Ruth Wandhofer, Board Member and Senior Adviser at LSEG and PTSB, outlines how organizations must fundamentally reshape their cybersecurity strategies to counter an unprecedented wave of AI-powered threats emerging in 2026.
The 2025 Wake-Up Call
Major incidents in 2025—ransomware attacks on Marks & Spencer, supply chain breaches at Bank Sepah, and infrastructure attacks on Collins Aerospace—marked a pivotal year. Ransomware surged 60% in the first half alone as adversaries weaponized AI to automate phishing, deepfakes, and malware generation. However, AI-powered defense also advanced significantly through autonomous threat detection, predictive analytics, and zero trust frameworks.
Key Threats for 2026
Wandhofer identifies converging threat areas. AI-driven attacks will proliferate with autonomous agentic systems capable of social engineering. Deepfakes will challenge identity verification, demanding new authentication methods. The digital attack surface has expanded massively through multi-cloud infrastructures and IoT systems, while supply chain risks remain critical as attackers exploit trusted suppliers.
Shadow AI presents an overlooked threat: employees feeding corporate data into commercial language models risk exposing sensitive information. Onchain cybercrime will intensify as criminals target decentralized finance platforms and migrate operations onto blockchains to evade law enforcement. Quantum computing approaches “Q-Day”—when quantum systems can break classical encryption—enabling adversaries to bypass authentication and turbocharge attacks.
Defense and Strategy
AI-powered cybersecurity will enable continuous monitoring and automated response, while verification tools flag deepfakes in real time. Zero trust frameworks will become standard configuration, and attack surface management will focus on continuous discovery rather than periodic assessment. Organizations must transition to quantum-resistant encryption to prepare for Q-Day.
Wandhofer emphasizes a paradigm shift from “detect and respond” to “predict, prevent, and defeat.” Success requires AI-driven autonomous defense with real-time threat detection, resilience-focused strategies with strong governance frameworks, and cross-disciplinary collaboration supported by continuous training. Organizations investing early in these strategies will be best positioned to mitigate 2026’s cybersecurity risks.