Predictions 2026: Cybersecurity And Risk Leaders Grapple With New Tech And Geopolitical Threats - Forrester

Home > Featured Blogs > Predictions 2026: Cybersecurity And Risk Leaders Grapple With New Tech And Geopolitical Threats 2025 was a tumultuous year for cybersecurity professionals. A change in political leadership in the US introduced instability within federal cybersecurity agencies and had a worldwide ripple effect; the focus on AI technology shifted from generative AI (genAI) to agent and agentic AI for productivity, cybersecurity, and malicious actors; and the variety of cyberattacks targeting critical infrastructure markets as well as average businesses, reaching all four corners of the globe, kept security and risk teams on their toes. In 2026, continued political instability coupled with technological advancements being used by cybercriminals will force security, risk, and privacy leaders to not just adapt their defensive technologies to respond but to also prepare their workforce for these shifts to reduce the risk to the business. To help business and security leaders understand where to focus their attention in the year ahead, here are three of Forrester’s 2026 cybersecurity and risk predictions: An agentic AI deployment will cause a public breach and lead to employee dismissals. Since its launch in 2022, genAI has caused several data breaches or affected the integrity or availability of sensitive data. As companies begin building agentic AI workflows, these issues will only become more prevalent. Without the right guardrails, systems of autonomous AI agents may sacrifice accuracy for speed of delivery, especially when interacting directly with customers. When these failures occur, some treat AI agents as their own entities while others point fingers at individual employees, but breaches like these are due to a cascade of failures, not a single individual. To prevent these failures, and scapegoating, security organizations must enable the business to develop agentic applications with minimum viable security. Follow the AEGIS framework, securing intent, ensuring appropriate identity and access management controls to track agent activity, and implementing data security controls to track data provenance. Five governments will nationalize or place restrictions on critical telecom infrastructure. The Salt Typhoon cyberespionage campaign, attributed to nation-state actors, breached over 600 orgs across 80 countries, exposing the vulnerability of commercial telecom as hackers went undetected for years. Governments responded: Australia reinforced SOCI (Security of Critical Infrastructure) Act reforms, mandating direct oversight of telecom assets; Italy advanced a €22 billion restructuring of Telecom Italia’s network while planning its own satellites for encrypted comms; and the US banned Chinese and Russian ownership of subsea cables and bolstered cybersecurity standards. Telecom, however, relies on vast internet-of-things ecosystems (notoriously insecure and frequently exploited), while the rapid rise of space infrastructure such as low-Earth-orbit satellites adds new attack surfaces. To counter, governments will assert unprecedented control over telecom security. To stay ahead of new security regulations, CISOs must strengthen continuous monitoring of critical ecosystem risks while evolving to continuous control monitoring. Quantum security spending will exceed 5% of the overall IT security budget. Forrester estimates that commercial quantum computers will break today’s asymmetric cryptography in less than 10 years and, given regular advances, sooner. Meanwhile, NIST guidance dictates that RSA and ECC support will be deprecated in 2030 and disallowed in 2035. In response, security teams will ramp up quantum security spending overnight in several areas. First, many will retain consulting services to help plan quantum security migrations. Second, product security teams will work with development counterparts to replace outdated cryptographic libraries and components. Third, security teams will work with risk and procurement colleagues to track vendor and partner quantum migration plans. Finally, teams will invest heavily in cryptographic discovery and inventory tools to prioritize high-impact systems for migration, and many will pilot cryptographic agility solutions. Quantum security is no longer just a concern for banking and critical infrastructure; all CISOs must consider similar spending. Forrester clients can read our full Predictions 2026: Cybersecurity And Risk report to get more detail about each of these predictions, plus two more bonus predictions. Set up a Forrester guidance session to discuss these predictions or plan out your 2026 security strategy. If you aren’t a Forrester client, download our complimentary Predictions guide, which covers our top technology and security predictions for 2026. And get additional complimentary resources, including upcoming webinars, on the Predictions 2026 hub. Related Links Predictions 2026 hub Related Forrester Content Predictions 2026: Cybersecurity And Risk Categories Age Of The Customer Cybersecurity Trends Network Security Risk Management Security Architecture Security Risk Management Get The Insights At Work Newsletter Business Email Address* Country* Country United States Åland Islands Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belgium Belize Benin Bermuda Bhutan Bolivia, Plurinational State of Bonaire, Sint Eustatius and Saba Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Cambodia Cameroon Canada Cape Verde Cayman Islands Chad Chile China Christmas Island Cocos (Keeling) Islands Colombia Comoros Cook Islands Costa Rica Côte d'Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guyana Haiti Heard Island and McDonald Islands Honduras Hong Kong Hungary Iceland India Indonesia Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati Korea, Republic of Kuwait Kyrgyzstan Lao People's Democratic Republic Latvia Lesotho Liberia Liechtenstein Lithuania Luxembourg Macao Madagascar Malawi Malaysia Maldives Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia, Federated States of Moldova, Republic of Monaco Mongolia Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory, Occupied Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Rwanda Saint Barthélemy Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Martin Saint Pierre and Miquelon Saint Vincent and the Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Seychelles Sierra Leone Singapore Sint Maarten (Dutch part) Slovakia Slovenia Solomon Islands South Africa South Georgia and the South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syria Taiwan Tajikistan Tanzania, United Republic of Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates United Kingdom United States United States Minor Outlying Islands Uruguay Uzbekistan Vanuatu Vatican City Vietnam Virgin Islands, British Virgin Islands, U.S. Wallis and Futuna Western Sahara Zambia Zimbabwe Yes, I’d like to receive Forrester’s Insights At Work newsletter and receive occasional survey invitations and marketing communications. AI Isn’t A Hardware Contest — It’s A Human Test Most orgs get less than 50% ROI on AI. See how people, skills, operating models, and culture — not more tech — unlock the value your AI investments are missing. GET THE HUMAN + AI GUIDE Blog Volatility Isn’t Temporary — Account For It In Your Leadership Playbook Going Forward Matthew Selheimer 3 Days Ago For many B2B leaders, volatility no longer feels like an interruption to “normal.” It is now the standard operating environment. Economic uncertainty, geopolitical shocks, AI-driven disruption, and shifting buyer behavior are colliding, exposing weaknesses in traditional go-to-market models and leadership assumptions. The good news? Volatility can benefit those who adapt faster, focus harder, and lead […] Read More Blog Cyber Risk Ratings Fade Out; Actionable Intelligence Takes The Spotlight Paul McKay 3 Days Ago In musical notation, “al niente” means fading until sound is barely perceptible, usually to end a significant piece of music such as the ending of Tchaikovsky’s reflective and somber sixth symphony. And that is how the cybersecurity risk ratings market is likely to proceed over the coming months. Ratings will not fade away to nothing […] Read More