Cybersecurity 2025 Trends: 2026 Readiness for Business
Introduction
As the year draws to a close, it is imperative to pause and reflect on the security trends that have emerged this year. From outages and ransomware attacks to AI-driven scams, 2025 has been an eventful for security professionals and the executive team. It is reasonable to infer that because of this, 2026 will present even greater security challenges.
In this discussion, we will revisit some of these trends and delve into specific incidents that had a significant impact on return on investment (ROI). We will then analyze potential security trends for 2026. Additionally, we will provide valuable insights on how businesses can position themselves to effectively address these challenges and capitalize on investment opportunities. Finally, we will explore our company’s role going into next year.
2025 Trends
2025 was a notable year for major non-breach outages, with three high-impact incidents involving AWS and Cloudflare. While none of these disruptions stemmed from security breaches, they underscored the persistent risks in our technology supply chain and the critical importance of business continuity planning.
The first incident occurred on October 20th, when AWS experienced a widespread outage rooted in a DNS error in its US-East-1 region — widely described as a ‘technical glitch.’ This was followed by two separate Cloudflare outages: a large-scale disruption on November 18th caused by a mis-deployment of a Bot Management configuration file, and another outage on December 5th that lasted approximately 25 minutes and impacted around 28% of Cloudflare-served HTTP traffic. Together, these incidents affected hundreds of websites and services globally.
The prevalence of scams involving artificial intelligence has experienced a significant surge. Pig Butchering Scams are considered the most prevalent and financially detrimental types of these scams. In these scams, the perpetrators engage in a process of gradually building trust with the victim through flattery and manipulation. Subsequently, they introduce an investment scheme, typically involving cryptocurrency. Initially, a small investment yields seemingly lucrative returns, prompting the victim to make larger investments, sometimes amounting to substantial life savings or borrowed funds. The “butchering” phase occurs when the victim attempts to withdraw their money, only to be met with excuses such as demands for taxes or fees. The scammer then abruptly terminates all communication. When the victim exhausts their available funds or becomes suspicious of being scammed, they realize they have been deceived.
While scams for financial gain are one of the largest areas where generative AI is being utilized to streamline efforts, nation-states are also employing it as a means to advance their ideological agendas. Fifth-generation warfare encompasses non-kinetic military actions such as social engineering, misinformation campaigns, cyberattacks, and emerging technologies like artificial intelligence and fully autonomous systems. Ideologies and narratives possess the same potency as any physical force and are employed to alter the “Overtun Window” (a political theory that delineates the range of policies on an issue that the public deems acceptable).
Russia’s military-intelligence apparatus has long operated troll farms that generate memes. The Internet Research Agency (the “Kremlin troll farm”) and cyber brigades created memes during the Crimean War of 2014 and beyond. Taiwan openly embraces humor in its defense strategy. Digital Minister Audrey Tang announced the establishment of official “memetic engineering” teams to combat disinformation through wit. DARPA and military research have “investigated how to weaponize memes.” Deepfakes play a role in both scams and disinformation. They are AI-generated media used to manipulate, impersonate, or deceive individuals on social platforms and can be employed to gain trust, extract information, or manipulate public perception.
Throughout the year, ransomware has experienced significant developments. Botnets have assumed a more prominent role in malware distribution, as exemplified by the MicroTik botnet at the year’s outset. This botnet exploited SPF DNS configurations to circumvent email defenses. Additionally, ransomware groups have expanded in size and audaciously marketed their services as Ransomware as a Service (RaaS). This has also resulted in “turf wars” between these hacker groups, such as the conflict between RansomHub and DragonForce. The instability within the extortion ecosystem heightens the risk of cyberattacks and data theft double extortion.
Predictions for 2026
Based on these emerging trends, we can now anticipate the potential developments that may occur in 2026. Market research suggests that global annual cybersecurity expenditures will surpass $200 billion by 2028. This shift will coincide with a transition from mass enterprise attacks to more targeted scams and spear phishing attempts. Consequently, business leaders and their IT teams will be compelled to transition from reactive defense strategies to continuous incident response to ensure the longevity of their protection delivery and optimize their return on investment (ROI) for their security expenditures. In summary:
AI-enhanced attacks will persist in outpacing defenses.
Business continuity and supply chain resilience will become paramount in the future.
Ransomware groups will continue to vie for dominance, and the risk of double extortion will escalate.
Transition from reactive defense strategies to continuous incident response.
Preparing For 2026
The ability to be able to be able to recognize the trends and make predictions opens the door for us to begin looking at some of the ways we can prepare to take on these challenges. So how do we do this and what actions can we take that provide meaningful value?
Begin by identifying your security gaps. Security software detection systems are not comprehensive solutions to all security challenges. Vendor patches do not address the adaptability of attackers and primarily serve as deterrents, repelling less persistent attackers. However, the inability of these attackers to adapt to next-generation attacks does not render them insignificant. Therefore, it is crucial to comprehend the allocation of your security budget and its return on investment to effectively address these gaps.
Consequently, you gain knowledge of the lifespan of these protections, enabling you to conduct a more thorough evaluation of your security expenditures. Protection techniques eventually become obsolete, and it is undesirable to continue incurring costs for security remediations that are no longer effective. This is why indicator information sharing is valuable, as the tactics and procedures involved are inherently complex and numerous.
Our Company’s Role for Next Year
In anticipation of 2026, what can be anticipated from Sudo Truth? Our objective is to monitor emerging trends and predictions leading into the upcoming year. We intend to continue fostering a more informed community regarding these escalating threats and identifying optimal areas for security expenditure to effectively address these challenges. We will maintain a forward-thinking approach to artificial intelligence that harmonizes ethical considerations while delivering tangible benefits. This endeavor will extend beyond the executive and IT levels, encompassing the everyday consumer who must comprehend the increasing prevalence of scams that they or their family members may encounter.
If this was useful, share it with one person who needs a simple plan. Find us on Substack and subscribe to read articles on the latest tactics, techniques, scams, and security related news. Follow us on Bluesky for tips and more industry insights.