Cybersecurity trends and the expanding impact of AI: 2025-2026

Cybersecurity is undergoing its most profound transformation in decades. The convergence of accelerated digital adoption, expanding attack surfaces, and the explosive rise of

artificial intelligence-both as a defensive tool and an offensive weapon-is reshaping the threat landscape. Recent industry research reveals a world where AI is no longer a future concern but a present force redefining risk, resilience, and response.

AI — The New Battleground: AI has become a double edged sword. On one side, organisations are using AI to detect threats faster, automate responses, and reduce breach costs. Extensive use of AI and automation has been shown to shorten breach lifecycles by 80 days and reduce breach costs by nearly

$1.9 million. On the other side, attackers are weaponising AI at scale.  Studies show that 1 in 6 breaches now involve attackers using AI, most commonly through AI generated phishing (37 per cent) and deepfake impersonation (35 per cent). One notable case in 2025 involved an AI driven cyber espionage campaign where an autonomous AI tool executed 90 per cent of malicious actions without human intervention.This marks a turning point in that AI is no longer an experimental tool for attackers and is an operational enabler.

Shadow AI — The Silent Risk Multiplier: One of the most alarming trends is the rise of shadow AI-unsanctioned AI tools used by employees without oversight. Around 20 per cent of organisations experienced breaches involving shadow AI, and these incidents added an average of $670,000 to breach costs. Shadow AI incidents were also more likely to compromise sensitive data, especially customer PII (65 per cent). Ungoverned AI introduces new vectors for data leakage, model manipulation, and supply chain compromise.

The governance gap is stark with:

• 63 per cent of organisations lacking AI governance policies.
• only 34 per cent conducting regular audits for unsanctioned AI.
• 61 per cent lacking AI governance technologies.

Without governance, AI becomes a systemic risk rather than a strategic advantage.

Attack Surface Expansion — IoT, Edge, and Autonomous Systems: The attack surface is expanding faster than organisations can control. The proliferation of IoT devices, edge computing, and autonomous AI agents is creating a sprawling, interconnected

environment where traditional perimeter security is obsolete. By 2026, an estimated 21-24 million connected devices will be in use across homes, enterprises, and critical sectors. Many of these devices suffer from weak passwords, outdated firmware, and insecure APIs-conditions ripe for exploitation.

Industrial environments are particularly vulnerable. Nearly 22 per cent of OT systems recorded malicious activity in early 2025, with attacks affecting dams, water systems, and manufacturing plants.

The convergence of IT and OT means that a breach in a seemingly non critical system can cascade into physical disruption.

Zero trust becomes the operational baseline: Across the cybersecurity landscape, one theme is consistent: identity is the new perimeter. With hybrid work, SaaS adoption, and distributed systems, Zero Trust is no longer optional-it is foundational. By 2026, Zero Trust is expected to shift from an innovative strategy to a survival standard, driven by regulatory pressure, cloud adoption, and the need to secure AI agents as digital identities.

Identity-human and machine-must be governed dynamically. Attackers are increasingly “logging in rather than hacking in,” making identity governance and phishing resistant authentication essential.

Platformisation — Simplifying Complexity: Security complexity has become a threat in itself. Organisations often operate dozens of disconnected tools, creating blind spots and alert fatigue. There is a strong shift toward platformisation-unified cybersecurity ecosystems that consolidate telemetry, analytics, and response.Security system complexity is one of the top factors that increase breach costs, while integrated SIEM and AI driven insights significantly reduce them. Platformisation enables.

• End to end visibility.
• Faster correlation of signals.
• Unified policy enforcement.
• Reduced operational overhead.

AI Governance — The Missing Pillar: The rapid adoption of AI has outpaced governance. Key gaps include:

• 87 per cent of organisations lack governance processes to mitigate AI risk.
• 61 per cent lack AI governance technologies.
• Most do not perform adversarial testing or model audits.

AI introduces risks such as prompt injection, data poisoning, insecure plugins, excessive agency, and model theft. These risks span the entire AI lifecycle-from data to deployment. Without governance, AI becomes unpredictable, opaque, and potentially dangerous.

The Road Ahead — Resilience Through Integration: The cybersecurity landscape of 2025-2026 is defined by acceleration-of threats, technologies, and interdependencies. AI is amplifying both risk and defense. Attack surfaces are expanding across devices, clouds, and autonomous systems. Governance gaps are widening. And geopolitical tensions are reshaping technology choices.

The path forward requires:

• Integrated AI driven security platforms.
• Robust AI governance frameworks.
• Zero Trust as an operating principle.
• Identity centric protection for humans and machines.
• Continuous monitoring and rapid response capabilities.
• Cross functional collaboration between security, IT, compliance, and business leaders.

Cybersecurity is no longer a technical function-it is a strategic imperative tied to trust, resilience, and competitiveness.

References

IBM Cost of a Data Breach Report 2025 and S2Grupo Cybersecurity Trends 2026.

Writer is a seasoned technology and governance professional with over 37 years of leadership experience across digital transformation, cybersecurity, and business strategy. As a writer, he brings a practitioner’s perspective to complex technology and risk issues, translating them into insightful, boardroom-relevant commentary for business leaders and policymakers ; views are personal