SECURE horizons
Benjamin Leitch, CXO Cyberconnections and Digital Content Manager, Intelligent Global Media
In this column, we’ ll be discussing key issues for CISOs and their teams – from AI to wellbeing and from Zero Trust to communication.
If you’ d like to get in touch, email ben. leitch @ intelligentglobalmedia. com
CYBERSECURITY LESSONS FROM 2025 WE CANNOT IGNORE IN 2026
If 2024 was the year of warning shots, then 2025 was the year the cannons fired. Across industries, governments and communities, cybersecurity was tested in ways that revealed both the ingenuity of attackers and the fragility of our defences. As we step into 2026, the question is not whether we can keep pace, but whether we are willing to rethink the fundamentals of how we protect digital society.
T he most striking trend of 2025 was the sheer scale of AI-driven cyberattacks. Generative AI was weaponised to produce convincing phishing campaigns, automate ransomware deployment and even mimic trusted voices in real-time. Incidents such as the Cloudflare and Salesforce breaches demonstrated how attackers are exploiting automation to overwhelm even well-defended enterprises.
Healthcare, automotive and energy sectors were repeatedly targeted, with ransomware crippling hospitals and supply chain breaches disrupting food distribution. These attacks were not just technical failures; they were societal shocks. When a grocery wholesaler like UNFI was paralysed, it wasn’ t just about data – it was about food on shelves. Cybersecurity is no longer an IT problem; it is a public safety issue.
Governments responded with new laws and frameworks. In the UK, the Cyber Resilience Bill advanced, aiming to impose stricter obligations on organisations to report incidents and harden systems. Meanwhile, courts expanded interpretations of GDPR, ruling that even the fear of data misuse could justify compensation claims. This legal shift could open the floodgates to litigation, forcing companies to take privacy and resilience far more seriously.
What must change in 2026
Looking back, the common thread is that defenders are reactive, while attackers are proactive. To reverse this imbalance, several shifts are essential:
• Resilience over compliance: Too many organisations treat cybersecurity as a checklist exercise. In 2026, resilience must be the goal with systems designed to withstand and recover from inevitable breaches.
• AI against AI: If attackers are using AI to scale threats, defenders must deploy AI to detect anomalies, predict attacks and automate responses. The arms race cannot be fought with human analysts alone.
• Public-private collaboration: Attacks on councils and hospitals show that cyber incidents ripple across society. Governments, businesses and communities must share intelligence faster and more openly.
• Human factor investment: Despite the rise of AI, people remain the weakest link. Training, awareness and cultural change are as vital as firewalls and encryption.
2025 was a bruising year, but it was also clarifying. Cybersecurity is no longer about protecting data – it is about protecting trust, continuity and safety in a digital-first society. If 2026 is to be different, we must stop treating cyber as a technical afterthought and start embedding it into the very fabric of how we live and work.
Cybersecurity is no longer about protecting data – it is about protecting trust, continuity and safety in a digital-first society.
WWW. INTELLIGENTCISO. COM 19