AI agents are a force multiplier, but that force cuts both ways. Our Rubrik Zero Labs research found that 98% of Australian security leaders cite identity-driven attacks as their top concern. With 99% already integrating or planning to integrate AI into identity systems, the stakes have never been higher.
A compromised agent can unleash ten times the damage in one-tenth of the time. Securing AI agent identities and access controls is critical. We’ve already seen the impact compromised human identities can have, and its clear agentic identities will be the next battleground in 2026.
– David Rajkovic, Regional Vice President A/NZ, Rubrik
————————————————————————————————————
Securing the next frontier of AI-driven threats
AI has moved from being a tool in the defender’s arsenal to a weapon in the attacker’s. Nation-states and organised cybercriminal groups are now deploying AI to discover zero days, launch automated exploitation chains, and mimic human behaviour at a scale and speed we’ve never seen before. The rise of AI-powered malware and state-sponsored chaos is no longer a prediction—it’s our reality.
For 2026, the key challenge is clear: we must build security systems that don’t just react but anticipate. Traditional controls and reactive defences are not enough. What’s required now is continuous, intelligent proactive protection that can adapt in real time, spanning IT, OT, IoT, and medical devices across physical, cloud and code environments.
Scenarios to defend against in 2026:
- AI-Powered Financial System Manipulation: Autonomous trading bots and AI-driven deepfakes manipulate stock markets, commodities, and cryptocurrency ecosystems. By impersonating regulators or company executives, AI systems trigger false earnings reports, disseminate false corporate announcements, falsify investor briefings, or simulate market crashes. The result: global financial instability with seconds-scale losses that human operators cannot contain.
- Synthetic Identity Epidemic: AI-generated personas infiltrate every layer of society: bank accounts, health systems, social networks, and even voting rolls. These synthetic humans conduct transactions, vote, and create fake social movements, overwhelming identity verification systems and making trust in digital identity nearly meaningless.
- AI-Directed Hybrid Warfare: Hyper scaled state and non-state actors deploy autonomous AI agents to conduct hybrid warfare, blending cyberattacks, misinformation, and kinetic effects. It is relatively easy, does not require vast resources while at the same time inflicting maximum damage and disruption. For example, AI could remotely disable transport logistics, simultaneously trigger energy grid failures, and release coordinated disinformation campaigns to sow chaos among populations. Civilian systems and government agencies all face synchronised pressure from virtually any entity with a little technical knowledge and an internet connection.
- AI-Poisoned Supply Chains: AI based attacks can infiltrate and corrupt software and firmware supply chains with subtle, almost undetectable modifications. Autonomous attackers inject malicious logic and backdoored objects into widely-used libraries or IoT firmware, which then propagates across thousands of organisations. Weeks or months later, the hidden payload activates or backdoor is leveraged, causing massive operational disruption across global industries.
- Data Heist and Blackmail: Hackers begin stockpiling encrypted data today to decrypt once quantum computing matures. Simultaneously, AI systems use this data to construct precise blackmail campaigns targeting corporations, governments, and individuals forcing compliance, financial transfers, or political concessions years before quantum decryption is even feasible.
To meet these challenges, security solutions must become more autonomous, more contextual, and more tightly integrated into enterprise ecosystems. Point products, ‘snapshot’ risk assessments and manual processes will not keep pace with AI-powered adversaries. What’s required is a unified platform that provides real-time visibility, automated detection, and orchestrated response across the entire attack surface.
– Nadir Izrael, Co-Founder & CTO, Armis
————————————————————————————————————
The 2026 tech tsunami: Autonomy, quantum fear, and the new operating reality
The year 2026 will be defined by a decisive collision of technologies — agentic AI, Web 4.0 infrastructure, and the quantum security crisis. Organisational survival hinges on orchestrating this new, autonomous reality.
Agentic AI: From assistants to autonomy
The most significant shift is the mainstreaming of agentic AI. Moving beyond today’s generative tools, these autonomous AI systems can reason, plan, and execute complex, multi-step tasks with minimal human oversight. This represents a fundamental change from content creation to action creation.
AI agents will orchestrate entire marketing campaigns or manage supply chains by autonomously predicting disruptions and triggering rerouting. This pushes us toward the autonomous factories of Industry 5.0, where agents self-diagnose equipment and dynamically re-route production lines. Such autonomy necessitates immediate governance: setting clear policy guardrails, ensuring total observability into agent actions, and maintaining immutable audit trails. Autonomy without accountability is a critical liability.
Web 4.0 Foundations
2026 will see the laying of Web 4.0’s essential infrastructure: a new operating layer integrating spatial computing, digital twins, and AI. The concept of the digital twin will become pervasive, spanning corporate campuses, cities, and critical infrastructure (CI).
These real-time virtual models allow AI agents to simulate maintenance, test security patches safely, and predict operational bottlenecks with near-perfect fidelity before they impact the physical world. Workforce interaction will shift to Extended Reality (XR), allowing engineers to virtually walk through a machine’s digital twin to diagnose a problem. This integration requires establishing open data standards for seamless system communication.
The quantum threat
In 2026, post-quantum cryptography (PQC) will transform from a theoretical concern into an immediate business continuity issue. Expect major corporations to dedicate over 5% of their total IT security budget to quantum security preparedness. The focus is on achieving cryptographic agility, not building quantum computers. The first steps involve creating a comprehensive inventory of all cryptographic assets and mapping all long-lived sensitive data. Organisations must begin piloting the migration to NIST-approved PQC algorithms, starting a multi-year effort that must be completed by 2035.
The AI-cybersecurity resilience
Malicious AI agents may deploy highly sophisticated, evolving attacks, including deepfake-powered social engineering and adaptive ransomware.
Defence is shifting from reaction to prediction. Autonomous security operations centres will become the standard, leveraging predictive AI to anticipate, isolate, and neutralise threats in milliseconds. Simultaneously, resilience for CI and global supply chains is paramount. State-sponsored actors will increasingly target operational technology, seeking to cause physical shutdowns. CI operators will rely on urban digital twins to stress-test systems for cascading failures. Supply chain risk management is also becoming autonomous, with AI agents continuously scanning external data to predict and trigger re-routing decisions.
The path forward requires embedding resilience, autonomy, and accountability into every layer of the organisation’s DNA. Leaders must establish AI governance councils, launch PQC inventory projects, and invest in AI-powered, predictive security to successfully navigate the 2026 tech tsunami.
– Jayant Jay Dave, CISO APAC, Check Point Software
————————————————————————————————————
Beyond theoretical: Why quantum security is moving to the boardroom in 2026
The quantum era will usher in extraordinary innovation and unprecedented risk. In 2026, business leaders will be faced with the reality that preparing for the post-quantum future can no longer wait.
“Harvest now, decrypt later” attacks are already underway as cybercriminals intercept and archive encrypted traffic for future decryption. Large-scale quantum computers running Shor’s algorithm will shatter existing encryption standards, unlocking a time capsule of sensitive data. From financial transactions and government operations to information stored in cloud platforms and healthcare systems, any data with long-term value is at risk.
While the timeline for practical use of quantum computers capable of breaking public-key cryptography remains uncertain, business leaders must take action now. Regulators worldwide are urging enterprises and public-sector organisations to inventory cryptographic systems, prepare for migration and adopt crypto-agile, quantum-resistant strategies.
In 2026, expect the conversation around quantum risk to shift from theoretical to tactical. Organisations will begin treating encryption not as a background control, but as a measurable component of operational resilience. Discussions once limited to cryptographers will move into boardrooms and procurement teams, as leaders demand visibility into how long their data can remain secure under existing models. The focus will broaden from purely technical readiness to governance, understanding where every key, certificate and encryption method is deployed across the enterprise and how quickly each can be replaced.
Forward-looking organisations will also start piloting hybrid cryptography that blends classical and post-quantum algorithms, testing performance, integration and cost. These early implementations will surface new challenges around key management, compatibility and standardisation, driving broader collaboration between governments, technology providers and enterprises.
Organisations that act decisively today by inventorying assets, hardening controls and adopting agile, quantum-restant approaches will shape the foundation of post-quantum security. The choices made now will define tomorrow’s trust and innovation.
– Darren Guccionne, CEO & Co-founder, Keeper Security
Zero trust as the foundation for AI-ready security
Across the Asia-Pacific (APAC) region, digital transformation is accelerating, and so are cyberthreats. Attackers are already leveraging AI to automate phishing, create deepfakes and launch targeted social engineering campaigns that are increasingly difficult to detect. The response must be equally intelligent and adaptive.
“A zero-trust security model where every access request is verified, and every privilege is temporary, provides that adaptability. In a world of autonomous systems and machine-to-machine communication, zero trust ensures that no identity, device or process is trusted by default. When paired with Privileged Access Management (PAM), zero trust enforces strict oversight of high-level accounts, reduces lateral movement after compromise and strengthens defences against both human and AI-driven attacks. This layered approach aligns directly with evolving global directives that emphasises identity-first security, secure software development and least-privilege access as foundational cybersecurity principles”
– Takanori Nishiyama, SVP APAC & Japan Country Manager, Keeper Security
————————————————————————————————————
Ditching the cloud, moving data back to data centres
In 2026, enterprises will begin migrating select workloads and sensitive data from the public cloud back into their own data centers. The “trillion-dollar paradox,” as Andreessen Horowitz described it, is forcing business leaders to face a hard truth: The cloud’s convenience often hides long-term cost and control trade-offs. The agility that once justified the cloud premium has become a drag on profitability. We will see more organisations move back to the data centre because of the fear that the data entered into the cloud will be consumed by public LLMs. A number of organisations have private LLMs to do their AI work on-premises.
Customers want tighter control over sensitive data and less exposure to cloud outages or the risk that public large language models will ingest proprietary information. The next phase of cloud adoption will look more balanced. Companies will keep what makes sense in the cloud and bring home the workloads that do not. Many will take a hard look at what they are paying for and what they gain in return, then move critical systems back into environments they can fully control. This shift will create more hybrid models that help organisations cut waste, tighten security, and make more informed decisions about where to store their most sensitive data based on cost, performance, and regulatory needs.
CEOs, not CISOs, will be held accountable for cybersecurity failures
In 2026, executive accountability for cyber incidents will finally land where it belongs: in the boardroom. For too long, CISOs have taken the fall for breaches they could not prevent because they lacked authority, resources, or budget. They get blamed while the people who make the real financial decisions walk away untouched. That era is ending. The CISO role is actually one of an advisor. Most security leaders cannot sign checks, set strategic priorities, or force compliance. They can only warn executives of the risks, and too often those warnings go unheeded until after the damage occurs. CEOs, on the other hand, own the business risk. They approve budgets, set incentives, and decide whether to invest in prevention or accept exposure. If a company gets breached because leadership underfunded security or ignored zero-trust principles, that is not the CISO’s fault. It is a leadership failure.
We will see performance contracts and compensation structures that tie executive pay to measurable cybersecurity outcomes. That accountability will push CEOs to issue “executive orders” within their organisations, making it clear that cybersecurity is not optional, that zero trust is the standard, and that prevention without containment is not enough. Only when the people at the top start feeling the consequences will cybersecurity mature from a cost centre into what it truly is: the structural engineering of modern business.
– John Kindervag, Chief Evangelist, Illumio
————————————————————————————————————
Identity sprawl will remain a major risk in 2026.
With organisations struggling to govern an expanding mesh of digital identities across human, machine, and AI entities, over-permissioned roles, shadow identities, and disconnected IAM systems will continue to expose organisations to credential-based attacks and lateral movement.
AI will also reshape traditional social engineering: Synthetic voices, deepfakes, and adaptive phishing will erode the reliability of static authentication, forcing organisations to adopt continuous and context-aware verification as the new baseline.
Autonomous agents will force identity governance to evolve.
Healthcare, financial services, and critical infrastructure will remain top targets, as data sensitivity, legacy systems, and cross-border dependencies amplify risk.
But the most transformative shift will be in industries rapidly adopting AI-driven automation, from finance to logistics, where autonomous agents increasingly handle operational tasks, compliance workflows, or even access decisions. These environments will demand identity governance at machine speed.
MCP will become the backbone of a new digital trust fabric.
2025 showed us what happens when autonomy outpaces accountability. AI systems began acting across business processes with little visibility into who or what was making decisions. This exposed a critical gap: governance frameworks built for human users are insufficient for autonomous agents acting at runtime.
At the same time, the Model Context Protocol (MCP) emerged as a promising foundation for secure collaboration between AI systems defining how agents exchange context, identity, and authorisation in real time. This could be the backbone of a new digital trust fabric.
– Benoit Grange, Chief Product and Technology Officer, Omada
NIS2-covered industries will face a steep security learning curve.
The NIS2 directive has ushered in stricter cybersecurity measures and reporting for a wider range of critical infrastructure and essential services across the European Union. For industries newly brought under this directive, including manufacturing, logistics and certain digital services, 2026 will bring new growing pains. The sectors, many long accustomed to minimal compliance oversight, now face strict governance and reporting requirements. In contrast, mature sectors like finance and healthcare will adapt more smoothly. The disparity will expose structural weaknesses in organisations unfamiliar with continuous compliance, making them attractive targets for attackers exploiting regulatory confusion.
Poor data classification could undermine AI’s promise.
In 2026, organisations will continue to struggle with foundational data governance. Despite the widespread adoption of AI-driven tools, most enterprises still lack formal data classification frameworks, which is a prerequisite for risk-based security and trustworthy AI. Without structured and governed input, AI systems will only amplify existing weaknesses, not fix them. The result: “Shaky Input, Shaky Output.” Until organisations align with standards like ISO 27002 and NIST and treat classification as strategic, AI will potentially be more of a liability than an advantage.
– Niels Fenger, Advisory Practice Director, Omada
————————————————————————————————————
Over the next five years, CISOs will take the driver’s seat when it comes to cyber insurance decisions.
Cyber insurance coverage and claims are now directly tied to technical safeguards, and only the CISO can prove that they actually work. If a gap can void an insurance policy or deny a claim, someone has to notice (and it won’t be finance or the insurance broker, as neither has access to the data). And buying “the best” endpoint protection or backup in isolation won’t cut it. The next wave of resilience favors ecosystems where safeguards and coverage align, and proof is built in and continuously updated. So, CISOs will gravitate toward insurer, broker and technology vendor combinations that unify proof, protection and insurance policy into one seamless and simple flow.
– J.J. Thompson, Founder and CEO, Spektrum Labs
Cyber resilience will replace compliance as the board’s go-to metric in 2026.
Boards are starting to realise that compliance reports don’t predict survivability. Checking every box doesn’t mean you can recover from disruption, and some of the most compliant companies have suffered noteworthy breaches. Compliance, despite being important, does not necessarily equate to positive cybersecurity outcomes.
Next year, expect tougher questions, such as: How fast can we restore operations? How confident are we in our threat detection fidelity? What’s our real downtime exposure?
Cyber resilience will become the measure that connects cybersecurity performance to business continuity and trust at the board level.
– Joshua Brown, CISO, Spektrum Labs
The downward trend in cyber insurance rates has reached the danger zone!
Competitive dynamics have pushed insurance rates downward, exposing insurers to losses as the severity and frequency of cyber incidents aren’t flattening. The floor is coming fast, and with that, a hard landing.
In the cyber insurance market, people, firms and capital will be reshuffled.
Missed growth targets across brokers, carriers and marketplaces will trigger talent reshuffling, M&A and internal restructuring. Expect consolidation among cyber-focused MGAs and strategic exits/de-emphasised market positions from slower-growth, traditional insurers. The market isn’t shrinking; it’s reshaping.
Brokers will pursue cyber risk services as new revenue streams.
To offset margin pressure and create stickier client relationships, brokerages will increasingly adopt cyber risk management tooling to become more relevant to CISOs and less reliant on transactional commissions. They won’t just be advising; they’ll be monetising value-added services.
The most forward-looking brokers will deliver telemetry-backed renewal packages, benchmark client posture against peers, and use continuous evidence to build stronger narratives to underwriters. This shift will make brokers more relevant to CISOs, CFOs, and boards, and less dependent on transactional placement revenue.
– Max Perkins, Head of Insurance Solutions, Spektrum Labs
————————————————————————————————————
The ASEAN region, defined by its rapid digital transformation, faces an existential threat where the speed of AI adoption is vastly outpacing the maturity of its governance. In 2026, the battle for digital trust will be fought on two fronts: First, the immediate crisis of AI-powered identity fraud, where deepfake attacks, already spiking by over 200% in key markets like Singapore and Thailand, threaten to erode public confidence in our digital financial systems. Second, the fundamental challenge of data trust, demanding that we urgently unite developer innovation with CISO-level security to prevent data poisoning and secure the cloud-native applications powering the next wave of ASEAN’s economic growth. For the region to realise its full digital potential, we must stop viewing data governance as a compliance burden and instead adopt a unified, AI-native defence platform that makes security the engine of innovation, safeguarding our economic sovereignty.
– Tom Scully, Principal Architect, JAPAC at Palo Alto Networks
————————————————————————————————————
AI agents will redefine insider risk across APJ in 2026
The agentic era is here: IDC research shows that 40% of Asia-Pacific and Japan (APJ) organisations already use AI agents, with over 50% planning to implement them within the next year. As organisations embrace this shift, they will need to rethink how they manage insider risk. Increasingly, insider risk isn’t just emerging from rogue employees or compromised accounts, but also AI agents that operate autonomously with diverse privileges, allowing them to bypass security oversight and amplify data exposure. These synthetic identities are creating entirely new categories of insider threats, whether it is malfunctioning agents that behave unpredictably, misaligned agents that follow flawed prompts into compliance or privacy issues, or subverted agents that can be weaponised by bad actors against the business.
According to Exabeam’s research, 75% of APJ cybersecurity professionals report that AI is making insider threats more effective, and 69% expect insider incidents to rise in the next year, signalling that the region is entering a phase where insider threats are accelerating faster than traditional controls can keep up. Yet, most organisations aren’t properly equipped to tackle the growing insider risk. Not only do they lack a clear framework for managing AI agents, but many are also using security tools that are unable to capture the behaviour patterns and decision-making of autonomous systems, which creates blind spots where AI agents can act outside their purpose without detection.
Defining clear boundaries for how agents operate and adopting solutions capable of monitoring for unusual agent behaviour will be essential moving forward. For example, Exabeam baselines human and AI agent activity to surface anomalies in real-time, providing security teams with the capability to monitor, detect, and respond to threats from AI agents acting as digital insiders. Through explainable and prioritised threat insights, security teams can better understand the intent and context behind the actions of AI agents, allowing them to identify if they represent legitimate automation or potential misuse. This visibility provides security teams with the clarity, context, and control needed to secure a new class of insider threats.
– Gareth Cox, Vice President, APJ, Exabeam
Cyber resilience becomes a competitive advantage for consumer brands
In 2026, cyber resilience will stop being a behind-the-scenes security concern and start becoming a public-facing differentiator. Key sectors spanning banks, telcos, and retailers will actively promote uptime, recovery speed, and data protection as part of their value proposition.
As customers expect increasing transparency into how their data is being stored and handled, we’ll see the start of a new era where cyber resilience directly contributes towards brand trust and market share. Much like environmental or ethical credentials became competitive advantages over the last decade, cybersecurity resilience metrics will evolve into marketing assets to influence consumers.
– Matt Rider, Global VP of Customer Technical Support, Exabeam
————————————————————————————————————
A foundation for good defence begins with zero-trust security
Attempting to prevent every cyber intrusion with a perimeter-focused, defensive stance is unsustainable from a business risk perspective. While an important first step is to ensure that the software supply chain is well-known and from experienced, certified providers, complete prevention is virtually impossible, so organisations must continue to shift toward a true zero-trust security model. It’s not realistic for enterprises to build systems with zero vulnerabilities; what they can do is ensure that unknown vulnerabilities cannot be exploited in run-time. This is achieved by implementing secure-by-default principles and highly reliable, precision-engineered software that strengthens core components like containers. A zero trust approach enforces strict access controls, operating on a “never trust, always verify” principle, which prevents the exploitation of weaknesses at the critical moment of execution. This minimises the chance of business disruption, making the core metric of success the ability to prevent exploitation, rather than just a checkbox exercise against known vulnerabilities, or action after-the-fact once a breach has occurred.
– Peter Lees, Head of Solution Architecture in Asia-Pacific, SUSE
————————————————————————————————————
Evolving enterprise risk landscapes
Cybersecurity will rise in importance. As enterprises accelerate AI and cloud adoption, cybercriminals are equally quick to target weaknesses created by siloed data, fragmented access, and inconsistent controls. The challenge goes beyond stopping ransomware or tightening firewalls; it is about achieving visibility and control across sprawling, multi-cloud environments.
According to the Singapore Cyber Landscape 2024 and 2025 report, 2024 recorded unprecedented distributed denial of service attacks, with Asia accounting for 60% of global targets. These attacks reveal how hidden dependencies outside an enterprise’s control expand the attack surface. Resilience in this digital landscape requires embedding governance throughout the data lifecycle. Unified visibility and zero-trust principles strengthen accountability and compliance, while automation enables faster anomaly detection and large-scale policy enforcement. By consolidating oversight and reducing misconfigurations, organisations can maintain protection without sacrificing agility.
A new divide will emerge between organisations that use AI responsibly and those that struggle to scale it sustainably. Success in 2026 will depend on developing AI literacy, technical skills, and responsible AI principles so teams understand how AI works and when to trust its output. Those that build strong data foundations and embed governance across the data lifecycle will be positioned to innovate responsibly, strengthen their defences, and meet rising regulatory demands. Those that do not will risk remaining stuck in endless pilots.
– Remus Lim, Senior Vice President, Asia-Pacific & Japan, Cloudera
————————————————————————————————————
Why identity intelligence will separate market leaders from breach headlines
In 2026, identity will either be your company’s strongest differentiator, or its weakest link. We’re entering an era where AI is both transforming business and transforming fraud. The cost is not just revenue loss, but long-term reputational damage, regulatory exposure, and a complete erosion of customer trust. Many companies are still relying on outdated verification methods such as static data, passwords, and fragmented KYC checks, while attackers are using tools that didn’t exist two years ago. This asymmetry will define the winners and laggards in the next phase of digital business.
Identity verification must become continuous, adaptive, and anticipatory, predicting and preventing risk before it occurs while remaining nearly invisible to the end user. It represents the evolution from a point-in-time identity check to a continuous, connected understanding of who someone truly is.
Identity intelligence brings together data across identity, historical, behaviour, and risk checks to build a dynamic view of a user over time. Instead of verifying once and hoping for the best, organisations can continuously assess trust in the background, adapting to new signals as they emerge. Because when fraud happens, customers don’t blame the criminal, they blame the brand. The leaders who understand that digital trust and identity intelligence form the foundation of a modern business model, not just a security protocol, will be the ones who scale safely, expand globally, and protect their reputation.
– Robert Prigge, CEO, Jumio
————————————————————————————————————
In 2026, Cybercrime-as-a-Service (CaaS) will supercharge financially motivated threat actors in Southeast Asia. Alongside industrial-scale scam centres, the region is experiencing a growing number of organised hacker groups which offer malicious software and leaked credentials in exchange for money on the dark web. The rise of CaaS means cybercriminals are no longer limited by their own in-house skills, as they can shop around for plug-and-play tools that make hacking look easy.
The use of deepfake software suites and jailbroken large language models for social engineering has grave implications, making it increasingly difficult to detect and prevent fraud. These advanced tools enable financially motivated groups to execute highly convincing attacks against employees, bypassing traditional defences and exploiting human trust to gain access to networks from within.
This trend is particularly worrying for governments and businesses in the public sector amid the rising digitalisation of services. A successful breach could not only pass sensitive data into the hands of criminals but lead to real-world disruption of essential services across healthcare, power, water and transportation. To address this growing threat, investing in advanced deepfake training for employees and deploying proactive threat intelligence will be vital to stay ahead of the game.
– John Wojcik, Senior Threat Researcher, Infoblox
————————————————————————————————————
Quantum computing puts encryption on notice
The first practical quantum computer capable of solving meaningful problems will emerge, shifting quantum risk from theoretical to tangible. In response, global efforts toward quantum-safe cryptography will accelerate, pushing post-quantum TLS from pilot projects into early production as the CA/Browser Forum formalises PQC standards and Microsoft’s root program advances its PQC TLS initiatives. Organisations beginning these pilots will quickly discover the depth of the challenge — grappling with unexpected interoperability issues across hardware, software, and certificate ecosystems. These growing pains will define the early phase of quantum transition, marking the dawn of an internet built for the quantum age, where crypto-agility and quantum readiness become inseparable from digital trust.
Across APAC, early signals of post-quantum security are already surfacing, from Singapore’s CSA issuing quantum-safe guidance to Singtel rolling out Southeast Asia’s first hybrid quantum-safe network. In India, the government’s National Quantum Mission and growing investments in indigenous quantum research will accelerate pressure on enterprises to begin quantum-safe migration much earlier than planned, especially in critical sectors like BFSI, identity systems, and telecommunications.
– James Cook, Group Vice President Sales APJ at DigiCert
————————————————————————————————————
The cybersecurity landscape in 2026 will be defined not by new vulnerabilities, but by adversaries’ accelerating ability to weaponise artificial intelligence. We are observing a fundamental shift: attackers are embedding AI into every stage of their operations, compressing timelines, scaling capabilities, and adapting faster than traditional defences can respond. The imperative is clear: defences must evolve at the same pace as AI-enabled adversaries, or risk facing automated attacks that operate faster than human-speed detection and response can counter.
The dawn of AI-driven worms
Traditional self-propagating malware like WannaCry, NotPetya, and Mirai caused billions in damage within days through automated propagation. In 2026, we will observe adversaries integrating AI capabilities to create malware that adapts, selects targets, and evades detection autonomously. These autonomous AI agents are increasingly capable of managing the entire kill chain: vulnerability discovery, exploitation, lateral movement, and orchestration at scale, representing a fundamental shift from manual execution to machine-speed adaptation.
The rise of agentic ransomware
Ransomware has evolved beyond mass exfiltration to targeted extortion schemes, with ransomware as a service (RaaS) operating as a structured business model. What is changing is the integration of AI agents into these operations: rapid encryption, automatic backup destruction, lateral movement, and disabling EDR solutions. AI-driven agents will compress attack timelines from days to hours, giving even low-skilled RaaS affiliates access to advanced automated capabilities that dramatically reduce defenders’ reaction windows.
AI-in-the-middle attacks
Adversary-in-the-middle frameworks are becoming increasingly popular among cybercriminals, exploiting verified access users maintain across devices and platforms. Currently requiring significant manual effort, we are tracking the embedding of AI into these frameworks to automate session hijacking and credential harvesting at scale. Organisations must move beyond static authentication to continuous behavioural monitoring and anomaly detection that can match the adaptive nature of AI-managed attacks.
DeFi exploitation meets traditional banking
As traditional banks embrace crypto rails and stablecoins, we see fraudsters weaponising AI bots, DeFi exploit kits, and smart contract vulnerabilities to automate money laundering at scale. Stablecoins will increasingly power cybercrime economies as attackers exploit the intersection of traditional finance and tokenised systems. Banks can partner with cybersecurity agencies that track such underground crime ecosystems to identify emerging fraud patterns before they scale.
The global threat intelligence paradox
Attackers operate globally, but data localisation trends are creating intelligence blind spots for defenders. As regions embrace data sovereignty, criminals continue attacking without borders while defenders limit detection due to regional visibility constraints. The solution requires federated intelligence models that share threat indicators without transferring sensitive data across borders. A distributed approach that allows regional teams to benefit from global threat knowledge while respecting localisation requirements will become increasingly important.
– Dmitry Volkov, CEO, Group-IB
————————————————————————————————————
In 2025, Quantum computing feels less and less like science fiction than it did in 2024. In 2026, we’ll see it viewed as a ‘here and now’ security concern. Organisations across finance, defence, government, and more will begin to take post-quantum cryptography seriously, quietly introducing it into long-term data protection plans in a way that combines today’s standard with quantum-safe algorithms, ensuring that sensitive information stays secure even as computing power evolves. In parallel, early commercial applications of quantum computing will start to take shape as organisations experiment with quantum simulators available through major cloud providers, and while most of these experimentations will be small and specialised, it will mark a clear shift from curiosity to capability. By the end of 2026, business and IT leaders will be expected to understand what “quantum readiness” means for their organisations, much as they once had to learn the language of zero trust or cloud migration. The companies that prepare early will find themselves in a stronger position to manage risk, protect data, and reassure customers they are ready for what comes next.
Cybersecurity will continue to evolve from a defensive perimeter into a living, adapting system. By 2026, organisations will expect their defences to anticipate and respond to threats in real time, guided by machine learning models that study behaviour rather than static signatures. The focus will move from preventing every possible attack to detecting anomalies quickly and isolating them before they cause harm. Security controls will also become more tightly woven into the fabric of computing. Instead of existing as separate layers or tools, they will be baked in from the ground up. And transparency will be critical. Boards and regulators will demand proof that security decisions are explainable and traceable, not just effective.
– Jason Baden, Regional VP, A/NZ at F5
————————————————————————————————————
2026 will see regulation drive a new wave of convergence across IT and security. As compliance frameworks tighten, particularly around data protection, resilience, and identity management, the traditional divide between IT operations and cybersecurity will continue to close. Organisations will consolidate tools and teams to improve visibility, strengthen accountability, and simplify processes. The result will be leaner, better-connected digital environments where governance and security are built into every layer of operations rather than treated as separate functions.
– Vinayak Sreedhar, Country Manager A/NZ at ManageEngine
————————————————————————————————————
The path to initial compromise in 2026 will split into two highly optimised vectors. First, generative AI has democratised perfect syntax, effectively ending the era of ‘bad grammar’ as a phishing red flag. Social engineering is now linguistically indistinguishable from legitimate business correspondence. Second, for attackers that are looking at scale, the focus has shifted to unmanaged edge-network devices. This serves as a scalable alternative to social engineering. Attackers are automating the scanning of public-facing services immediately after a new vulnerability is discovered by researchers and example exploitation code is available. They use these code samples to deploy backdoors automatically to any organisation that’s not quick at patching, with the typical window for patching being less than 24 hours. Defenders will be squeezed between perfect human mimicry and relentless automated infrastructure sieges.
Modern attacks are increasingly malware-free. Attackers turn to ‘living off the land’ techniques, relying on existing, legitimate administrative tools like PowerShell and WMI to evade detection. This shift is a direct result of modern endpoint security (EDR/XDR) success. We will see new EDR bypass techniques in 2026, acting as evidence of a challenge, not a failure. As threat actors continue getting better at disabling or just staying under the radar of EDR, we can expect a renewed focus on prevention to stop these tools from being abused in the first place.
The mass of computers is no longer the final objective for ransomware attacks. Attackers have realised that encrypting a thousand workstations is inefficient compared to encrypting the single hypervisor that hosts infrastructure for them. This drives the surge in ransomware-as-a-service groups adopting Rust and Go. These languages allow criminals to cross-compile easily, targeting Linux-based virtualisation platforms like ESXi. Together with data exfiltration, targeting the hypervisor will become the dominant method for sophisticated ransomware groups.
While the industry worries about AI-orchestrated attacks, the real danger in 2026 is internal AI security debt. LLMs are adopted by less technical employees and companies continue rapidly deploying agentic AI (MCP). By granting read/write access to sensitive data to non-deterministic agents, there is a massive risk of accruing security debt that could persist for years. Regarding offensive AI capabilities, 2026 will be a year of experimentation rather than industrialisation. We anticipate a handful of AI-orchestrated attacks, but these will be closer to field tests than standard operations. While intellectually fascinating for threat researchers, they likely represent a negligible risk for the broader business community compared to other threats.
– Martin Zugec, Technical Solutions Director at Bitdefender
————————————————————————————————————
Enterprises finally recognising observability as the backbone of digital resilience
Cybersecurity isn’t slowing down, and neither are cybercriminals. But that’s not new. What is new is how profoundly interconnected everything is: our data, devices, and daily lives.
In 2026, as APAC governments update frameworks like Singapore’s Smart Nation initiatives and the upcoming Digital Infrastructure Act, observability will become central to meeting regulatory expectations while keeping critical infrastructure—banking, transport, and telecommunications—highly available and resilient.
As digital services proliferate and operational complexity grows, teams need a unified, real-time view across infrastructure, applications, and users to maintain performance, resilience, and compliance.
Furthermore, AI is now moving beyond text, interpreting diverse signals — from metrics and logs to images, video, audio, and user interactions. This richer context enables teams to spot anomalies, correlate events, and understand incidents faster and more accurately. Emerging tools can, for instance, detect suspicious transactions by analysing voice patterns, behaviour, and payment histories simultaneously, giving organisations a more complete picture of risk and operational health across their digital estate.
Amid the broader push for technical skills and talent, human-centric skills will define the digitally-ready workforce
As AI and automation accelerate detection and response, human insight remains irreplaceable. SOCs are emerging as frontline learning grounds where students and analysts alike gain hands-on experience with real-time threats and enterprise-grade tools. These environments teach more than technical skills but cultivate judgment, critical thinking, and the ability to guide AI responsibly.
Singapore’s Prime Minister recently highlighted this distinction: while AI skills are essential, the real differentiator for the next generation lies in human qualities machines cannot replicate.
The SOC of the future will therefore serve a dual purpose: building hard skills while fostering the human insight needed to make AI-driven operations truly effective. In 2026, organisations that balance technology with human judgment will set the benchmark for resilience and innovation.
– Robert Pizzari, Group Vice President, Asia, Splunk
————————————————————————————————————
Cybersecurity remains one of the top priorities going into 2026. We’re seeing escalating attacks across the region, and AI is becoming a knife that cuts on both sides. It helps companies respond faster and automate more, but it also helps bad actors understand vulnerabilities quicker, develop code faster and exploit those vulnerabilities much faster. As organisations digitise more of their business, a digital failure increasingly becomes a business failure.
I’ve spent time working with the Singapore Institute of Directors, and the overwhelming response from board members is that they want to be educated. They need to understand what the threat landscape looks like and, when, not if, an incident happens, what tools and actions are available to help the C-suite navigate it.
Across Asia-Pacific and Japan (APJ), markets like Singapore, Japan, Hong Kong and Australia operate under highly complex, frequently updated and multi-layered regulations around data protection, privacy and cybersecurity. Boards and leadership teams need to ensure the organisation stays compliant in every country they operate in, even as regulatory expectations and penalties continue to rise.
– Beni Sia, General Manager & Senior Vice President, Asia-Pacific & Japan
————————————————————————————————————
Quantum readiness becomes a boardroom priority
A report on 2026 Asia-Pacific predictions notes that more than 90% of enterprises will prioritise quantum-safe security as recognition grows that future-proofing data and communications is becoming essential. Organisations in finance, healthcare, and other data-sensitive sectors are moving beyond proofs-of-concept to implement quantum-resilient algorithms, quantum key distribution, and secure quantum communication channels. In 2026, quantum readiness will shift from a niche technical initiative to a core component of enterprise risk strategy, compliance, and long-term innovation planning across APAC.
Cybersecurity: An arms race accelerated by AI
As enterprises across Asia-Pacific scale AI adoption, threat actors are increasingly using AI to automate attacks, craft targeted exploits, and weaponise synthetic content. In 2026, cybersecurity will become inseparable from the infrastructure supporting AI and cloud workloads. Zero-trust architectures and continuous verification will be critical foundations for enterprise security, particularly as AI workloads operate across cloud, edge, and hybrid environments. Networks will also evolve to support both performance and security at scale as organisations work to protect distributed workloads, data integrity, and compliance requirements.
– Amitabh Sarkar, Vice President & Head of Asia-Pacific and Japan – Enterprise at Tata Communications
————————————————————————————————————
In 2026, cybersecurity will be shaped by three factors: Agentic AI, intensifying cloud complexity, and the human factor. Threat actors are becoming more sophisticated, launching faster, more targeted attacks. For organisations, 2026 will highlight that visibility, adaptability, and human judgment are the most important.
Agentic AI will become the new insider threat while also redefining security
By 2026, autonomous copilots can leak sensitive data by inheriting poor access hygiene, such as over-permissioned shares and unclassified documents, surfacing files to users who should never see them. Agents will act as identities with their own trust scores, permissions, and behaviors. “Prompt paths” will replace classic phishing, and attackers will trick agents into extracting and exposing data.
Security teams must treat agents as first‑class identities: managing privileges, monitoring behavior, scoring risk, and auditing actions. Organisations that pair agentic AI with firm governance, clear guardrails, and patience will capture the benefits without the blowback.
Attackers will target the core of cloud security: login and authentication
Expect more incidents driven by session hijacking, OAuth abuse, and service accounts with excessive privileges, often bypassing traditional MFA. AI will make this easier, helping criminals stay in once they get in, jump to other accounts and systems, and quietly read or copy data. To hide, attackers will use legitimate cloud services like AWS and GCP for rapid IP rotation. At the same time, phishing will get highly personal. As satellite internet expands, new regions and threat actors will enter the game, increasing attack volume and variety.
The human factor remains the primary battleground
Most attacks begin by manipulating a person rather than breaking a system, and ransomware will shift toward data theft and multi-party extortion using stolen credentials and APIs. In fact, we’re already seeing espionage moving from email to encrypted apps like Signal and WhatsApp, where trust is built. Adversaries hide in plain sight by abusing legitimate remote tools and cloud platforms, so security awareness must become continuous, context-aware coaching embedded in everyday apps.
In 2026, human-centred risk will remain the biggest threat in APJ, however AI will accelerate it further. As organisations race to deploy AI across enterprise workflows, a new class of insider risk is emerging. Based on Proofpoint’s 2025 Data Security Landscape report, two in five enterprises in Singapore cite data loss via public or enterprise GenAI tools as a top concern, and almost half (49%) admit they lack sufficient visibility and controls over these tools.
Yet AI will also be part of the solution. In 2026, we will see security agents meaningfully improve SOC efficiency by handling more ‘entry-level’ actions, triage and automation at scale. In Singapore, more than half of organisations already view unified, AI-driven data-security programmes as the key to safely enabling AI and reducing data-loss risk.
– Jennifer Cheng, Director of Cybersecurity Strategy for Asia Pacific and Japan, Proofpoint
————————————————————————————————————
The cybersecurity landscape is going to get tougher before it gets better, but we are reaching a turning point. As defenders start to leverage the same advanced technologies as attackers, and as these tools are deployed more widely, we’ll start to see real progress. AI-driven systems will increasingly be trusted to take action in real time, isolating a system under attack, proactively protecting the organisation, rather than just reacting. Behavioral analytics will play a critical role here, helping teams detect anomalies and understand patterns of risk across users, devices, and applications.
2026 will be the year we see broader adoption and smarter integration of these capabilities. But the real game changer will be context: the missing link in both security and AI operations. Modern AI can analyse threats at speed and understand their impact within each organisation’s environment. By combining context with behavioural insights, companies can move from predefined responses to adaptive actions that reflect the reality of their systems in real time. It’s a shift that will usher in a new era of cybersecurity, faster, more precise, and far more resilient.
– Mandy Andress, CISO, Elastic
————————————————————————————————————
Cybersecurity in 2026: AI-driven defence is the new normal
The cybersecurity landscape is facing an escalating AI “arms race” with digital trust, AI-augmented defence, and resilience for critical infrastructure taking center stage. Organizations must recognize that threat actors are more aggressive, and the stakes are higher than ever as our reliance on digital environments continues to grow.
In 2026, expect:
- AI-enabled attacks: These are becoming standard practice, enhancing both the effectiveness and ability to scale for attackers.
- Cybercrime: Ransomware and extortion remain the most disruptive threats with impact measured in tens or hundreds of millions of dollars per incident.
- Nation-state operations: Nation-state actors are increasingly targeting the cloud with particular focus on the telecommunications industry.
- Web3 and crypto attacks: These are some of the most financially impactful attacks with billions of dollars stolen.
– Steve Ledzian, CTO, Google Cloud Security and Mandiant, JAPAC
————————————————————————————————————
From innovation to throughput
Because AI, automation, and a mature cybercrime supply chain will make intrusion faster and easier than ever, attackers will spend less time inventing new tools and more time refining and automating techniques that already work. AI systems will manage reconnaissance, accelerate intrusion, parse stolen data, and generate ransom negotiations. At the same time, autonomous cybercrime agents on the dark web will begin executing entire attack stages with minimal human oversight.
These shifts will exponentially expand attacker capacity. A ransomware affiliate that once managed a handful of campaigns will soon be able to launch dozens in parallel. And the time between intrusion and impact will shrink from days to minutes, making speed the defining risk factor for organisations in 2026.
The next generation of offence
FortiGuard Labs expects to see the emergence of specialised AI agents designed to assist cybercriminal operations. Although these agents will not yet operate independently, they will begin to automate and enhance critical stages of the attack chain, including credential theft, lateral movement, and data monetisation.
At the same time, AI will accelerate the monetisation of data. Once attackers gain access to stolen databases, AI tools will instantly analyse and prioritise them, determine which victims offer the highest return, and generate personalised extortion messages. As a result, data will become currency faster than ever before.
The underground economy will also become more structured. Botnet and credential-rental services will become increasingly tailored in 2026. Data enrichment and automation will enable sellers to offer more specific access packages based on industry, geography, and system profile, replacing the generic bundles that dominate today’s underground markets. Black markets will adopt customer service, reputation scoring, and automated escrow. Due to these innovations, cybercrime will accelerate its evolution toward full industrialisation.
The evolution of defence
Defenders will need to respond with the same efficiency and coordination. In 2026, security operations will move closer to what FortiGuard Labs describes as machine-speed defence—a continuous process of intelligence, validation, and containment that compresses detection and response from hours to minutes.
Frameworks such as continuous threat exposure management (CTEM) and MITRE ATT&CK will need to be leveraged so defenders can quickly map active threats, identify exposures, and prioritise remediation based on live data. Identity will also need to become the foundation of security operations, as organisations will need to not only authenticate people but also automated agents, AI processes, and machine-to-machine interactions.
Managing these non-human identities will become critical to preventing large-scale privilege escalation and data exposure.
Collaboration and deterrence
Industrialised cybercrime will also demand a more coordinated global response. Recent international operations show how joint intelligence sharing and targeted disruption can dismantle criminal infrastructure. New community-focused initiatives that allow individuals and organisations to safely report cyberthreats are expected to play a stronger role in scaling deterrence and accountability.
– Fortinet
————————————————————————————————————
Looking ahead to 2026, Southeast Asia is poised for a sharp acceleration in AI adoption. Organisations will move beyond experimentation to embed automation and intelligence into core operations. This transformation will unlock new efficiencies – but it will also reshape the threat landscape.
AI as a double-edged sword
Attackers are already weaponising agentic AI to automate reconnaissance, exploit vulnerabilities, and scale targeted attacks at unprecedented speed. Traditional, signature-based tools will struggle to keep pace. Security teams must embrace an “AI to fight AI” mindset, deploying predictive models that can anticipate and neutralise threats before they materialise.
Operational complexity at scale
Agentic AI will not only redefine security but also expand the scope and complexity of enterprise automation across diverse markets. This will introduce operational demands that strain infrastructure design, visibility, and governance. Manufacturers, for example, will face fragmented, cross-border supply chains, making end-to-end protection of production pipelines and third-party ecosystems non-negotiable.
The edge as the new battleground
Distributed environments, spanning multiple networks, devices, and cloud services, will become prime targets of attack. As factories, clinics, and logistics hubs deploy thousands of intelligent edge devices, ensuring AI workloads remain secure, governed and consistently connected across locations needs to be a top priority for enterprises.
– Wai Kit Cheah, Senior Director, Connected Ecosystem, APAC, Lumen Technologies
————————————————————————————————————
Cybersecurity has moved beyond a standalone IT function, and in 2026, this will be even more evident as it becomes a core business and national capability. As AI, 5G, cloud, and edge computing scale globally, the attack surface will widen at an unprecedented pace, with billions of IoT devices from smart homes to industrial systems coming online. Organisations will demand security that is designed in from the start, built into every layer of the digital fabric rather than added only when things go wrong.
The urgency is already clear today. From the rise of malware and phishing to the growing frequency of ransomware and attacks on critical infrastructure, the global threat landscape is evolving faster than most businesses can respond. Cybersecurity is no longer about defending systems. It is about protecting people, trust, and the continuity of societies that now run on digital infrastructure.
By 2026, three forces will define the next phase of cyber defence: the mainstream adoption of AI-powered security, the acceleration of quantum-safe connectivity to safeguard sensitive data for decades to come, and deeper collaboration across entire ecosystems of telcos, cloud providers, and technology partners.
To help organisations navigate these shifts, we continue strengthening secure digital transformation through partnerships that span AI-driven threat detection, resilient regional connectivity, and end-to-end enterprise digitalisation – ensuring that security grows hand-in-hand with innovation.
– Hoo Chuan Wei, Chief Information Security Officer, StarHub
————————————————————————————————————
Prompt Injection is a Frontier Security Problem
Just as phishing defined the email era, prompt injection is defining the AI era. Adversaries are embedding hidden instructions to override safeguards, hijack agents, steal data, and manipulate models – turning the AI interaction layer into the new attack surface and prompts into the new malware.
In 2026, AI Detection and Response (AIDR) will become as essential as EDR, with organizations requiring real-time visibility into prompts, responses, agent actions, and tool calls to contain AI abuse before it spreads, ensuring AI drives innovation, not risk.
The Rise of Security Orchestrators
Adversaries are already using AI to move faster than humanly possible – and legacy SOCs can’t keep up. In 2026, defenders will evolve from alert handlers to orchestrators of the agentic SOC: intelligent agents that reason, decide, and act across the security lifecycle at machine speed, always under human command. This is the model that will reshape the balance between adversaries and defenders, accelerating outcomes and giving humans the time and clarity to focus on strategy, judgment, and impact.
The success of this evolution will be dependent on the following pre-requisites:
- Providing both agents and analysts complete environmental context with the ability to immediately action any signal.
- An agentic workforce of mission-ready agents trained on years of expert SOC decisions to automate high-friction tasks with speed and precision.
- Benchmarks and validation to prove the effectiveness of agents.
- The ability for organizations to build and customize their own agents to satisfy unique needs.
- Orchestrating agent-to-agent and analyst-to-agent collaboration within one coordinated system guided by human expertise.
Security analysts are not going away – they’re being elevated by a fleet of agents that work at machine speed.
AI Identity Management
In 2026, AI agents and non-human identities will explode across the enterprise, expanding exponentially and dwarfing human identities. Each agent will operate as a privileged super-human with OAuth tokens, API keys, and continuous access to previously siloed data sets, making them the most powerful and most dangerous entities in your environment.
Identity security built for humans won’t survive this shift. Security teams will need real-time visibility, instant containment, and the ability to trace every agent action back to the human who created it. When an AI agent wires money to the wrong account or leaks intellectual property, “the AI did it” won’t be an acceptable answer. This is the era where identity security means protecting entities that don’t have a pulse.
– Elia Zaitsev, CTO, CrowdStrike
————————————————————————————————————
Trend #1: Cyber Risk Becomes a Mandatory Board Governance Metric
Boards will quantify and govern cyber risk, transforming security from a technology cost into a fundamental business duty. Cyber risk is now seen as a top strategic priority by 60% of business and tech leaders globally. This executive focus, driven by geopolitical instability and new regulatory rules, means Boards can no longer treat security as just an IT compliance exercise. They need clear, financial metrics on the true risk exposure.
By 2026, CISOs’ primary function will shift from managing technical defenses to quantifying financial risk. Boards will demand Cyber Risk Quantification (CRQ) to measure the potential dollar impact of security gaps. This new mandate ensures foundational security programs like Zero Trust and data discovery are adequately funded and monitored, as executives are held personally accountable for maintaining basic cyber hygiene.
This change provides security leaders with the necessary budget and executive support, effectively turning security investment into a measurable enabler of business stability and competitive advantage.
– Andy Zollo, Senior Vice President of Application and Data Security, APJ, Thales
Trend #2: Organisations Will Prioritise Operational Resilience Over Prevention
Systemic cloud outages and cascading dependencies will mandate a fundamental shift from
prevention to mandatory operational resilience. The risk of failure in cloud architecture is paramount. When incidents occur, they are rarely complex zero-days; rather, they are caused by internal, foundational failures. Recent industry analysis shows that 44% of all cloud security incidents are traced back to misconfigurations in Identity and Access
Management (IAM). This highlights that the most effective way to compromise the cloud is through poor access control, and a clear customer failure in the Shared Responsibility Model.
In 2026, organisations will prioritise resilience over total prevention, accepting that vendors will fail. This mandates a return to the foundational principles of crisis preparedness. CISOs will enforce the Zero Trust principle of least-privilege vendor access and aggressively implement multi-region/multi-cloud redundancy for critical data stores. The mandate will be to design for failure by continuously testing response plans and ensuring controlled access (IAM) limits the downtime incurred due to compromise or outages.
This strategic return to resilience fundamentals minimizes the business impact of unavoidable third-party failures, protects data from systemic vendor risk, and ensures continuity of critical business functions.
The AI race will only intensify next year, but organisations cannot escape weak security foundations. Companies that balance transformation with discipline, prioritising operational resilience to mitigate cyber resilience will be the ones to reap the benefits responsibly without exposing themselves to avoidable failures.
– Daniel Toh, Chief Solutions Architect, APJ, Thales
————————————————————————————————————
Cybersecurity is shifting and every conversation – particularly in today’s AI era – eventually comes back to trust. Boards and regulators demand assurance that systems are secure, fair, and accountable. Customers want transparency into how their data is used and processed. In practice, this means AI that can explain its recommendations, respect privacy, and reflect local nuance. For example, a bank designing hyper‑personalized engagement needs not only accurate insights but also the ability to trace why a specific offer was made. Embedding explainability and governance into AI systems strengthens cybersecurity by reducing risks of bias, misuse, and opaque decision‑making.
Responsible AI needs to be factored in from the start and not added as a final check.
– Sumir Bhatia, President, Asia Pacific, Infrastructure Solutions Group, Lenovo
————————————————————————————————————
2026 Cybersecurity Outlook: Securing AI and Readiness Gaps
In 2026, cybersecurity will be shaped by the rapid evolution of AI-driven threats and the growing exposure created by accelerated digital adoption. As enterprises embed AI deeper into payments, logistics, customer services and critical infrastructure, attackers are shifting their focus from traditional networks to the AI systems themselves—targeting models, data pipelines and inference environments.
The shift is already visible—LLM-enhanced reconnaissance, adaptive phishing, polymorphic malware and early forms of autonomous agent-based attacks are becoming common.
According to Kyndryl’s 2025 Readiness Report, only 29% of executives feel prepared to manage future AI risks. In Singapore, just 24% of organisations feel ready for future risk, and 58% say they struggle to keep pace with technological change. These gaps—fragmented data, legacy infrastructure, limited observability and insufficient organisational skills—will increasingly be exploited by attackers, especially as AI introduces new risks such as data leakage, unintended behaviours, and model poisoning.
In 2026, the organisations that stay secure will be those embedding protection across the entire AI lifecycle—and aligning leadership, engineering and operations around a single principle: secure intelligence is the foundation of enterprise resilience.
– Andrew Lim, Managing Director, Kyndryl ASEAN & Korea
————————————————————————————————————
2025’s high-profile cyberattacks on the likes of UNC3886 and Qantas have put CISOs under scrutiny. The growing awareness of the near crippling operational, financial, and reputational fallout of a successful hack adds mounting pressure on CISOs. Worryingly, with 50% of IT leaders in Singapore reporting to have unintentionally clicked on a phishing link more than once in the past year, it shows that the vulnerabilities not only lie outside the IT department but within it as well. In 2026, CISOs will need to ensure they empower employees to be vigilant and report suspicious activity but also set the standard with their own security. Embedding cyber hygiene into company culture will be necessary to prevent and reduce threats before they become headlines in 2026.
– Adam Marrè, CISO, Arctic Wolf
————————————————————————————————————
Prevention is dead in cybersecurity – By 2026, the myth of prevention as a primary strategy will be fully exposed. Attackers are faster, smarter, and more patient than ever, leveraging AI, deepfakes, and malware that can remain undetected for months, bypassing traditional defences. Many vendors will continue to overemphasise prevention, presenting it as innovation while moving away from detection and response, but this approach is increasingly ineffective. Breach rates globally are rising 17 percent year over year, with 55 percent of organisations affected in the past 12 months alone—a trend that is mirrored in highly connected, digitally advanced hubs like Singapore, which ranks as the third-largest global source of DDoS attack traffic. The country’s dense concentration of data centres and cloud infrastructure is often exploited by overseas threat actors, illustrating how attackers leverage digital complexity to bypass traditional defences.
This acceleration makes real-time detection, removal, and complete visibility critical. Organisations that implement continuous risk assessment, monitor third-party ecosystems, and maintain visibility into encrypted traffic, where most threats now hide, will gain a decisive advantage. Aligning AI initiatives with security priorities further ensures defences keep pace with adversaries. In this landscape, resilience is not about keeping every threat out; it is about seeing, stopping, and learning from threats in real time. Prevention alone is a pipe dream; the companies that survive and thrive will be those that detect and remove threats before damage is done.
Real-Time Cyber Risk Assessment Will Become a Board-Level Mandate and Drive Cyber Insurance – As adversaries continue to outpace traditional defences, fueled by AI and increasingly sophisticated tactics, organisations will no longer be able to rely on periodic or reactive risk assessments. A recent amendment to Singapore’s cybersecurity regime now requires designated essential service providers that rely on third-party–owned critical information infrastructure (CII) to secure legally binding commitments on security standards, timely incident notification, audits, risk assessments, and incident reporting—reinforcing accountability across the supply chain.
At the same time, cyber insurers will tie premiums and coverage to these practices, rewarding organisations that demonstrate continuous monitoring and penalising those that lack complete visibility. Real-time risk assessment powered by deep observability will become both a governance requirement and a financial lever, ensuring organisations detect and respond to threats before they escalate.
– Shane Buckley, President & Chief Executive Officer, Gigamon
————————————————————————————————————
2026 will be the year identity becomes infrastructure. AI-driven phishing and deepfake impersonation are accelerating in Singapore and across APAC, with an overwhelming 85% of Singaporeans recognising that phishing attempts are becoming more sophisticated. To combat these rising threats, organisations will begin treating identity security the way they approach networks or data centres – as critical systems for business operations which require hardened, resilient components. Organisations across finance, critical infrastructure, and the public sector will increasingly lean on phishing-resistant tools like passkeys and hardware-backed credentials for strong multi-factor authentication (MFA), zero trust, and privileged access.
For 2026, the priority is clear for organisations across APAC: shrink credential‑theft risk by focusing on building phishing-resistant users throughout the company, and build trust in a region where digital transformation continues to out‑pace legacy‑era security models. The companies that adapt fastest will be those treating identity not as an IT feature, but as core infrastructure.
– Geoff Schomburgk, Vice President, Asia Pacific and Japan at Yubico
————————————————————————————————————
Security will be rebuilt around zero trust and AI safety
With attackers increasingly using AI agents to automate reconnaissance and exploit vulnerabilities, and with hybrid work exposing more devices and edge endpoints to physical and remote tampering, security models must evolve. Continuous verification, identity-centric access, and rigorous data governance will become baseline expectations. Organisations will also prioritise AI safety, data provenance, and persistent controls across the information lifecycle. As these capabilities mature, trust will shift from a defensive layer to the foundation that enables secure, confident collaboration across the modern workplace.
– Jennifer Baile, Vice President, Global Services & Solutions, Greater Asia, HP Inc
