E2e-assure’s Gary Monsour gives his top three predictions for the cybersecurity sector next year.
Looking back at the last twelve months, it’s hard to believe how much has happened in the cybersecurity world.
The retail attacks against M&S, Coop and Harrods just a few months before the economically devastating attack on Jaguar Land Rover give pause for thought and have made many re-evaluate their security readiness.
Ransomware actors in particular have professionalised and expanded their capacity for damage, using extortion tactics in addition to encrypting files.
With attackers setting their sights on critical national infrastructure (CNI), we’re seeing increased focus on protecting operational technology (OT) as it becomes more interconnected with IT.
This year has also kicked off the quantum conversation as ‘Q day’, the day when quantum computers can decrypt at scale, is considered to be less than a decade away.
Let’s take a look at some of the trends that will be significant as we move into 2026.
Ransomware will become a major threat to OT
OT environments haven’t been subjected to the same barrage of attacks as IT, and that’s led to a certain amount of complacency. But threat actors are now focusing their efforts on it, as evidenced by the recent Volt and Salt Typhoon attacks. These attacks, perpetrated by Chinese state-sponsored actors, are long-term espionage campaigns against telecommunications, government, transportation, lodgin, and military networks, focusing on routers, firewalls and other edge devices components that are difficult to patch or monitor effectively.
Next year, we can expect to see ransomware attacks against OT systems go from being nation state sponsored to mainstream. That’s because the gateways between IT and OT are notoriously insecure; OT systems are often left unpatched, so carry known vulnerabilities and are not sufficiently monitored. Attackers have seen the effect they’ve had on manufacturing downtime, and know that companies will be tempted to pay up to avoid succumbing to Jaguar Land Rover’s fate.
Initiating change will, however, prove challenging due to the cultural mindset in OT. These teams often don’t see the need to alter processes or introduce controls unless they’ve been attacked, so the CISO will have to get those personnel onboard. An effective way of doing this could be running attack drills and initiating red team testing to help evidence where the vulnerabilities are and the need for action.
New energy infrastructure will become a prime target
We’re also going to see CNI and distributed energy resources become the new frontier in cyber warfare due to the devastating impact that taking down services that sustain life, be that energy, water or food, can have.
We’ve already seen attackers go after CNI, for example the attack against American Water in 2024. But the attack surface has expanded in recent years with the addition of green energy solutions.
Solar panels, for example, and the inverters they feed into, are seldom protected, making it perfectly plausible that those could be hacked en masse and used to carry out a DDoS attack against a national grid.
Add in the rash of new AI data centres into the mix and it’s easy to see why the sector will become a hot target.
Google is planning to build a hyperscale datacentre in Thurrock in the UK and five nuclear powered data centres were announced as part of the US-UK alliance this year. All data centres are now considered CNI at the distributed energy edge because of their importance in sustaining our digital economy and so these too will become prime targets for attack.
These organisations’ supply chains too are under more scrutiny. NIS2 and the Cybersecurity and Resilience Bill will formalise cyber security assessments of the supply chain for those organisations deemed in scope. While these initial steps will lead to more comprehensive regulation of the supply chain in the CNI space, the regulations also encompass commercial businesses, with governments seeking to get ahead of the attackers, limit the impact of vulnerabilities and protect their economies.
Quantum makes it all irrelevant
It could be argued that all this work to protect businesses and governments is irrelevant in the face of quantum-powered attacks. Quantum computing and decryption looms on the horizon and with it the potential for catastrophic data compromise.
Quantum is expected to allow attackers to break encryption, rendering all sensitive data vulnerable, but just when that threat will be realised remains unknown. It’s certainly coming, which is why threat actors are thought to be hoarding encrypted data in the expectation they’ll be able to decrypt it in the future.
The expectation is that a nation state will make inroads with the technology into 2027 or 2028, after which ‘Pandora’s Box’ will be open.
Organisations therefore need to start familiarising themselves with the NIST post-quantum cryptographic standards released earlier this year and begin to plan how they will migrate their existing data assets to become quantum-ready.
However, there is no point abandoning any current efforts to shore up existing defences and increase the resilience of the supply chain. Quantum security may not be a 2026 problem, but ransomware actors, nation state espionage and supply chain threats very much are.
By Gary Mounsor
Gary Mounsor is a senior cybersecurity consultant at E2e-assure, a UK company specialising in managed threat detection and response.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.