The cybersecurity landscape in 2025 was marked by the increased use of generative artificial intelligence (AI) for scams and deepfake-based fraud.
Although these will continue well into 2026, additional threats, such as ‘single points of failure’, state-backed attacks on critical infrastructure and insider threats driven by the rise in shadow IT workers, will also emerge, shaped by significant incidents in 2025 that highlighted vulnerabilities in existing cyber infrastructure and security policies.
The cybersecurity landscape in 2026 will see the emergence of new threats in critical infrastructure and AI
What’s next
Cloud service outages and security vulnerabilities will be in the spotlight following the Amazon Web Services (AWS) outage in 2025. Critical infrastructure providers, including in the power, transportation and financial sectors will face numerous infiltration attempts by state actors seeking to establish footholds in computer systems for exploitation during a potential cyber conflict. Emerging technologies, especially quantum, will prompt many industries — especially crypto and financial — to begin adopting quantum-proof and AI-driven cyber solutions.
Strategic Summary
- For business, companies hiring remote workers will be exposed to insider threats from impostors using stolen identities to access internal data or funds.
- Generative AI will continue to be exploited to generate online scams, phishing emails and disinformation.
- The United States will face internal pressure to increase cybersecurity funding amid escalating threats from China, Russia and Iran.
- Hacktivist groups will target multinational companies that have direct or indirect involvement in global conflicts, particularly those with ties to Israel.
Analysis
In 2025, single points of failure, AI-driven scams and state-backed attacks dominated the cyber landscape. With investments in AI taking off, hackers and malicious groups are likely to continue to exploit these emerging, and increasingly sophisticated, technologies to pursue various political and financial agendas.
Generative AI
Generative AI tools, including large language models (LLMs) and text-to-image generators, will enable hackers to create persuasive phishing emails, malware, deepfake voice or video calls that can later be used to sign off on scams, and other means of deception and theft.
Although these tools have been in use in previous years — and continue to be adopted by new users — they have also become more effective with regard to generating useful codes or persuasive texts, images and videos for scams. In 2026, higher rates of incidents involving the use of generative AI will be observed, particularly involving workers processing fraudulent transfers on the instructions of someone they believe to be their boss or manager (see INTERNATIONAL: GenAI scams will proliferate – January 24, 2025).
A survey by Regula found that 37% of organisations globally had been targeted by a scam involving a voice deepfake. Among US and UK financial professionals, 53% reported encountering scams that used AI-generated deepfakes, with 43% of those ultimately being deceived. These figures are likely to rise in 2026, largely because deepfake detection technologies have not yet caught up with the rapid advances in generative AI. In response, private-sector firms — under growing government pressure — will increase efforts to develop more effective detection systems and to create reliable methods for labelling and authenticating AI-generated content.
The technology for deepfake detection is still nascent
Cloud outages
Building off the major AWS outage in October 2025, which took many websites offline for an extended period, cloud outages and attacks are likely to rise in 2026.
Although the AWS outage does not appear to have been a malicious incident, the far-reaching impacts — lasting several hours and resulting in millions of dollars in losses — have raised awareness about the vulnerabilities inherent to having a highly centralised cloud services industry built around a small number of large companies.
Such ‘single points of failure’ will likely prompt many countries to seek to decentralise their cloud providers more aggressively and rely on a more diverse set of vendors to reduce concerns about having a single point of failure (see INT: Single points of failure risk more IT outages – August 27, 2024).
This push could have mixed cybersecurity consequences: on the one hand, it may strengthen supply chain resilience by reducing dependence on a few major providers; on the other, it could weaken overall security if the rush to diversify leads organisations to onboard vendors with weaker security postures who gain customers simply because they are not among the largest providers.
Critical infrastructure
In recent months, several governments have sounded the alarm over intrusions targeting critical infrastructure, ranging from cyber-espionage campaigns to disruptive attacks.
In August 2025, the US National Security Agency issued a warning about Chinese state-sponsored actors targeting critical infrastructure organisations in the United States and several other countries. The advisory highlighted compromises in a wide range of industry sectors, including telecommunications, government, transportation, lodging and military networks.
Rising geopolitical tensions globally will cause more disturbances in the cyber space
Rising geopolitical tensions — particularly between the United States and China, Ukraine and Russia, as well as across the Middle East — will highlight the need to invest more heavily to secure critical infrastructure networks.
Many of the recent intrusions are believed to represent latent footholds that states may activate only if strategic circumstances demand it in the future. Hence, rising tensions between countries could lead to more sustained and destructive cyberattacks, both state-backed and politically motivated — supporting activist groups or advancing ideological agendas. As critical infrastructure becomes increasingly targeted, states will likely adopt more frequent “name and shame” tactics, making cyber attributions public and heightening the risk of diplomatic fallouts (see INTERNATIONAL: China will escalate cyber attributions – June 13, 2025).
Insider threats
In August 2025, CNN published an in-depth investigation of the ways that North Korea had infiltrated many companies by using AI and stolen identities to interview for and execute jobs as remote IT workers (see NORTH KOREA: Fake IT workers pose new cyber threats – May 22, 2025).
These jobs give North Koreans access to both money — from the salaries that are paid to them through their stolen identities — and proprietary business information that can be useful for corporate and political espionage as well as weapons development.
For individual organisations, protecting against these schemes will require more rigorous and careful hiring and interviewing practices. Broader efforts will also be needed to identify and prosecute the intermediaries who facilitate this process — as in the case of a US woman, Christina Chapman, who was sentenced to eight-and-a-half years in prison in July 2025 for helping North Korean workers get jobs at more than 300 US companies, generating some USD17mn in revenue for North Korea. Chapman operated a “laptop farm” for the North Koreans, receiving their work computers and connecting them from her home (so they appeared to be working within the United States) or shipping them on to overseas locations.
The rising frequency of these schemes will also require law enforcement to allocate significant resources toward identifying individuals who facilitate these operations.
Quantum
Although operational quantum computers remain years away, advances and rising investments in the field will prompt many governments to develop post-quantum cryptography (PQC) roadmaps (see INT: Cybersecurity rules will stress quantum readiness – April 3, 2025).
Given the potentially existential threat quantum-enabled hacking could pose to financial and crypto services, these sectors are likely to face growing pressure — both from governments and investors — to start adopting hybrid post-quantum solutions and increase investments in their existing cybersecurity measures.
