Cybersecurity is on the brink of transformation as it faces the challenges posed by artificial intelligence (AI), the proliferation of Internet of Things (IoT) devices, and the increasing complexity of cloud environments. With global cybercrime damages projected to surpass $23 trillion in 2027, experts emphasize that adapting to these threats is essential. The 2026 Threatscape Summit, hosted by Informa TechTarget, gathered industry leaders to discuss the evolving cybersecurity landscape and share insights on effective strategies for the upcoming year.
AI is redefining the cybersecurity realm, enhancing capabilities such as threat detection and response automation. However, it also presents new risks, with cybercriminals exploiting AI for phishing campaigns and automated attacks. In this context, managing AI-related risks has emerged as a central theme for 2026. Rob Clyde, past chair of ISACA and chairman of Crypto Quantique, described AI as “by far the most disruptive technology we’ve seen since the internet,” stressing that many organizations remain unprepared for AI-driven threats. He urged investments in AI-powered solutions to combat phishing and social engineering tactics.
Despite the potential benefits, security leaders must approach AI integration with caution. Alex Holden, Chief Information Security Officer at Hold Security, cautioned against placing blind trust in AI technologies, emphasizing the need for verification: “We need to trust but verify. AI makes mistakes and will continue making mistakes in the foreseeable future.” This sentiment underscores the need for a balanced approach; while AI can bolster security efforts, its implementation must be monitored rigorously.
During the summit, Evgeniy Kharam, a cybersecurity architect and advisor, called for immediate adoption of AI-first security strategies. He warned that traditional defenses are insufficient against adversaries utilizing AI to bypass conventional measures. Kharam proposed a model for measuring the effectiveness of security controls against AI-enabled attacks, highlighting the importance of continuous validation and optimization to mitigate risks.
While technological advancements are essential, experts at the summit stressed the importance of the human element in cybersecurity. Despite the heightened focus on AI, human errors remain a leading cause of breaches, with factors such as stress and cognitive fatigue compounding these issues. According to the 2024 Data Breach Investigations Report by Verizon, 68% of breaches involve a human element, indicating the necessity for robust training and support systems. Vincent Amanyi, founder of Boleaum Inc., emphasized the cultivation of security champions within organizations to bridge gaps between technical teams and business units, stating, “humans are naturally the first line of firewall in enterprise security management.”
Sandra Estok, founder and CEO of Way2Protect, introduced a revised formula for mean time to recovery that factors in cognitive dimensions, advocating for strategies to manage stress and enhance decision-making clarity during incidents. “Humans are the first and the last line of defense,” she noted, highlighting the psychological aspects of cybersecurity that need proactive addressing.
Ralph Villanueva, cybersecurity compliance supervisor at Carnival Corporation, suggested transforming security awareness training with role-specific content and behavior-based metrics to equip employees better in handling threats. “It takes a village to protect a village,” he remarked, emphasizing the collaborative effort required to strengthen security posture.
As organizations increasingly adopt complex cloud environments, security leaders face new challenges. The projected adoption of hybrid and multi-cloud strategies by 90% of organizations by 2026 introduces vulnerabilities such as API exploitation and misconfiguration risks. Pankul Chitrav, an application release engineer at TD Bank, addressed the intersection of AI-enabled attacks and the challenges of maintaining visibility in multi-cloud settings. She advocated for zero-trust architectures and AI-driven detection systems, shifting the focus from merely avoiding breaches to anticipating and recovering rapidly from them.
Amid these complexities, Steve Yates, chairman of the Resilience Association, discussed the necessity of embedding resilience into operations. He highlighted the importance of preparing for low-probability, high-impact events and called resilience a vital component of organizational strategy. Governance structures and continuous monitoring are crucial for mitigating risks inherent in AI models, with Oksana Denesiuk, senior product manager at Kaiser Permanente, stressing the need to balance innovation and security as AI becomes a new attack surface.
Endpoint management and security have become increasingly intricate, driven by the explosion of devices in hybrid work environments. Gabe Knuth, an analyst at Omdia, emphasized the need for foundational improvements and tool consolidation before incorporating AI and automation. “If endpoint management and security feel harder, you’re not alone. Things are more complex than ever before,” he stated, underscoring the urgent need for organizations to simplify their security frameworks.
As security leaders prepare for the 2026 threatscape, the insights from the summit provide a roadmap for navigating the complexities ahead. The year promises to bring transformative trends that require immediate attention and proactive strategies to ensure robust defenses against evolving cyber threats.
See also
AI Security Gaps Cost Billions as Firms Face 3.5M Talent Shortage by 2025
UK Launches Deepfake Detection Challenge 2026 to Combat Rising Threats and Disinformation
FPT Invests $100 Million in Quantum AI and Cybersecurity Research Institute
AI Threat Intelligence Reveals 66% of AI Firms Face Security Risks From Exposed Data
KawaiiGPT Launches Free Open Source AI Tool, Streamlining Cybercrime Operations for All
