Sophisticated attacks and the incorporation of AI tools, talent shortages, and tight budgets are some of the challenges commonly cited when it comes to managing cybersecurity in organizations. In a changing environment, the key is no longer to stay one step ahead, but to maintain a resilient infrastructure that ensures a rapid response when — not if — a cyberattack occurs. In the coming months, many of the key issues from previous years will recur, but there will also be specific challenges: “2026 is shaping up to be a year in which attacks will be faster, cheaper, and more credible, as AI and automation now perform much of the work that previously required time and skill,” explains Marijus Briedis, CTO of NordVPN. Briedis also warns of what he calls “the growing monoculture of the internet,” in which the supply of cloud platforms, CDNs, and productivity tools is concentrated among a few players, and therefore compromising any of these systems or providers has a significant impact.
“The most important change, however, is trust,” says Briedis, referring to deepfakes, voice cloning, synthetic identities, and automated phishing chats, among others, which “will continue to erode trust … as criminals increasingly focus on authentication and cloud access, rather than just devices.” He also draws attention to the quantum risk to digital security, with criminal strategies such as “collect now, decrypt later” forcing cybersecurity departments to improve their privacy and information protection tools.
For Ángel Ortiz, director of cybersecurity at Cisco Spain, by 2026 “cybersecurity will evolve towards models based on speed, automation, and continuous identity verification.” He highlights the impact of generative and agentic AI in defining “an increasingly complex threat landscape,” based on “large-scale automated cyber operations. Identity has become the new security perimeter, as attackers no longer need to break in but simply log in with stolen credentials.” Cisco anticipates demand for “security architectures that prioritize business resilience, alignment with business objectives, and the integration of AI as a foundational element for cyber defenses.”
“The main threats are along these lines: automated attacks thanks to agentic AI, with massive personalized cyberattacks that will use intelligent tools to “identify specific vulnerabilities and develop unique malware for each organization.” The trend toward supply chain attacks will continue, Ortiz predicts, and deepfakes and cognitive attacks will boom, while ransomware attacks will be refined. “IoT infrastructure and edge devices will also proliferate as attack vectors.”
“Today, we no longer talk about cybersecurity as a purely technological field, but as an essential element for business continuity and, above all, for preserving the trust of our customers,” explains Hazel Díez Castaño, global CISO of the Santander group. In this sense, the challenge for 2026 is to keep adapting in a “dynamic and complex” context. “I like to talk about an anti-fragile approach, which goes beyond resilience: it’s not just about resisting and recovering from attacks, but about coming out stronger from them, continuously improving our capabilities. All this must be done without creating unnecessary friction for the customer, ensuring a secure, agile, and simple digital experience.”
For Roberto Lara, director of cybersecurity at Vodafone Empresas (Enterprises), “in 2026, cybersecurity will continue to evolve towards a more mature approach based on cyber resilience,” in which the focus shifts from preventing incidents to “ensuring operational continuity during an attack, reducing the impact and accelerating recovery. This vision consolidates cybersecurity as a strategic priority for senior management, due to its direct connection to business stability, corporate reputation, and regulatory compliance,” Lara notes.
As the main challenges, he points to AI as a vector of attack, which requires “strengthening detection and response capabilities through more proactive and agile defenses.” Lara adds data sovereignty is “a challenge that combines legal and operational factors in an increasingly complex global environment,” with the sovereign AI approach gaining weight. Like Ortiz, he maintains the importance of risk management in the supply chain. “Although regulation drives greater control over third parties, smaller suppliers remain a critical point due to their limitations in resources and maturity in cybersecurity.”
Álvaro Fernández, sales director at Sophos Iberia, envisions 2026 around three key points: the systematic abuse of digital identities, the accelerated adoption of AI by attackers and defenders, and the amplification of human error as an attack surface. “Cybersecurity will evolve from a reactive approach based on perimeter controls to adaptive security models focused on continuous visibility, behavior detection, and automated response with human oversight,” Fernández summarizes. Among the main challenges is addressing what he calls the “cybersecurity poverty line,” referring not only to budgets but also to the lack of strategic leadership and talent. Fernández also highlights the regulatory factor as an added pressure for companies.
Hazel Díez (Banco Santander), Roberto Lara (Vodafone), Marijus Briedis (NordVPN), Álvaro Fernández (Sophos), and Ángel Ortiz (Cisco).
Banco Santander, Vodafone, NordVPN, Sophos y Cisco. Montaje: Foundry
Key technologies to address 2026’s challenges
Against this backdrop, Cisco defines AI as “the fundamental technology that will set the cybersecurity agenda in 2026,” in the words of Ortiz, who refers to the company’s Integrated AI Security and Safety Framework as “one of the first holistic attempts to classify, integrate, and manage the full spectrum of AI risks.” He adds XDR platforms as “a key element, unifying data from endpoints, networks, cloud, email, and identities into a consolidated view,” and continuous context-based identity verification, which he believes “will become mandatory.”
The most important upcoming trends, according to Briedis, include: “Controls that reduce reliance on human trust signals: more robust authentication, better identity verification, and greater protection of credentials and sessions,” through which exposure to credential leaks can be reduced.
Díez Castaño adds AI and automation among the technologies that will set the agenda, as well as security models integrated from the design stage, which incorporate protection “from the outset in digital processes, products, and services, rather than adding it at the end.” Along with identity and access management, she trusts in “the ability to have a clear, real-time view of what is happening in the systems” to “ensure effective and balanced protection.” However, technology will continue to be a fundamental lever, but always in support of a well-defined strategy, she adds.
On the agenda for the coming months, Lara points to two priorities: “integrating actionable intelligence into defense and strengthening control over data,” which will promote an evolution “towards a more coordinated model, with interconnected SOCs capable of sharing information in real time and activating increasingly automated responses to incidents.” In addition, he foresees an increase in the adoption of secure communications, “with greater use of end-to-end encryption solutions, including reinforced mobile devices and environments for critical profiles,” as well as simulations and virtual environments for training teams, testing crisis scenarios, and improving decision-making.
Regarding her work for the coming months, Díez Castaño outlines a generic approach: “Our priority will continue to be to strengthen a global cybersecurity model that is fully aligned with the group’s strategy and has a very clear focus on the customer. This means continuing to evolve our prevention, detection, and response capabilities, as well as protecting the bank of the future, which is increasingly digital, interconnected, and cloud-based.” They will also continue their work on security awareness and culture, “both within the organization and towards society.”
“Cybersecurity is a collective challenge, and collaboration, both with other companies and with the public sector, is essential. Sharing information, learning together, and acting in a coordinated manner is the only way to tackle a problem that affects everyone and knows no borders,” she concludes.