Maksim Kabakou - Fotolia
Cyber resilience will define winners and losers in 2026
As we prepare to close out 2025, the Computer Weekly Security Think Tank panel looks back at the past year, and ahead to 2026.
For business leaders, if your security strategy for 2026 still revolves around keeping attackers out, you might already be behind.
Businesses must be prepared for every eventuality in the new year. Cyber attacks are becoming faster, more automated and far more disruptive. AI has given attackers the ability to move at incredible speeds, exploit vulnerabilities in seconds, and launch attacks at scale with minimal human involvement. The days of incident response teams having time to think, triage and test are long gone. But the big issue as we go into next year is what happens after the breach.
Time and time again, we’ve seen organisations rush to restore operations at all costs, overlooking data handling. When organisations are under pressure to restore services, data protection often slips down the priority list. We’ve seen it repeatedly. Breaches at Marks and Spencer and Jaguar Land Rover disrupted operations for weeks and wiped billions off valuations. And the now infamous deepfake incident at Arup showed how convincingly AI can manipulate employees in real time, with the attackers reportedly walking away with $25m.
By 2026, these situations will be normalised. Crisis rooms could be receiving conflicting information at speed while systems are partially offline. In some cases, the instructions will be from executives who aren’t real. And security leaders will be expected to make high-stakes decisions with incomplete and potentially manipulated data. 2026 will bring an even more chaotic crisis environment.
To combat this, businesses must prioritise rapid investment and deployment of privacy-enhancing technologies. Secure computation is likely to become a frontline requirement, as companies look to maintain operations during crises by safely processing their most sensitive data at speed, without ever needing to decrypt it, enabling them to respond quickly without risking further exposure.
The Computer Weekly Security Think Tank looks ahead
- Anthony Young, Bridewell: What lies in store for the security world in 2026?
- Dave Gerry, Bugcrowd: Cyber's defining lessons of 2025, and what comes next.
- Rik Ferguson, Forescout: In 2026, collaboration, honesty and humility in cyber are key.
- Aditya K Sood, Aryaka: From trust to turbulence: Cyber's road ahead in 2026.
- Ellie Hurst, Advent IM: Security pros should prepare for tough questions on AI in 2026.
- Haris Pylarinos, Hack the Box: What lies in store for cyber security skills in 2026?
- Vladimir Jirasek, Foresight Cyber: In cyber security, basis matter, even in 2025.
- Vladimir Jirasek, Foresight Cyber: The three cyber trends that will define 2026.
- John Bruce, Quorum Cyber: Security platform consolidation in 2026: The AI imperative.
Privacy-enhancing technologies will move from a nice-to-have to operationally critical. Instead of choosing between operational continuity and data protection, organisations can now have both. Critical workloads can continue to function during an incident without exposing underlying data to additional risk. Regulators and customers alike will start to expect this level of protection as standard.
Regulations such as DORA make it explicitly clear that organisations will be measured on operational resilience, not just preventive controls. The uncomfortable truth is that breaches will still happen but downtime, data exposure and disorder will no longer be explainable or acceptable. The companies that come through best will be those that have engineered security into how their systems operate, not simply wrapped it around the edges.
Dr Nick New is CEO at Optalysys, a data encryption specialist.
