Emerging artificial intelligence threats and identity-focused attacks are set to define the global cybersecurity landscape in 2026, according to newly published research by IBM and recent industry analysis by Kaspersky.
The warnings come as businesses and governments prepare for increased cyberattacks. While it’s too early to say how much cybercrime cost last year, cybersecurity firm DeepStrike projects the annual cost to reach US$10.5-trillion. This is up from around $9.2-trillion in 2024.
IBM said that while the global average cost of a data breach fell 9% to $4.4-million, the average cost in the US hit a record high of $10.2-million.
In its cybersecurity predictions for this year, IBM identifies autonomous AI agents and ungoverned “shadow AI” tools as major risk drivers. These systems, which are capable of operating with limited oversight and accessing sensitive data, are expected to outpace traditional monitoring and control mechanisms. This will force organisations to rethink defensive strategies.
“The agentic shift is no longer theoretical, it’s underway. Autonomous AI agents are reshaping enterprise risk, and legacy security models will crack under the pressure. To stay resilient, organisations must drive a new era of integrated governance and security, built to monitor, validate and control AI behaviour at machine speed,” said Mark Hughes, IBM global managing partner of cybersecurity services, in a statement.
IBM also highlighted that identity systems are becoming the main target for attacks, as cybercriminals increasingly leverage deepfakes, biometric spoofing and AI-driven impersonation to bypass security measures.
‘Critical national infrastructure’
Kevin Albano, global head of IBM’s X-Force Threat Intelligence, said that given the sensitivity of AI-driven data and agentic workflows, identity will need to be treated as “critical national infrastructure”.
This shift will require specialised cyberthreat-hunting capabilities, AI-specific protections and infrastructure-level security controls to defend against increasingly sophisticated external attacks.
“Identity will no longer be just an access layer – it will be a strategic security priority on par with networks and cloud,” he said.
Read: AI is rewriting cybercrime – and Microsoft warns companies are dangerously behind
Meanwhile, cybersecurity firm Kaspersky warned in its latest cybersecurity bulletin that telecommunications networks could face big outages in 2026 because AI tools that automatically fix problems might make mistakes. If the data AI uses is wrong or manipulated, it could spread errors across the network very quickly, causing widespread service disruptions.
Focusing on the telecoms sector, it said that networks risk service disruptions if they rush the roll-out of new quantum-resistant encryption across their networks, which is designed to resist attacks that utilise quantum computers.
“The underlying driver remains ‘harvest now, decrypt later’: malicious actors can collect encrypted data today and attempt decryption in the future, which pushes providers to accelerate migration planning. However, timelines for cryptographically relevant quantum computers are uncertain, so the practical near-term hazard is operational instability during the transition rather than immediate quantum decryption,” Kaspersky said.
Another risk is that 5G’s direct integration with low-Earth orbit constellations may create satellite-linked disruptions as it expands the attack surface into unfamiliar territory: ground-station networks, management portals and terrestrial-space coordination software.
Read: South Africa faces ‘triple-edged sword’ as AI fuels next-gen cyberthreats
Kaspersky stressed the importance of human oversight and robust change management, even in automated environments, to mitigate these risks. – © 2026 NewsCentral Media
Get breaking news from TechCentral on WhatsApp. Sign up here.