This past year can be summed up in one word: cyberattacks. From industry giants such as M&S and JLR to national aerospace institutions, no one has been safe – and unless something changes, no one will be.

As we look to the new year, it is time for businesses to reevaluate their security strategies and focus on building strong, robust cyber defences. One thing is for certain, more attacks will come. The only questions that remain are what form will these take, and will businesses be ready?

Lessons from the past year

2025 has seen huge leaps forward in technological advancements. However, with these new capabilities, businesses must ensure their strategies are equipped to deal with the plethora of new issues that will arise. For Martin Gittins, Area Vice President for North Europe at Commvault, “traditional approaches to resilience are no longer enough in the age of AI. With data being generated at unprecedented rates and agents making decisions with little human oversight, security, identity and recovery – too often treated as separate issues and split between teams – must be brought together. This approach creates a new category called resilience operations (ResOps), which will define 2026 as a new discipline that rearchitects resilience for the modern enterprise, managing it across increasingly complex and emerging AI environments.”

Business resilience is a key factor for Mark Wilson, Technology & Innovation Director at Node4, also. He foresees 2026 as “the year UK boards finally recognise cyber as a necessity for operational resilience. The NCSC’s 2025 Annual Review reported an average of four nationally significant incidents every week, alongside a sharp rise in high-impact attacks – and we’ve seen this play out first-hand, with some of the UK’s biggest brands suffering weeks of disruption.”

AI – the great disruptor

Artificial Intelligence has dominated the headlines over the last 12 months. For many, the technology serves as a way to optimise their daily grind, providing support across a wide variety of tasks. Unfortunately, this is also true for cyber criminals, with many exploiting the technology to bolster their attacking power and target more businesses than previously possible. To defend against this unrelenting wave of attacks, businesses must rethink their security strategies. However, Node4’s Wilson explains that “despite this, most organisations remain worryingly reactive. In 2026, that posture simply won’t keep pace. The NCSC’s Impact of AI on the Cyber Threat assessment highlights how AI is shrinking the time from vulnerability disclosure to exploitation, making proactive strategies, such as continuous patching, attack-path modelling and real-time exposure management, essential. Yet, AI is also transforming defence. When applied responsibly, AI can spot anomalies at scale, predict likely attack paths and automate early containment, giving defenders the same speed advantage that bad actors are now exploiting.”

Laurie Mercer, Senior Director of Solutions Engineering at HackerOne, highlights the positive impact AI will have on cyber defences, stating that “by 2026, over 100 autonomous hackbots will surge across the digital frontier, discovering what once lay beyond human reach. Hackbots now combine AI efficiency with human expertise, ensuring that legitimate vulnerabilities aren’t lost in the noise while maintaining the nuanced judgment that security decisions require. Leaders in the space embrace AI for scale and speed, but always within a framework that values transparency, responsibility, and human expertise.

“Sixty-six percent of security researchers already see these machines as allies, amplifying creativity and productivity,” he continues. “It is becoming increasingly clear that the future isn’t AI versus humans – it’s AI plus humans, and organisations will see the rapid rise of bionic hackers across all organisations. That means automation for coverage, but people for creativity.”

Advice for 2026

As we move into the new year, businesses will have to transform and reignite their security strategies in order to avoid a repeat of 2025. Tom Stockmeyer, Managing Director Government and Critical Infrastructure at Cyware, believes that “in 2026, collective defence strategies will shift from traditional information sharing to fully automated, AI-enabled collaboration. Building on the progress of ISACs and the anticipated rollout of CISA’s Threat Intel Exchange Services (TIES), government agencies, particularly at the federal level, will increasingly adopt tools that allow for immediate, AI-driven action against threats.

“This shift will be driven by the necessity of defending against a growing speed and sophistication of AI-powered attacks, with a focus on raising the bar for both the speed and consistency of defensive actions. By integrating AI into both analysis and daily operations, defenders will finally be able to turn shared intelligence into immediate action.”

Wilson stresses that when it comes to building a resilient cybersecurity strategy, “tools are only half the defence. The real differentiator over the next twelve months will be the people and processes wrapped around them. Effective cyber resilience depends on clear ownership, well-rehearsed incident response and recovery plans, and governance structures that can make rapid, risk-informed decisions. Without disciplined processes and a workforce empowered to act, even the most advanced platforms only deliver partial protection. In 2026, the organisations that excel will be those that pair technical capability with operational maturity.”

Rather than worry about the rain of impending attacks to come, Commvault’s Gittins encourages businesses that “it is important to recognise that, as cyberattacks are now inevitable, there must be equal focus on the recovery process and making it as clean and complete as possible. Research shows that 94% of ransomware attacks attempt to compromise backup storage, meaning that businesses are at risk of restoring affected backups, re-injecting malware into their environment, and simply prolonging the disruption. There needs to be a greater focus in the next 12 months on deploying tactics that both prevent backups being compromised and prevent organisations accidentally restoring them if they have. AI has a vital role to play in this, enabling IT teams to quickly identify and analyse suspicious files, and even automatically detect threats in backups during the recovery process and remove them without damaging the ‘good’ data.”

Any backup is key in the face of a cyberattack, but for Andrew Dodd, HPE Storage Worldwide Marketing Communications Manager at the LTO Program, it is physical backups that have the edge. He argues that “companies are realising they can’t do ransomware with a point product. There is no magic wand or silver bullet to deploy against a threat that can come from anywhere. IT teams and their organisations will need a deep defence, including building layers of security and using different protocols, processes, platforms and tech, and this means relying on tape.”

Gittins concludes, “as technology advances enable us to make smarter decisions about our data, let 2026 be the year that we fight back against the cybercriminals – and win.”