At the end of every year, Fortinet publishes the Global Threat Landscape Report, which details the year’s activity and makes cybersecurity predictions for the coming year. This year will be no different. However, as part of our CISO Collective, we have also inaugurated an annual CISO Predictions Report for 2026 this year.

Here is a selection of issues we expect CISOs to be dealing with in 2026 and beyond.

AI: Driving Innovation, but at What Cost?

AI is fundamentally transforming almost every business, not just by automating tasks, but by changing how decisions are made, *how *value is created, and how companies compete. It appears that there is virtually no limit to the transformative benefits AI will bring, including its ability to drive innovation. Previously, broad technology changes were within the remit of IT teams. The new wave of generative AI (GenAI) technology, however, is democratizing technological changes, putting control into the hands of all teams across manufacturing, sales, finance, and IT. Every department is leveraging the power of AI to enhance efficiency by automating processes, improving scalability, facilitating better decision-making, and delivering more personalized experiences for customers.

However, this change brings with it some new risks, including:

Lack of transparency (the “black box” problem)

• Many AI models are opaque, making it difficult to interpret how the system arrived at its decision, which can create accountability and compliance challenges.****

Privacy and data misuse

• AI requires large, often sensitive datasets to be uploaded to cloud-based AI systems. If teams are not adequately trained on the risks, this could result in the leaking of sensitive personal information or intellectual property, leading to privacy violations or regulatory breaches.****

Security vulnerabilities

• Adversarial attacks: The subtle manipulation of input data (such as images, text, audio) to trick models into making incorrect predictions.
• Model inversion and extraction: Model queries enable attackers to reconstruct sensitive training data or to clone the model itself, such as extracting personal faces from a facial recognition AI.
• Data poisoning: The manipulation of data to force it to generate incorrect predictions.
• LLM prompt injection: The circumvention of guardrails by embedding hidden instructions in text or websites that cause AI systems to ignore safety rules or leak data.
• Unexpected results: As AI agents (autonomous bots, services, and others) interact more, there’s a risk of coordination or collusion, swarm attacks, and emergent vulnerabilities. These threats are sometimes not covered by traditional cybersecurity frameworks.
• Weak identity and authentication: Agentic AI can enable multiple agents to query one another, making autonomous, reasoned decisions and taking actions to achieve specific goals, often without human intervention. As the use of this technology increases, the security of the agents’ non-human identity (NHI) becomes crucial, as a weakness in the identity of one agent could lead to a cascading vulnerability, resulting in unexpected access to sensitive information.

Prediction: There have already been multiple breaches of AI LLMs.1 2026 will see this increase in both volume and also severity as the use cases grow, AI accesses more and more sensitive data, and agent-to-agent communication is allowed without considering the identity and security implications.

Adversarial Use of AI

Our annual Global Threat Landscape Report will examine the use of AI to augment the malware and ransomware actor toolkit, so we will not cover that. Instead, we cover some of the adversarial risks that AI brings that will impact the CISO.

Disinformation and deep-fake services

There have been many cases of disinformation being used to unduly influence people, most notably during the UK Brexit.2 The power of AI takes this to a new level with services such as OpenAI DALL-E and Sora 2, which make the creation of almost indistinguishable audio, images, and videos trivial.

Prediction: Deep-fake services are going to take business email compromise (BEC) and social engineering to a whole new level. In 2024 and 2025, we have already observed a marked shift in the quality of phishing emails, with AI generating highly targeted, well-constructed emails that make phishing content harder and harder to identify.

The use of AI-generated audio has already been observed in extortion attempts, but in 2026, we expect organizations to face an onslaught of audio- and video-generated content used for BEC, phishing, and other targeted attacks. If people already fall for text-based attacks, resulting in billions of dollars of losses,3 imagine how many there will be once people receive calls or even video calls from their CEO telling them to transfer money.

Fortinet expects there to be a large increase in the value of BEC and other scams with multiple high-profile and high-value attacks in the coming year.

Geopolitical Threats

The new cyber battleground

Cyber now plays a central part in any warfare. During the recent conflict between Israel and Iran, cyber warfare played a major role in destabilizing critical infrastructure. An anti-Iranian group, known as Predatory Sparrow, claimed a successful attack on Nobitex,4 one of Iran’s largest cryptocurrency exchanges, that wiped out $90 million in cryptocurrency and disabled online banking and ATMs.5 This came after that same group claimed to have destroyed data at Iran’s state-owned Bank Sepah6 amid the increasing hostilities earlier in the week.

For more details, see our blog Welcome to the New Cyber Battleground7

Preparatory attacks

2024 and 2025 saw a significant volume of nation-state-associated activity attempting to exfiltrate sensitive data and maintain quiet persistence within organizational networks. Given the current geopolitical tensions worldwide, we anticipate this activity will increase in 2026 as nation-states strive to solidify their country’s position in the global ecosystem.

Attacks on critical global infrastructure

Attacks on the global infrastructure underpinning the internet and beyond have long been used for monetary gain, and during times of war, BGP hijacking has been used to redirect internet traffic.8, 9

Physical attacks on undersea infrastructure have also been another problem, with internet fiber cables being severed between France and the UK,10 Finland and Germany,11 and in the Red Sea,12 among others.

This year saw that pattern continue with the severing of undersea power and crucial internet fiber cables in the Baltic Sea by Russian state-linked actors13, 14 in the wake of Russia’s invasion of Ukraine. More cable cuts in the Red Sea15 led to internet disruptions in Asia and the Middle East, and heightened geopolitical tensions between China and Taiwan have also led to frequent sabotage.16

With reports that China Ship Scientific Research Centre (CSSRC) and its affiliated state-sponsored deep-sea manned-vehicle laboratory have developed a ship capable of cutting cable lines at depths of up to 4,000 meters (13,123 feet),17 we can expect these power plays to continue in 2026.

**Prediction: **Previously, conflicts on the other side of the world may have felt like a distant problem, but cyberwarfare is bringing these conflicts to all of our doorsteps. We expect these issues to continue in 2026, which means more issues CISOs need to be prepared for.

• The Israel–Palestine war has resulted in organizations supplying equipment to Israel to be targeted regardless of their location. In future conflicts, all organizations will need to be on high alert in case they are pulled into the spotlight. We believe this will become the new norm going forward.
• There is no longer any quiet time. Nation-states are constantly working to gain a foothold in organizations’ networks. Following the breakdown in communications between the U.S. and China, and the EU/US and Russia, and conflicts in the Middle East, we expect state-sponsored and state-supported offensive cyber activity to remain high throughout 2026.

Space: The Final Frontier

GPS jamming

Over the last 40 years, the broad adoption of GPS signals for positioning—used in everything from ship, car, and plane navigation to phones, weapons systems, electrical grids, and industrial controls—has made these GPS-enabled devices prime targets in conflict zones. By preventing reception (jamming) or sending false GPS signals (spoofing), malicious actors can degrade or disable munitions, redirect drones and missiles, cause planes to enter enemy territory and be unable to land, and degrade IT systems and other infrastructure.

Russian GLONASS and China’s BeiDou satellite networks are suspected of being able to spoof U.S. GPS and European Galileo systems,18 posing a significant risk. But there have also been thousands of cases of GPS jamming around Ukraine, with the most high-profile case being the targeting of European Commission President Ursula von der Leyen’s plane over Bulgaria.19

Using the GPSJam Service,20 it is clear that this has become a significant global problem, with significant hotspots arising around areas of conflict.

Prediction: This activity will continue, especially surrounding conflicts, as cyber warfare becomes the standard practice. For the majority of organizations, this risk is very low, except for transport logistics, which rely on this information. For airlines, shipping, and defense manufacturers, however, this will become a significant risk, and precautions need to be taken, such as receiver hardening/signal filtering, requiring multiple corroborating information sources, and autopilot lockout, should position or time suddenly shift unexpectedly, which could impact the navigation and landing capability for planes, or cause other more catastrophic incidents.

The growth of satellite communications

It is hard to remember that, not that long ago, we used to enjoy peace and quiet when taking a flight or hiking in the mountains. Now with satellite technology, the internet is even more pervasive, and with all this emerging technology comes more teething troubles.

Recent research by a team of researchers at UC San Diego and the University of Maryland demonstrated that it was possible, with a simple $800 satellite receiver, to intercept unencrypted data over satellite connections,21 including the contents of calls and text messages, and internal commercial, government, and even military communications.22

**Prediction: **As with any new technology that is growing rapidly, there will be issues that will need to be addressed. Because of this, it is vital to take additional precautions now, including adding additional layers of security such as IPsec encryption to prevent unexpected security breaches.

Cybersecurity Skills

Critical cybersecurity skills

At the top of CISO’s concerns over the past three years has been the cybersecurity skills gap. Fortinet has been working to close this gap by helping train one 1 million people in cybersecurity by the end of 2026, and we are well on the way to achieving that goal.

However, Fortinet’s 2025 Cybersecurity Skills Gap Report23 shows that multiple issues remain:

• IT leaders stated that the leading causes of breaches were the lack of security awareness (56%) and the lack of IT security skills and training (54%).
• Forty-nine percent of leaders do not think their board members are aware of the risks posed by using AI.

The good news is that 89% of organizations now prefer to hire candidates with certifications, so keep that Fortinet NSE Training up!

**Prediction: **Now, more than ever, the CISO’s place in the boardroomboard room is critical. We are not there to cause panic and constantly ring alarm bells. But we do need to communicate the benefits of new technologies like AI, along with their associated business risks, as clearly as possible so that so the board can determine their appetite for risk.

The good news for CISOs is that cybersecurity is becoming so critical to the board that we are beginning to see CISOs becoming board members themselves, thereby broadening the experience of the board.

The next generation of security experts

Gen Z (born between 1997 and 2012) is already well established in the workforce, and Gen Alpha (born between 2013 and 2029) will be entering the workforce in the next few years. These were the first iPad generations brought up on Instagram, Snapchat, and TikTok.

These current and future employees are not used to “corporate” technologies such as email. Because many new workers were raised in the digital age, where information is abundant but attention is limited due to platforms like TikTok, YouTube, and Instagram, we must adapt our approach to recruitment, training, and, ultimately, work. Considered worse still, AI is growing so rapidly that it is replacing many of the entry-level roles that new graduates may typically have cut their teeth on in the past. This would mean there would not be a stepping-stone to the more senior roles that are still required.

If we do not adapt to these changes, we risk disenfranchising the next generation of cyber experts.

**Prediction: **AI fluency will become a baseline skill, not a specialty. For this to happen, it must be woven into every student’s curriculum if we hope to prepare tomorrow’s workforce for an AI-driven world. As today’stodays entry-level roles evolve or disappear, those who understand how to apply and secure AI will advance fastest, while organizations and educators that fail to adapt risk losing an entire generation of future cyber talent.

Regulations and Legal and Privacy Pressure

There has been a sharp increase in regulatory frameworks over the past few years, such as the EU NIS2 Directive, the Cyber Resilience Act (CRA), and the Digital Operational Resilience Act (DORA). These reflect the EU’s drive to strengthen cybersecurity and digital trust across industries. However, it is not only the EU driving such regulation: the U.S. federal government is now mandating CMMC Certification, and for Telecoms, Brazil has the Anatel Act, the UK has the Telecoms Security Act, then we have ISMAP (Japan), iRAP (Australia), GovRAMP, and FedRAMP(US).

These regulations collectively aim to raise baseline security standards, enforce greater accountability for software and hardware vendors, and ensure operational continuity in the face of cyberthreats. While they bring much-needed consistency and resilience to the digital ecosystem, they also impose significant compliance and reporting burdens on organizations. Businesses must now invest more heavily in governance, risk management, and supply chain assurance, with tighter deadlines for breach notification and mandatory risk assessments. The result is a shift from voluntary best practices to legally enforced security obligations, increasing both transparency and the cost of compliance but ultimately pushing the market toward more secure and reliable digital infrastructure.

Prediction: Organizations that lag in compliance will face significant penalties—up to 10% of a company’s global revenues24 in some cases. While we do not expect fines of this size initially, we expect to see the first fines begin to be imposed in 2026.

While standards are good for driving security best practices, the fragmentation of these standards on a country-by-country basis is causing significant unnecessary workload, especially as the majority of these standards are testing the identical controls. We hope 2026 brings with it more global collaboration to halt the fragmenting of standards and the acceptance of existing certifications.

The Quantum of Solace

Quantum computing is a perplexing technology for a CISO to navigate and plan for. It is complex technology, unlike anything we are used to. And while it is almost impossible to understand, there are also no immediate risks, as a quantum computer capable of breaking today’s encryption is likely more than 10 years away (unless there is a sudden leap in the technology, which is always possible).

However, while quantum threats are not an immediate concern, there is a real risk that malicious actors might implement a “harvest now, decrypt later” strategy, underscoring the urgency of preparing for a future in which current cryptographic standards may be rendered obsolete as cyber adversaries learn to decrypt historically sensitive data.

If you have ever had to present to your board or CEO to secure a budget, you realize this risk is even more challenging in terms of trying to secure funding for something so complex to explain and so far out on the horizon, yet so critical to every single part of the business.

Prediction: Not so much a prediction as a recommendation: Don’t wait. Rather than pushing this problem down the line until it is too late, start adding quantum readiness to your procurement process now so that all your purchases today are quantum-ready for the future.

The CISO Is Dead! Long Live the Chief Resilience Officer!

I have always felt that the “information security” component of the CISO title is a red herring. The CISO title belies the fact that the role is not purely security-focused. Our daily role is that of a business enabler—enabling business transformation and innovation while doing so in a safe and secure manner, sometimes accepting risk in line with the business appetite. Most of all, though, we have to keep the business running at all times. It is this last point that is sometimes missed. It has nothing to do with security but is one of the most important roles of a CISO.

In a large enterprise, you may be defending your organization against hundreds of thousands of attacks a day. But an attacker only needs to be successful once. Therefore, it is crucial to have multiple layers of security in place, critical network segmentation to prevent issues from spreading, and, above all, a plan for when things go really wrong.

There have been multiple cases of businesses grinding to a halt in 2025 due to security incidents. It is crucial,25, 26 therefore, for CISOs to understand the Minimum Viable Business (MVB) required to keep the organization running and focus as much attention as possible on ensuring this is available at all costs. If we still want to continue being paid, we have to assume the worst will happen at some point and build toward ensuring the business can remain operational despite a catastrophic event.

Ignore the title on your business cards (if you still have them). We all must become Chief Resilience Officers.

Prediction: Attacks on multi-billion-dollar multinational organizations are going to continue in 2026, driven by AI simplifying reconnaissance, the continued growth of Cybercrime-as-a-Service, and further nation state–sanctioned activity.

Realistically, I don’t see the name change sticking in 2026 (and frankly, I like my CISO title—it is a badge of honor). But either way, CISOs need to be planning for failure, become more involved in the infrastructure of the organization, and wrap their arms around building a business continuity plan. This includes helping to define the MVB needed to keep the lights on, the practical testing of the plan, and conducting regular tabletop exercises.

The Year of Resilience: What 2026 Will Demand from Every CISO

2026 will test every assumption about how we defend, recover, and adapt to today’s evolving threat landscape. The pace of change is accelerating (again)—AI is now both the weapon and the shield, geopolitical tensions are spilling into corporate networks, and the line between IT and business risk has disappeared.

For CISOs, the path forward is clear:

• Build resilience first. Assume disruption is inevitable and invest in business continuity, segmentation, and recovery readiness.
• Treat AI as a governed capability, not a shortcut. Use it to enhance detection and response—but protect models, data, and access with the same rigor as any other critical system.
• Harden identity everywhere. As human and machine agents multiply, non-human identities must be secured and continuously verified.
• Strengthen collaboration. Break down silos between security, operations, and leadership. Resilience depends on shared understanding and unified response.
• Stay informed and adaptive. Threat actors innovate as quickly as technology evolves, which means that continuous learning and testing are now core security disciplines.

The role of the CISO has never been broader or more vital. Success in 2026 will belong to those who can combine technical depth with strategic vision, turning security from a reactive function into a force for resilience, trust, and growth.

References:

1 OWASP Foundation. “OWASP GenAI Incident Exploit Round-Up Q2 2025.” OWASP GenAI Blog, July 14 2025, https://genai.owasp.org/2025/07/14/owasp-gen-ai-incident-exploit-round-up-q225/ 2 Walker, Peter. “Final Say Brexit Referendum Lies: Boris Johnson’s Leave Campaign Misled Voters.” The Independent, July 14 2018, https://www.independent.co.uk/news/uk/politics/final-say-brexit-referendum-lies-boris-johnson-leave-campaign-remain-a8466751.html 3 Federal Bureau of Investigation. “Public Service Announcement PSA240911.” Internet Crime Complaint Center (IC3), Sept 11 2024, https://www.ic3.gov/PSA/2024/PSA240911 4 Arkin, Daniel. “Hackers Attack Iran’s Largest Crypto Exchange, Destroying $90 Million.” NBC News, Oct 2025, https://www.nbcnews.com/world/middle-east/hackers-attack-irans-largest-crypto-exchange-destroying-90-million-rcna213920 5 Newman, Lily Hay. “Israel’s ‘Predatory Sparrow’ Hackers Are Waging Cyberwar on Iran’s Financial System.” Wired, July 2025, https://www.wired.com/story/israels-predatory-sparrow-hackers-are-waging-cyberwar-on-irans-financial-system/** 6 Goodin, Dan. “Iran’s Bank Sepah Hit by Cyberattack Amid Regional Tensions.” CyberScoop, July 2025, https://cyberscoop.com/iran-bank-sepah-cyberattack/ 7 Manky, Derek. “Welcome to the New Cyber Battleground,” Fortinet Blog, 2025, https://www.fortinet.com/blog/ciso-collective/welcome-to-the-new-cyber-battleground 8 Priyadarshini, S. “Cloudflare Confirms BGP Hijack Behind 1.1.1.1 DNS Disruption.” GBHackers on Security, 2025, https://gbhackers.com/cloudflare-confirms-bgp-hijack-behind-1-1-1-1-dns-disruption/, 9 NANOG. “A Brief History of the Internet’s Biggest BGP Incidents.” North American Network Operators Group Stories, 2025, https://nanog.org/stories/articles/a-brief-history-of-the-internets-biggest-bgp-incidents/ 10 KVCable News. “Britain and France’s Undersea Fiber Optic Cable Was Cut.” KVCable.com, 2025, https://kvcable.com/britain-and-frances-undersea-fiber-optic-cable-was-cut/ 11 “Undersea Cable Damage Disrupts Internet in Britain and France.” BBC News, 2025, https://www.bbc.com/news/articles/c9dl4vxw501o 12 “Hackers Target Middle East Infrastructure in New Wave of Cyberattacks.” BBC News, 2025, https://www.bbc.com/news/world-middle-east-68478828 13 Arkin, Daniel. “Undersea Cables Are Cut; Suspicion Falls on Russian and Chinese Vessels.” NBC News, May 2025, https://www.nbcnews.com/news/world/undersea-cables-are-cut-suspicion-falls-russian-chinese-vessels-rcna187105 14 Fadel, Leila. “Finland–Russia Undersea Cable Severed Amid ‘Shadow Fleet’ Concerns.” NPR, Dec 31 2024, https://www.npr.org/2024/12/31/nx-s1-5243302/finland-russia-severed-undersea-cable-shadow-fleet 15 Clifford, Catherine. “Red Sea Cables Cut, Disrupting Internet Access in Asia and the Mideast.” CNBC, Sept 7 2025, https://www.cnbc.com/2025/09/07/red-sea-cables-cut-disrupting-internet-access-in-asia-and-the-mideast.html 16 “Massive Internet Outages Following Cable Cuts in the Red Sea.” BBC News, 2025, https://www.bbc.com/news/articles/cwy3zy9jvd4o 17 Center for Strategic and International Studies (CSIS). “China’s Underwater Power Play: PRC’s New Subsea Cable-Cutting Ship Spooks International Observers.” CSIS Analysis, 2025, https://www.csis.org/analysis/chinas-underwater-power-play-prcs-new-subsea-cable-cutting-ship-spooks-international 18 Erwin, Sandra. “America at Risk: High-Impact GPS Jamming and Spoofing from Space.” SpaceNews, 2025, https://spacenews.com/america-risk-high-impact-gps-jamming-spoofing-from-space/ 19 Eddy, Melissa. “Von der Leyen Warns of Russian GPS Jamming in Europe and Ukraine.” The New York Times, Sept 1 2025, https://www.nytimes.com/2025/09/01/world/europe/von-der-leyen-gps-jamming-russia-ukraine.html 20 GPSJam.org. “Live GPS Interference Map.” 2025, https://gpsjam.org/ 21 Newman, Lily Hay. “Satellites Are Leaking the World’s Secrets — Calls, Texts, Military and Corporate Data.” Wired, 2025, https://www.wired.com/story/satellites-are-leaking-the-worlds-secrets-calls-texts-military-and-corporate-data/ 22 University of California, San Diego. SATCOM Data Leak Monitoring Project. UC San Diego SysNet Lab, 2025, https://satcom.sysnet.ucsd.edu 23 Fortinet. 2025 Cybersecurity Skills Gap Report. Fortinet, 2025, https://www.fortinet.com/content/dam/fortinet/assets/reports/2025-cybersecurity-skills-gap-report.pdf 24 European Commission. “Fines — Competition Policy.” European Commission, https://competition-policy.ec.europa.eu/index/fines_en 25 Motavalli, Jim. “Jaguar Land Rover Cyberattack Halts Production, Costs Mount.” MotorTrend News, 2025, https://www.motortrend.com/news/jaguar-land-rover-cyber-attack-production-cost 26 Schweizer, Errol. “What the Cyberattack on UNFI Reveals about the U.S. Grocery Industry.” Forbes, June 16 2025, https://www.forbes.com/sites/errolschweizer/2025/06/16/what-the-cyberattack-on-unfi-reveals-about-the-us-grocery-industry/