{"id":175231,"date":"2026-01-07T06:34:00","date_gmt":"2026-01-07T11:34:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/07\/enterprise-cybersecurity-in-2026-what-cisos-and-security-leaders-expect\/"},"modified":"2026-01-07T06:55:09","modified_gmt":"2026-01-07T11:55:09","slug":"enterprise-cybersecurity-in-2026-what-cisos-and-security-leaders-expect","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/07\/enterprise-cybersecurity-in-2026-what-cisos-and-security-leaders-expect\/","title":{"rendered":"Enterprise cybersecurity in 2026: What CISOs and security leaders expect"},"content":{"rendered":"<p><a href=\"https:\/\/techinformed.com\/enterprise-cybersecurity-in-2026-what-cisos-and-security-leaders-expect\/\">Enterprise cybersecurity in 2026: What CISOs and security leaders expect<\/a><\/p>\n<p><a href=\"https:\/\/techinformed.com\/enterprise-cybersecurity-in-2026-what-cisos-and-security-leaders-expect\/\">https:\/\/techinformed.com\/enterprise-cybersecurity-in-2026-what-cisos-and-security-leaders-expect\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-01-07 06:34:00<\/a><\/p>\n<p>Source Domain: <a href=\"techinformed.com\">techinformed.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>The era of \u201cprevent everything\u201d is over.<\/p>\n<p>In 2026, cybersecurity experts predict the sector will no longer be a technical problem to be contained, but a business risk to be managed. Breaches are inevitable, supply chains are porous and identity \u2014 human and machine \u2014 has become the defining attack surface.<\/p>\n<p>We heard from CISOs, security strategists and field leaders to understand what\u2019s coming. Their predictions converge on four priorities: building resilience into crisis planning, hardening software supply chains against precision attacks, unifying security across converging categories and adapting to regulators who now demand evidence \u2014 not just intent. Here\u2019s what they see coming.<\/p>\n<p>When breaches become business crises<\/p>\n<p>Simon Hodgkinson, Strategic Advisor, Semperis; former BP CISO\u201cThe focus needs to shift from prevention to resilience. Given the impact cyberattacks have on businesses, organizations need proper crisis and risk management. We\u2019re no longer dealing with \u2018cyber crises\u2019, we\u2019re dealing with full-blown business crises.\u201d<\/p>\n<p>Dan Lattimer, Area VP EMEA West, Semperis\u201cBoard members have a much better and more nuanced understanding of cybersecurity and the potential impact of incidents. But because they understand the risk, they are also more willing to accept that you cannot reduce the risk level to zero and as a result, cybersecurity spend will likely only increase marginally.\u201d<\/p>\n<p>Chris Harris, EMEA Technical Director, Cybersecurity Products, Thales\u201cQuantified risk management frameworks such as FAIR are becoming more mainstream. AI can now help do these calculations, so you don\u2019t necessarily need a full team of risk engineers anymore. Alongside this, resilience may become more regulated, with stricter requirements that would push organizations towards more evidence-backed recovery plans, tested processes and measurable response capabilities.\u201d<\/p>\n<p>The code you didn\u2019t write<\/p>\n<p>Conor Sherman, CISO in Residence, Sysdig\u201cSupply chain security will be a material budget item in 2026. As agentic coding assistants take on a larger role in software development, risks in third-party packages are amplified: a single exploited dependency can cascade through an automated system with outsized impact. AI-generated code, prone to issues like hallucination and bloat, only makes these weak links even more dangerous.\u201d<\/p>\n<p>Simon King, Head of Information Security, Infinigate Group\u201cIn 2026, software supply-chain attacks will evolve from mass exploitation to precision targeting. Adversaries contribute legitimate code to open-source projects, build trust within developer communities and wait for the right moment to strike. Trust will become an increasingly exploited vulnerability. Organizations must verify not just who accesses their systems but what code they run. Knowing the origin, integrity and build process of every component will become a baseline requirement.\u201d<\/p>\n<p>Who goes there?<\/p>\n<p>Ev Konstevoy, CEO, Teleport\u201cIdentity-related cybersecurity categories are converging. Organizations will stop deploying security strategies for classes of identities and will instead start to tackle identity types in a unified way. The responsibility for securing computing infrastructure requires that engineering join IT in guarding organizational infrastructure.\u201d<\/p>\n<p>Ev Konstevoy, CEO, Teleport<\/p>\n<p>Keith McCammon, Cofounder, Red Canary\u201cIn 2026, zero trust principles will shift from ambition to necessity. Companies will start operationalizing zero trust principles in focused, tactical ways. Organizations will stop seeing zero trust as an all-or-nothing overhaul and start treating it as a journey that builds resilience one layer at a time. Even partial adoption can significantly reduce risk, cost and noise when done deliberately.\u201d<\/p>\n<p>Douglas Murray, CEO, Auvik\u201cThe assumption that traditional perimeters and signature-based controls are adequate will continue to break down. Organizations will need to shift from static defenses to posture-aware, behavior-based detection and continuous validation of AI-enabled services.\u201d<\/p>\n<p>Simon King, Infinigate Group\u201cIn 2026, cybersecurity budgets are set to undergo a fundamental change driven by regulatory pressure, technological advances and the evolving threat landscape. Companies will move away from rigid contracts and expensive individual tools toward flexible, AI-supported solutions. Security spending remains stable at 10\u201315% of overall IT budgets, making intelligent allocation critical.\u201d<\/p>\n<p>Threats from within, pressure from above<\/p>\n<p>David Higgins, Field CTO, CyberArk\u201cIn 2026, the insider threat will shift from disgruntled employees to staff tempted by direct financial incentives offered by cybercriminal groups. The traditional view of the \u2018malicious insider\u2019 as a lone, disgruntled actor is being replaced by financially motivated insiders, sometimes acting in concert with organized cybercrime.\u201d<\/p>\n<p>Scott Bridgen, GM Risk &#038; Audit, Diligent\u201cThere\u2019s no doubt that the EU\u2019s Digital Operational Resilience Act (DORA) is a priority for financial entities. Compliance teams are under mounting pressure to move from box-ticking to demonstrating true resilience. The agenda will move from awareness to accountability.\u201d<\/p>\n<p>Seeing through the noise<\/p>\n<p>Mark Coates, Vice President EMEA, Gigamon\u201cIn 2026, network and application metadata will move from a supporting signal to a central source of clarity for security teams. Metadata fills the gap left by traditional sources, giving analysts the context they need to reveal suspicious behavior with far greater precision. Organizations that capture and analyze metadata will operate with a clear advantage.\u201d<\/p>\n<p>Mark Coates, Vice President EMEA, Gigamon<\/p>\n<p>Mandy Andress, CISO, Elastic\u201cThe cybersecurity landscape is going to get tougher before it gets better, but we are reaching a turning point. AI-driven systems will increasingly be trusted to take action in real time, isolating a system under attack, proactively protecting the organization, rather than just reacting. Behavioral analytics will play a critical role, helping teams detect anomalies and understand patterns of risk across users, devices and applications.\u201d<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Enterprise cybersecurity in 2026: What CISOs and security leaders expect https:\/\/techinformed.com\/enterprise-cybersecurity-in-2026-what-cisos-and-security-leaders-expect\/ Publish Date: 2026-01-07 06:34:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":175232,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/techinformed.com\/wp-content\/uploads\/2025\/11\/globe-cyber-tech.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,27],"class_list":["post-175231","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/175231"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=175231"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/175231\/revisions"}],"predecessor-version":[{"id":175233,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/175231\/revisions\/175233"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/175232"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=175231"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=175231"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=175231"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}