Network Security
Vulnerability Management
Privileged Access Management 
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
During a recent Threat Watch Live session, Adam Pilton challenged Morten Kjaersgaard, Heimdal’s Chairman and Founder, to predict three cyber security trends for 2026.
Adam added his own predictions, drawing from this experience as a former cybercrime detective. Spoiler: Both Morten and Adam agreed that 2026 will bring a sharper focus on compliance.
Here’s what they predict.
SMBs catch a break if they’ve done compliance right
Hackers recently discovered there’s no use in targeting small businesses. Reports show that most SMBs don’t pay ransom.
Morten Kjaersgaard says:
The mid-market and the lower end of the market will have a slightly easier time in 2026. Because attackers are finding out that, with the statistics of the payouts earlier, it’s not really paying off, and it’s not worth that kind of sophistication for them. So, they’re going to leave them a little bit more alone.
That doesn’t mean SMBs should lower their guard.
Morten says smaller businesses should continue to abide compliance requirements and maintain their security posture.
SMBs should not lower their security standards. Due to compliance pressure, many have already hardened their posture organically. So, they’re much better equipped today and harder to breach.
SMBs are an interesting target for hackers as long as they’re easy to break. Once they upgrade their defences up to a level where they meet NIS2, Cyber Essentials, or UK NIS, they stop being easy prey.
Many small businesses have already strengthened their defenses under compliance pressure. Combined with their lower financial payouts, this makes them less worthwhile targets.
Attackers will focus on higher-end targets where complexity and potential payouts justify the effort.
Professional automation across verticals
Morten’s second prediction for 2026 is that cyberattacks will become highly automated and targeted at specific industries.
Automation will shift from opportunistic to highly coordinated and intentional. Just like Scattered Spider, they’ll use multiple techniques – social engineering, brute-force attacks, and vulnerability scanning – against the same organisation.
It’s going to be the likes of a kind of Scattered Spider type of approach where you use both social engineering but at the same time for the same company you will use the likes of brute force attacks into the environment, vulnerability scanning and so on.
Morten Kjaersgaard also thinks that these campaigns will be tailored by industry and run at scale.
As a result, larger brands will face increased breach risk in 2026.
Compliance is going to be the second cornerstone
Compliance gets mentioned on both Morten Kjaersgaard and Adam Pilton’s lists.
The increasing regulatory pressure will make it a fundamental pillar of cybersecurity in 2026, says Morten.
He predicted that cybersecurity in 2026 will sit on two bases:
- Doing the technical security work
- Being demonstrably compliant with relevant regulations, like NIS2, NIST 800-53, the Cyber Resilience Act, UK NIS, and Cyber Essentials
For vendors this means
a big pressure from customers into the likes of us and other vendors to make sure compliance is a native part of the way we operate.
Compliance will need proof, not promises
Former cybercrime detective Adam Pilton also stressed that continuous compliance would play a key role in 2026. He brings into the spotlight a less discussed detail:
Another thing we’re going to see this year is that it will no longer be acceptable to say, “We’re compliant!” and then just show a certificate that’s dated months, months, and months potentially before.
A Cyber Essentials compliance certificate is only valid for 12 months. It won’t protect you any further.
For suppliers, continuous compliance will become a non-negotiable requirement.
If a customer can’t trust your security posture today, they may not want to work with you tomorrow. Being able to prove your compliance will be key to staying trusted and relevant.
We’re going to see a lot more demand for proof and evidence of it. And it may be simple reporting from the tooling that you’ve got, but I do believe we’re going to see that demand for traditional compliance, Adam thinks.
Cybersecurity accountability – a boardroom issue
Another thing to consider, says Adam Pilton, is that incident response will no longer be considered an issue that only concerns the IT team.
The word that sums up 2026 for me is accountability.
Incident response itself is now going to move away from solely being something that the IT team deal with to a boardroom problem.
Major data breaches can disrupt workflows, supply chains, and critical services. They compromise people’s privacy – and safety in some cases – and they put security teams through huge, long-term pressure.
High-profile incidents such as the 2025 Marks & Spencer attack and the 2023 British Library breach show why cybersecurity now belongs in the boardroom.
We’re looking at how people are impacted, whether that be how we’re communicating during an incident to partners, the supply chain and even our own staff.
Cyber insurance starts pushing back on AI risk
If you follow The Cyber Snapshot, Adam’s weekly news digest series, you’ve noticed how frequently hackers manage to weaponize AI platforms. We’re talking about AI chat leaks, or even full AI-based attacks.
As Adam observed, one of the outcomes is that
in America recently cyber insurance firms are coming out and they’re saying they don’t want to be responsible for or ensure the output of AI, or the potential risks associated with AI.
AI introduces risk variables that insurers can’t yet reliably model. While you can control what information you share and the result you’re aiming for, you have no visibility inside the way that information is processed.
So, Adam’s third prediction for 2026 is that
we’re going to start seeing pushback from insurance companies globally where they’re essentially ruling out AI based attacks, AI based errors, even inside your organization where people are uploading and sharing sensitive data and then it ultimately gets leaked out like we’ve already seen happen.
Conclusion
Morten Kjaersgaard’s and Adam Pilton’s predictions point to a clear shift in cybersecurity for 2026.
Compliance will move from a checkbox to a core requirement, demanding continuous proof rather than one-off certifications. Businesses that invest early in security and compliance may turn this shift to their advantage.
As attacks become more automated and targeted, accountability will extend beyond IT and into the boardroom. At the same time, rising uncertainty around AI risks may trigger insurer pushbacks.
In 2026, cybersecurity will be less about tools and more about trust, accountability, and provable action.
