Andrew Smith, Chief Information and Strategy Officer at Kyocera Cyber, offers seven critical risks that he says will shape the 2026 threat landscape. First, vishing and deepfake-driven social engineering will surge, he predicts.
1. AI will supercharge social engineering. Hyper-realistic deepfake voice cloning will make vishing attacks dramatically more convincing, enabling criminals to impersonate executives, suppliers, and public authorities with unprecedented accuracy. As these tools become widely accessible, SMEs, often with limited training and internal verification controls, will face a sharp rise in targeted social engineering campaigns.
2. Identity protection will become a top priority amid rising SaaS and cloud adoption
The rapid proliferation of cloud applications and SaaS platforms continues to outpace many organisations’ ability to secure them. Misconfigurations, fragmented access controls, and an expanding set of user identities create ideal conditions for attackers. Identity protection, including MFA enforcement, conditional access controls, and behavioural monitoring will become an essential foundation for modern cyber defence as attackers increasingly exploit identity-based vulnerabilities.
3. Commercialised as-a-service cybercrime will open the door to more diverse attackers
Cybercrime is now fully commercialised, with Ransomware-as-a-Service and Phishing-as-a-Service platforms enabling criminals of varying skill levels to launch sophisticated attacks quickly and cheaply.
Many reports, including the previously mentioned CrowdStrike 2025, confirm the acceleration of these trends, noting that European organisations account for a growing share of ransomware victims and that both criminal and nation-state campaigns continue to escalate. As these platforms continue to evolve, SMEs, often serving as entry points to larger supply chains, will experience intensified targeting.
4. Nation-state attacks will intensify as geopolitical tensions grow
State-backed cyber operations are increasing in frequency and ambition. Critical infrastructure, logistics networks, healthcare, and essential supply chains remain high-value targets for nation-state actors seeking strategic advantage or disruption.
With advanced reconnaissance, automation and AI-enabled attack methods now standard among these groups, the pressure on UK organisations has never been greater. This is a threat the UK must get ahead of; prevention is far more effective than the cure.
5. Patch and vulnerability management will remain core to preventing breaches
Even as threats become more complex, many successful attacks will continue to exploit unpatched systems and well-known vulnerabilities. Automated scanning tools allow cybercriminals to detect weaknesses within minutes of disclosure. Organisations with inconsistent patching, outdated systems, or weak vulnerability governance will be disproportionately exposed. Effective patch and vulnerability management remains one of the most reliable ways to reduce an attacker’s opportunity window.
6. Threat intelligence will be essential to prioritising cyber workloads
With expanding attack surfaces and increased alert volumes, many organisations, particularly SMEs, struggle to understand which threats genuinely matter. Actionable threat intelligence will become indispensable, enabling security teams and outsourced partners to prioritise patching, triage alerts, and focus resources on the most likely and most damaging risks. Reactive models are no longer viable; 2026 will demand intelligence-led, proactive security operations.
7. Supply chain and third-party attacks will continue to rise
Interconnected supply chains remain one of the greatest systemic risks. Attackers know that compromising a single SME can trigger cascading disruption across multiple sectors. In critical industries, such as pharmaceuticals, food distribution, energy and logistics, the consequences could be severe, even societal. As both criminal and nation-state groups increase their focus on supply chain infiltration, organisations must strengthen third-party risk management and invest in resilience across their entire ecosystem.
2026 will be a defining year for cybersecurity. To best withstand the challenges ahead, organisations must prioritise comprehensive identity protection that covers the whole business, including all cloud applications, configurations, workloads and infrastructure. This must be combined with an emphasis on patch and vulnerability management, intelligence-led security operations, and reinforced supply chain resilience. As far as AI is concerned, it’s vital to fight fire with fire: use the same tools cybercriminals use, and adapt them to fight the good fight. This way, businesses stand the best possible chance of steering clear of trouble.
