In December, Forbes published 10 Cybersecurity Predictions That Will Define 2026, stating that the “cybersecurity landscape is entering its most transformative period in decades” and that “2026 will be defined not by new categories of threats but by the scale, intelligence and automation behind the threats already in motion.” Here is a summary of Forbes’ 10 cybersecurity predictions that will shape 2026.
Even with all its positive aspects, as AI technology grows and transforms, it also becomes a more useful tool for cyberattackers. For example, AI can help cybercriminals craft realistic phishing emails, cloned voice messages, and deepfake videos. Forbes further suggests that with AI, social engineering (the manipulation of individuals to gain sensitive information) will be “indistinguishable from legitimate communication.”
Accordingly, in 2026, AI will push cyberattacks further, letting cybercriminals better “automate reconnaissance, develop exploit chains, craft convincing phishing at scale and impersonate executives with near-perfect voice and video.” Effectively, traditional cybersecurity won’t cut it anymore. In fact, AI-detection methods will more than likely be the best counter to AI-created cyberattacks.
See more: AI is changing how health data breaches and attacks unfold
Numerous cyberattacking tools will go hand-in-hand with AI, including ransomware. Ransomware is malicious software that encrypts files and restricts access until a ransom is paid. Forbes states that ransomware attackers are turning to AI to scan systems and launch attacks with “minimal human intervention.”
Such cyber extortion is lucrative for cybercriminals, and IBM’s 2025 report says that average data breach costs due to ransomware have reached $7.42 million per incident. Another study adds that in 2025, ransomware exposed over 375 million health records since 2010. Both the costs and number impacted are supposed to increase this year. Organizations with weak cybersecurity will see the consequences first, including hospitals.
CMMC is an assessment framework and assessor certification program of the U.S. Department of Defense (DoD) and is based on the National Institute of Standards and Technology’s (NIST) SP 800-171 (see below). It ensures that contractors protect sensitive information by setting mandatory cybersecurity standards. For DoD contracts above a certain threshold, CMMC becomes a requirement for working with and/or for the government.
Other government agencies, including at the state level and worldwide, will “begin to adopt similar assurance models.” Even more so, “compliance will shift from policy documentation to proof of real security performance.”
NIST is a nonregulatory agency of the U.S. Department of Commerce. It promotes American innovation and industrial competitiveness by developing technology, metrics, and standards. Moreover, its compliance standards and guidelines, called frameworks, help federal agencies (and others) meet requirements for protecting data and information systems.
NIST SP 800-171 is a framework that provides security requirements for protected controlled unclassified information (CUI) within nonfederal systems that handle government data. The framework will replace ISO 27001, an international standard, and other frameworks. CMMC levels 1 to 3 align with NIST SP 800-171.
Forbes asserts that “NIST is on track to become the common language of cybersecurity in the United States, unifying expectations across industries and eliminating confusion that comes from juggling multiple frameworks with overlapping intent.”
From Paubox: What is NIST SP 800-171 and CMMC?
Data encryption will go through a dramatic change. Encryption is a computing process that converts a text into a coded format, known as ciphertext, which can only be deciphered by someone with the correct decryption or cryptographic key. It can ensure data confidentiality, authenticate the origin of data, verify its integrity, and prevent senders from denying that they sent an encrypted message.
In 2026, encryption “will extend deeper into systems, covering logs, machine identities, database fields, memory and all backup repositories.” At the same time, cybercriminals will use AI to accelerate encryption key thefts, also establishing that poor key management will be impactful.
The Identity Theft Resources Center (ITRC) reported that nearly 202 million individuals were affected by identity theft in the first three quarters of 2025; 83% of these incidents were due to cyberattacks. Identity theft occurs when personally identifiable information (PII) is stolen and used to commit fraud, gain financial benefits, and perpetrate other crimes. In 2026, “identity compromise will remain the dominant cause of breaches.”
Forbes further adds that “attackers will increasingly rely on session token replay, executive impersonation, machine identity theft and abuse of service accounts” to perform identity theft. Consequently, organizations that do not have a clear plan to combat this will face repeated breaches.
Learn about: What is identity access management?
Cybersecurity tool sprawl is when organizations continuously add new cyber tools without assessing how they fit into and help their security infrastructure. Organizational leaders nowadays appear to find these sprawls costly “without improving security performances.” PwC’s 2025 Global Digital Trust Insights survey found that 52% of the chief information security officers they surveyed plan to reduce security tool sprawl because of how it creates blind spots and extra overhead costs.
As such, organizations will try to reduce the sprawl in 2026 by consolidating their cybersecurity program “into unified platforms that combine detection, response, logging, identity insights and automated evidence generation” that rely on AI support. Those companies that “simplify their stack will see immediate benefits in visibility, response speed and operating cost.”
Supply chain cyberattacks will continue to plague organizations. A supply chain attack occurs when a hacker exploits a third-party company’s vulnerabilities to get to other companies. Compromising third parties give attackers access to a larger network.
To counter this, Forbes maintains that “organizations will need continuous visibility into supplier controls, not static documentation.” Organizations will need to pay more attention to the companies they work with. Furthermore, “The expectation that companies are responsible for the security posture of their supply chain will become widespread.” An organization that uses a vendor’s service must be concerned about that organization’s cyber defense structure as much as its own.
A lesson: What healthcare organizations can learn from the SolarWinds attack
Encrypted traffic inspection (SSL/TLS inspection or HTTPS interception) is a security process that decrypts, analyzes, and then re-encrypts traffic. The idea is that organizations want more visibility into encrypted traffic because cybercriminals use blind spots within these systems to increase their exploits. Simultaneously, however, regulators want stronger privacy guarantees that protect encrypted traffic.
Forbes suggests that these “competing demands will collide throughout 2026, bringing encrypted traffic inspection to the center of legal, technical and policy debates.” Agencies will need to explore how to find a balance between transparency (i.e., traffic inspection) and privacy.
Forbes’ final prediction (see also Deloitte’s 2025 board survey) suggests that boards will shift their focus from cybersecurity (meaning defense and offense) to cyber resilience. Findings from a recent Paubox report reveal that 73% of healthcare IT leaders anticipate increased security challenges in the coming year, which is why resilience can mean security. Organizations will need to look at such factors as “how quickly systems can be recovered, how well networks are segmented, whether backups are immutable and how prepared teams are to respond to a real attack.” The idea is to focus on outcomes rather than cybersecurity tools or cyber-related policies, fixing “cybersecurity as a core determinant of operational stability and leadership credibility.”
According to Forbes, its top 10 predictions show an obvious pattern: “Cybersecurity is moving from reactive defense to continuous readiness.” Additionally, an understanding of how to use new technologies can keep organizations secure. Cyber-preparedness refers to proactive measures, strategies, and practices that people implement to protect themselves from cyber threats and minimize the impact of potential breaches. Organizations that don’t switch their thinking when it comes to cybersecurity may be left behind.
Health-related cybersecurity needs for 2026: