CATEGORIES
Explore All News
TOP STORIES

LATEST ISSUE

December 2025

READ ONLINE

Subscribe to Print Edition

SUBSCRIBE
ARCHIVE
November 2025
October 2025
September 2025
August 2025
July 2025
June 2025

Download our App

Subscribe to
Newsletter
FEATURED JOBS
VIEW ALL JOBS
CATEGORIES
QUICK SEARCH

This months jobs sponsored by:

PRODUCT CATEGORIES
Explore Products
TOP STORIES
SECURITY TWENTY
REGISTER
AWARDS
EVENT CALENDAR
2025
2026
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
ALL EVENTS
VIDEO CATEGORIES
ALL VIDEOS
FEATURED VIDEOS
FEATURED VIDEO
Ajax Special event – Dare to be first
FEATURED VIDEO
WIS 2025 montage of photos
FEATURED VIDEO
WIS Awards 2025
COMPANY INFORMATION
BUSINESS & ADVERTISING
EVENTS & RECOGNITION
TESTIMONIALS

“Received the latest edition of Professional Security Magazine, once again a very enjoyable magazine to read, interesting content keeps me reading from front to back. Keep up the good work on such an informative magazine.”

Graham Penn
ALL TESTIMONIALS
GALLERIES
ST25 London – The Big Year End Celebration!
Women in Security Awards 2025
ST25 Manchester 2025
ALL GALLERIES
FIND A BUSINESS

Would you like your business to be added to this list?

ADD LISTING
FEATURED COMPANY
FEATURED COMPANY

TechMondial Limited

TechMondial Limited, established in 2004, is an international master-distributor of world-leading security technologies – primarily in the perimeter security (UVSS and…

FEATURED COMPANY

You too can have your company featured in this slot if you wish, call the office on 01922 415233 if you're interested in this.

Thursday, December 4, 2025
Font size: A A A
Our events:
Security Twenty
Women in Security Awards
SUBSCRIBE TO THE MAGAZINE ADVERTISE WITH US
Latest Jobs
Project Administrator – Frankfurt / Munich, BY
Smoke Ventilation Technical Manager / England
CCTV Installation Engineer / England
Fire Alarm Design Engineer / England
Fire Commissioning Engineer / England
CCTV Installation Engineer / England
Security Service Engineer / London
Data Cabling Engineer / Wales
Smoke Ventilation Technical Manager / England
Security Installation Engineer / England
Post a Job Ad
IT Security

CISOs’ predictions

by Mark Rowe
Jan Bee, CISO at the platform TeamViewer offers two predictions for 2026: third-party SaaS supply chains will become the primary attack point; and password-based authentication will finally become obsolete in organisations. He says:
The interconnected world of SaaS applications will emerge as the most significant vulnerability for enterprises in 2026. As companies continue moving away from on-premise infrastructure to cloud-based solutions, threat actors are shifting their focus from traditional infrastructure to third-party and even fourth-party supplier risks. The days of isolated legacy systems are ending, and with them, the old playbook for enterprise security. What makes this particularly concerning now is that adversaries are leveraging AI to accelerate their ability to identify and exploit vulnerabilities across these complex supplier networks, turning what were once time-consuming surveillance efforts into automated processes. 
 
CISOs must prioritise speed in securing their supplier ecosystem. The challenge isn’t just identifying which applications are in use across departments – it’s understanding them quickly enough to secure them before adversaries exploit the gaps. Start by getting the foundational security posture right for each application, rather than attempting comprehensive security programs that take months or quarters to implement. The key is velocity: secure the primary tools first, then move systematically through the supplier list.  
 
While compliance frameworks continue to mandate complex password policies, forward-thinking organisations will abandon passwords entirely in favour of platform authentication and biometric systems. The password requirements that made sense a decade ago are now actively holding back security progress. In 2026, we’ll see a clear divide between organisations clinging to outdated password mandates and those embracing passkeys, platform authentication on managed devices, and biometric verification as their standard. 
 
CISOs should begin planning the complete elimination of passwords from their authentication workflows. Focus on platform authentication that verifies managed, compliant company devices combined with biometric authentication. This isn’t just more secure – it’s dramatically more user-friendly, eliminating the frustration and security risks of password management. Yes, some compliance frameworks still emphasise passwords, but these requirements are outdated by the current threat landscape. Security teams should work with their compliance teams to demonstrate how modern authentication methods exceed the security intent of password requirements, even if they don’t follow the letter of older regulations. The organisations that make this transition in 2026 will be significantly ahead of their peers in both security posture and user experience. 
Meanwhile, from the anti-phishing platform KnowBe4: “Geopolitics will drive hacktivism and cybercrime, with energy, water and transport facing more attacks,” predicts Dr Martin Kraemer, CISO advisor, KnowBe4. “Digital sovereignty will reshape digital landscapes with heightened investments in the Middle East.” And Javvad Malik, lead CISO advisor at KnowBe4 expects NHS England will mandate passkeys in Trusts, paired with device‑bound credentials and conditional access, materially reducing account takeover.

Heather Hinton, Chief Information Security Officer at the platform Sitecore, says that AI urgently requires effective guardrails and regulations, but progress is too slow among practitioners, regulators and users. She says:

 

“Unlike with GDPR, we now have the expertise in technology, data security and privacy to establish strong, future-proofed policies that protect individuals in this rapidly evolving field. We need clear, decisive regulation that reflects public concerns and keeps pace with the speed of AI development. Businesses will find ways to innovate responsibly, but only if they are given firm accountability structures from the outset. I have every confidence that businesses can do this if held accountable from the beginning.

 “Delayed or inconsistent regulation will not deliver the safe or trustworthy AI adoption the public expects. Policymakers should work closely with experts in data security, privacy and those safeguarding vulnerable groups, rather than relying solely on commercial interests. By doing so, we can produce regulations that are both practical and proportionate – enabling responsible AI use while protecting individuals and strengthening trust in the organisation deploying it.”

 

Q Day

While privacy concerns have kept mandatory digital IDs largely at bay, digital identities tied to their real human identities will become far more popular with the rollout of large regional programs such as the EU Digital Identity Wallet, which will be available to all EU citizens in 2026. While these programs are unlikely to be compulsory, they are expected to become increasingly necessary for accessing digital services, KnowBe4 says.

Q-Day, the day when quantum computers become sufficiently capable of cracking most of today’s traditional asymmetric encryption, will likely happen in 2026. The security of these systems has never been more important. Organisations must strengthen human authentication through passkeys and device-bound credentials while applying the same governance rigor to non-human identities like service accounts, API keys and AI agent credentials, KnowBe4 predicts.

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

News

Products

Explore

© 2025 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing

Close