.</div><div>“Exploited software vulnerabilities are a primary initial access vector, frequently facilitating ransomware deployment. These attacks target flaws in applications, operating systems and/or widely used third-party platforms.</div><div>“Compromise of service providers and software vendors enables attackers to reach multiple financial institutions at once. These incidents amplify contagion risk across statements, payments and settlement systems.” <p><b>26) Huntsman </b>once again brings a mix of<a href="https://huntsmansecurity.com/blog/cyber-security-predictions-for-2026/">“Cyber Security Predictions for 2026.”</a> Their videos on each topic add a nice touch.</p></div><div>Their predictions can be seen on this diagram, with details at their website. <figure> <p><img decoding="async" src="https://erepublic.brightspotcdn.com/dims4/default/07fb9a8/2147483647/strip/true/crop/624x375+0+0/resize/840x505!/quality/90/?url=http%3A%2F%2Ferepublic-brightspot.s3.us-west-2.amazonaws.com%2F77%2F66%2F5e9381b84256a557a7898d0c52c1%2Fhuntsman-2026.jpg"></p> </figure> <p></p> <h3>FIVE BONUS PREDICTION REPORTS FOR 2026</h3> <p><b>27) HP Wolf Security:</b> “<a href="https://www.hp.com/us-en/newsroom/blogs/2025/six-trends-for-2026-hp-wolf-security.html">Six Trends To Watch Out for in 2026 from HP Wolf Security</a>”</p> <ul> <li>“Attackers will accelerate their investments in cookie theft”</li> <li>“Cybercriminal groups will rely on AI agents to automate reconnaissance and target organizations”</li> <li>“Physical attacks on devices will become cheaper and easier for cybercriminals”</li> <li>“Organizations will finally take notice of IoT, edge and print security after a string of attacks”</li> <li>“Quantum resistance will become a vendor requirement”</li> <li>“The spotlight draws over identity, provenance and persistent control”</li> </ul> <p><b>28) IDC: </b>IDC always has an immense amount of helpful content, but most material for 2026 is not free. (They had much more free material last year.)<a href="https://www.idc.com/resource-center/blog/">blog portal offers some helpful free material</a> in many tech areas, including some cybersecurity. See also, this <a href="https://www.idc.com/resource-center/futurescape/">IDC FutureScape Resource Center</a>.</p></div><div>For example, see this piece: “<a href="https://www.idc.com/resource-center/blog/how-synthetic-data-and-clean-rooms-are-redefining-secure-data-collaboration/">How synthetic data and clean rooms are redefining secure data collaboration.</a>” “By 2028, 60 percent of enterprises will collaborate on data through private exchanges or data clean rooms.</div><div>With Amazon Web Services (AWS) <a href="https://aws.amazon.com/blogs/aws/aws-clean-rooms-launches-privacy-enhancing-synthetic-dataset-generation-for-ml-model-training/">announcing new privacy-enhancing synthetic data generation within AWS Clean Rooms</a>, we are already starting to see that prediction take shape.” <p><b>29) Forescout Research </b>offers “<a href="https://www.forescout.com/blog/7-cybersecurity-predictions-for-2026-from-vedere-labs/">7 Cybersecurity Predictions for 2026 from Vedere Labs</a>.” They also offer some <a href="https://securitysenses.com/videos/7-cybersecurity-predictions-2026-vedere-labs">video content on predictions</a> here. Some original thinking here that is worth a look. Here are four of their predictions:</p></div><div>1. “Threat Actors Will Exploit Saas App Permissions Instead of Passwords”</div><div>2. “Attackers Won’t Just <i>Use</i> AI for Social Engineering — They’ll <i>Sell</i> It As a Service”</div><div>3. “Quantum Readiness Will (Finally) Move to the Forefront”</div><div>7. “Hacktivists Will Turn Confusion Into a Weapon” <p><b>30) Illumio: </b>“<a href="https://hub.illumio.com/briefs/what-does-2026-have-in-store-for-cybersecurity-predictions-from-zero-trust-hub-contributors">2026 Cybersecurity Predictions From Zero Trust Leaders.</a>” Several great viewpoints expressed, and here is the first from John Kindervag, creator of Zero Trust and Illumio chief evangelist.</p></div><div>“As costs rise and AI risks become harder to ignore, he sees many organizations starting to move sensitive workloads from the cloud back on-premises. ‘Companies will keep what makes sense in the <a href="https://www.illumio.com/cybersecurity-101/cloud-security">cloud</a> and bring home the workloads that do not,’ he said. ‘This shift will create more hybrid models that help organizations cut waste, tighten security, and make more informed decisions.’</div><div>“But cloud strategy isn’t the only thing shifting. The org chart is, too. Kindervag believes cybersecurity accountability is finally moving where it belongs: the boardroom.</div><div>“‘For too long, CISOs have taken the fall for breaches they could not prevent,’ he said. ‘That era is ending. CEOs, not CISOs, will be held accountable.’” <p><b>31) Frontier Enterprise: </b>“<a href="https://www.frontier-enterprise.com/the-2026-cybersecurity-predictions-bonanza/">The 2026 cybersecurity predictions bonanza</a>” (Note: This is a long list of single predictions by a mix of security industry companies.)</p></div><div>Special attention to the first two items that came from Nadir Izrael, co-founder and CTO, Armis: </div><div>“<b>AI-Powered Financial System Manipulation</b>: Autonomous trading bots and AI-driven deepfakes manipulate stock markets, commodities, and cryptocurrency ecosystems. By impersonating regulators or company executives, AI systems trigger false earnings reports, disseminate false corporate announcements, falsify investor briefings, or simulate market crashes. The result: global financial instability with seconds-scale losses that human operators cannot contain.</div><div>“<b>Synthetic Identity Epidemic</b>: AI-generated personas infiltrate every layer of society: bank accounts, health systems, social networks, and even voting rolls. These synthetic humans conduct transactions, vote, and create fake social movements, overwhelming identity verification systems and making trust in digital identity nearly meaningless.”</div><div>(Note: “AI-Powered Financial System Manipulation” was runner-up for the scariest award that is still realistic.) <h3>HONORABLE MENTION SECURITY PREDICTION FORECASTS/REPORTS/ARTICLES FOR 2026</h3> <p></p> <ul> <li><b>Center for Internet Security (CIS): </b><a href="https://www.cisecurity.org/insights/blog/7-cis-experts-2026-cybersecurity-predictions">7 CIS Experts’ 2026 Cybersecurity Predictions</a></li> <li><b>Alan Shark </b>at <i>Government Technology</i>:<a href="https://www.govtech.com/voices/2026-ai-outlook-10-predictions-for-the-new-year">2026 AI Outlook: 10 Predictions for the New Year</a></li> <li><b>EC-Council University:</b> <a href="https://www.eccu.edu/blog/cybersecurity-trends-2026/">What are the Top Cybersecurity Trends to Expect in 2026?</a></li> <li><b>Radware: </b><a href="https://www.radware.com/blog/threat-intelligence/2026-cybersecurity-forecast/">2026 Cybersecurity Forecast: Six Expert Predictions Worth Paying Attention To</a></li> <li><b>AttackIQ: </b><a href="https://www.youtube.com/watch?v=7uTHMrhm0Dk">10 Cyber Threats That Will Define 2026</a></li> <li><b>Halcyon: </b><a href="https://www.halcyon.ai/blog/defensible-by-design-ransomware-and-cybersecurity-in-2026">Defensible by Design: Ransomware and Cybersecurity in 2026</a></li> <li><b>Digicert:</b> <a href="https://www.digicert.com/blog/security-predictions-for-2026">The Evolution of Trust: Security Predictions for 2026</a></li> <li><b>SecureWorld Magazine: </b><a href="https://www.secureworld.io/industry-news/cybersecurity-predictions-2026">Strategic Shifts: Cybersecurity Predictions for 2026</a> (Note: This one offers a long list of single predictions by a mix of security industry companies.)</li> <li><b>Manufacturing Business Technology Magazine (MBTMag.com): </b><a href="https://www.mbtmag.com/cybersecurity/article/22956617/predictions-for-2026">Getting Ready for 2026</a></li> <li><b>ITWire: </b><a href="https://itwire.com/guest-articles/guest-opinion/rapid7%E2%80%99s-top-cybersecurity-predictions-for-2026.html">Rapid7’s Top Cybersecurity Predictions for 2026</a></li> <li><b>Wavestone: </b><a href="https://www.wavestone.com/en/insight/technology-trends-2026/">7 technology trends that will shape the future of IT</a> (Note: Great report, but most predictions go beyond cyber into other IT areas.)</li> <li><b>Global Cyber Alliance: </b><a href="https://globalcyberalliance.org/five-cybersecurity-forces-that-defined-2025-and-will-shape-2026/">Five Cybersecurity Forces That Defined 2025 – And Will Shape 2026</a></li> <li><b>PointGuard AI: </b><a href="https://www.pointguardai.com/blog/top-10-predictions-for-ai-security-in-2026">Top 10 Predictions for AI Security in 2026</a></li> <li><b>Dice: </b><a href="https://www.dice.com/career-advice/cyber-pros-ai-and-other-advanced-skills-will-matter-more-in-2026">Cyber Pros: AI and Other Advanced Skills Will Matter More in 2026</a></li> <li><b>Security Brief Australia: </b><a href="https://securitybrief.com.au/story/2026-predictions-the-year-identity-becomes-the-ultimate-control-point-for-an-autonomous-world">2026 Predictions: The year identity becomes the ultimate control point for an autonomous world</a></li> <li><b>Silent Push: </b><a href="https://www.silentpush.com/blog/2026-predictions/">Silent Push 2026 Predictions</a></li> <li><b>Software Development (SD) Times: </b><a href="https://sdtimes.com/security/6-security-predictions-for-2026/">6 security predictions for 2026</a></li> <li><b>Orchid Security: </b><a href="https://www.linkedin.com/pulse/2026-predictions-identity-ai-agents-new-guardrails-cksqe/">2026 Predictions: Identity, AI-Agents, and The New Guardrails</a></li> <li><b>Tarian: </b><a href="https://tariangroup.com/2026-security-5-trends-that-will-reshape-business-protection-strategies/">2026 Security: 5 Trends That Will Reshape Business Protection Strategies</a></li> <li><b>Rapid7: </b><a href="https://www.rapid7.com/blog/post/it-security-today-setting-stage-for-2026-predictions-webinar/">The State of Security Today: Setting the Stage for 2026</a></li> <li><b>Splashtop: </b><a href="https://www.splashtop.com/blog/top-cybersecurity-trends-and-predictions-for-2026">Top Cybersecurity Trends and Predictions For 2026</a></li> <li><b>DevPro Journal: </b><a href="https://www.devprojournal.com/technology-trends/security/cybersecurity-outlook-2026-from-quantum-risks-to-evil-gpt/">Cybersecurity outlook 2026: From quantum risks to “Evil GPT”</a></li> <li><b>VMblog: </b><a href="https://vmblog.com/archive/2025/12/05/five-cybersecurity-predictions-for-2026.aspx">Five cybersecurity predictions for 2026</a></li> <li><b>BATM Networks: </b><a href="https://www.telco.com/blog/2026-cybersecurity-predictions-preparing-for-the-ai-and-quantum-era/">2026 Cybersecurity Predictions: Preparing for the AI and Quantum Era</a></li> <li><b>Deloitte: </b><a href="https://www.deloitte.com/us/en/insights/topics/technology-management/tech-trends.html">Tech Trends 2026</a> (With cybersecurity included)</li> <li><b>Securityinformed.com and i-PRO Co., Ltd. (formerly Panasonic Security): </b><a href="https://www.securityinformed.com/news/ai-cybersecurity-2026-pro-insights-co-1584600779-ga.1765952062.html">i-PRO’s 2026 Security Tech Predictions: AI & Cybersecurity</a></li> <li><b>SecurityBrief (UK): </b><a href="https://securitybrief.co.uk/story/axis-outlines-five-key-security-tech-trends-for-2026">Axis outlines five key security tech trends for 2026</a></li> <li><b>Microsoft: </b><a href="https://news.microsoft.com/source/features/ai/whats-next-in-ai-7-trends-to-watch-in-2026/">What’s next in AI: 7 trends to watch in 2026</a></li> <li><b>CISO Times, FTI Consulting: </b><a href="https://cisotimes.com/2026-national-security-predictions/">2026 National Security Predictions</a></li> <li><b>Lumu: </b><a href="https://lumu.io/blog/cybersecurity-predictions-2026/">Cybersecurity Predictions 2026: The Post-Malware & AI Era</a></li> <li><b>SimpliLearn: </b><a href="https://www.simplilearn.com/top-cybersecurity-trends-article">20 Emerging Cybersecurity Trends to Watch Out in 2026</a></li> <li><b>DevOps.com: </b><a href="https://devops.com/spycloud-unveils-top-10-cybersecurity-predictions-poised-to-disrupt-identity-security-in-2026/">SpyCloud Unveils Top 10 Cybersecurity Predictions Poised to Disrupt Identity Security in 2026</a></li> <li><b>CoreWin: </b><a href="https://corewin.ua/en/news-en/cybersecurity-2026-forecasts/">Cybersecurity Outlook 2026: Key Forecasts and Strategic Considerations for the Year Ahead</a></li> <li><b>PwC: </b><a href="https://www.pwc.com/us/en/services/consulting/cybersecurity-risk-regulatory/library/2026-cybersecurity-outlook.html">Six ways to prepare for a more secure future. What’s ahead for cybersecurity in 2026</a></li> <li><b>Total Assure: </b><a href="https://www.totalassure.com/blog/2026-top-3-cybersecurity-predictions">2026 Forecast: The Top 3 Cybersecurity Predictions You Need to Know. What happens when bots outnumber us 82 to 1?</a> (Note: Love that second line of the heading. BRAVO!)</li> <li><b>Coursera: </b><a href="https://www.coursera.org/articles/cybersecurity-trends">7 Cybersecurity Trends to Know in 2026</a></li> <li><b>Cybersecurity Asia (CSA): </b><a href="https://cybersecurityasia.net/2026-cyber-resilience-business-competency/">Prediction 2026: Cyber Resilience Will Become Business Competency, Not Just IT Function</a></li> <li><b>Ken Underhill via TechRepublic: </b><a href="https://www.techrepublic.com/article/news-5-cybersecurity-predictions-2026/">5 Cybersecurity Predictions for 2026: An Industry Insider’s Analysis</a></li> <li><b>Database Trends and Applications (DBTA.com): </b><a href="https://www.dbta.com/Editorial/News-Flashes/IBM-Executives-Share-Tech-Industry-Predictions-for-2026-172686.aspx">IBM Executives Share Tech Industry Predictions for 2026</a></li> </ul> <p></p> <figure> <p><img decoding="async" src="https://erepublic.brightspotcdn.com/dims4/default/51977eb/2147483647/strip/true/crop/5319x3547+0+0/resize/840x560!/quality/90/?url=http%3A%2F%2Ferepublic-brightspot.s3.us-west-2.amazonaws.com%2Fb9%2F75%2F4d2669cd408b9feb797aacb45a91%2Fawards-cups.jpg"></p> </figure> <h3>2026 SECURITY PREDICTION INDUSTRY REPORT AWARDS</h3> <p><b>Best and Most Comprehensive Vendor Report Overall: Trend Micro</b></p></div><div>“The AI-Fiction of Cyberthreats: Trend Micro Security Predictions for 2026” is offered <a href="https://documents.trendmicro.com/assets/research-reports/the-ai-fication-of-cyberthreats-trend-micro-security-predictions-for-2026.pdf">in a 39-page PDF format</a>. In addition to their great PDF version, <a href="https://www.trendmicro.com/vinfo/us/security/research-and-analysis/predictions/the-ai-fication-of-cyberthreats-trend-micro-security-predictions-for-2026">check out their interactive version</a> which contains easy-to-use graphics that highlight key terms and predictions broken into the categories of AI, APTs, enterprise, cloud, ransomware and vulnerabilities. <p><b>Most Creative Prediction: Gartner: </b>“A surge of lazy thinking”</p></div><div>“Prediction: Through 2026, atrophy of critical-thinking skills, due to GenAI use, will push 50 percent of global organizations to require ‘AI-free’ skills assessments. As automation accelerates, the ability to think independently and creatively will become both increasingly rare — and increasingly valuable.” <p><b>Scariest, but Still Believable and Practical (Easily Understood) Prediction: Mike Puglia, GM, security at Kaseya: </b>“Expect major incidents by mid-2026”</p></div><div>“Here’s the paradox: while security threats escalate, AI is eliminating entry-level tech jobs. New graduates face a career ladder missing its bottom rungs. When the crisis hits, will we have enough defenders who know how to fight it? Attacks on SaaS infrastructure are exploding. Threat actors have shifted from targeting individual companies to the platforms powering entire ecosystems. Crack one widely-deployed firewall, and you’ve exposed one-eighth of the world’s networks. The real danger? Microsoft, Amazon, and Google control the backbone of global computing. A low-level breach in any of these could cascade into economic catastrophe. 2026’s lesson may be that cybersecurity’s biggest vulnerability isn’t technology — it’s concentrated infrastructure risk and a disappearing talent pipeline.” <p><b>Runner-up in the category “Scariest, but Still Believable and Practical (Easily Understood) Prediction”: Nadir Izrael, co-founder & CTO, Armis:</b> “AI-Powered Financial System Manipulation”</p></div><div>“Autonomous trading bots and AI-driven deepfakes manipulate stock markets, commodities, and cryptocurrency ecosystems. By impersonating regulators or company executives, AI systems trigger false earnings reports, disseminate false corporate announcements, falsify investor briefings, or simulate market crashes. The result: global financial instability with seconds-scale losses that human operators cannot contain.” <h3>FINAL THOUGHTS: WHAT’S MISSING FOR 2026 CYBER PREDICTIONS?</h3> </div><div>As in past years, the best predictions are not only insightful, but also imply an action for each of us to watch and change. For example, the Gartner prediction of “a surge in lazy thinking,” should rally something inside each of us to not let that happen in our home and work situations in our use of AI. The prediction should challenge each of us, and it makes me want to fight against that trend and act differently with AI to prevent that result in myself and in others in our families and on our team(s).</div><div>There were only a few reports that predicted major AI failures or lawsuits for misuse, such as <a href="https://fortune.com/2025/11/25/deloitte-caught-fabricated-ai-generated-research-million-dollar-report-canada-government/">expanding on this report from Fortune</a>, only on a much larger scale.</div><div>While some stock market experts are calling for an “AI bubble” to burst, I only saw <a href="https://www.govtech.com/voices/2026-ai-outlook-10-predictions-for-the-new-year">one report from Alan Shark</a> that predicted this with any specific details.</div><div>Again, as in previous years, almost nothing on cyber attacks on major sporting events, such as the Winter Olympics in Italy or the <a href="https://www.fifa.com/en/tournaments/mens/worldcup/canadamexicousa2026">FIFA World Cup</a> in the USA, Mexico and Canada in 2026.</div><div>Not much on cybersecurity attacks in space (with satellites, rockets or space station), and minimal discussions on the situation in Venezuela or other world hot spots, with the exception of the Ukraine – Russia war.</div><div>For those who want to ensure inclusion in future years, here are a few things you can do: Make sure your reports are available for free online and in multiple formats (such as videos, PDFs, web pages, etc.); have good search engine optimization (SEO) so you show up in Google and Bing searches by Dec. 15; and most of all, provide quality content that is unique, timely, insightful and relevant — with backup materials and references if possible.</div><div>Finally, I’d like to wish you happy holidays and a blessed New Year. Thank you for following “<a href="https://www.govtech.com/blogs/lohrmann-on-cybersecurity">Lohrmann on Cybersecurity</a>.” </div><p><a href="https://www.govtech.com/authors/dan-lohrmann.html"></a></p><p><img decoding="async" src="https://erepublic.brightspotcdn.com/dims4/default/7be6234/2147483647/strip/true/crop/343x343+77+0/resize/100x100!/quality/90/?url=http%3A%2F%2Ferepublic-brightspot.s3.us-west-2.amazonaws.com%2Faa%2Fbe%2F66bbbc539526800857dd96f3c9d5%2Flohrman.jpg"></p><p></p><p><a href="https://www.govtech.com/authors/dan-lohrmann.html">Dan Lohrmann</a></p><div> Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author. </div><p><a href="https://www.govtech.com/authors/dan-lohrmann.html">See More Stories by Dan Lohrmann</a></p><p></p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/12/the-top-26-security-predictions-for-2026-part-2/" data-a2a-title="The Top 26 Security Predictions for 2026 (Part 2)"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F12%2Fthe-top-26-security-predictions-for-2026-part-2%2F&linkname=The%20Top%2026%20Security%20Predictions%20for%202026%20%28Part%202%29" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F12%2Fthe-top-26-security-predictions-for-2026-part-2%2F&linkname=The%20Top%2026%20Security%20Predictions%20for%202026%20%28Part%202%29" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F12%2Fthe-top-26-security-predictions-for-2026-part-2%2F&linkname=The%20Top%2026%20Security%20Predictions%20for%202026%20%28Part%202%29" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F12%2Fthe-top-26-security-predictions-for-2026-part-2%2F&linkname=The%20Top%2026%20Security%20Predictions%20for%202026%20%28Part%202%29" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F12%2Fthe-top-26-security-predictions-for-2026-part-2%2F&linkname=The%20Top%2026%20Security%20Predictions%20for%202026%20%28Part%202%29" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="">Lohrmann on Cybersecurity</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Lohrmann on Cybersecurity">Lohrmann on Cybersecurity</a>. Read the original post at: <a href="https://www.govtech.com/blogs/lohrmann-on-cybersecurity/the-top-26-security-predictions-for-2026-part-2">https://www.govtech.com/blogs/lohrmann-on-cybersecurity/the-top-26-security-predictions-for-2026-part-2</a> </p>