CISO Report 2025

Cyber crisis looms: business leaders warn threats will test organisations’ resilience in 2026

Business leaders are bracing for a year of escalating cyber threats, as AI-driven attacks, ransomware and supply chain compromises push cyber risk to the top of the corporate agenda. 

Research published today [23rd October] by Talan, shows that nearly seven in ten executives (69%) expect the cyber threat landscape to become more complex in the next 12 months – with many concerned that 2026 will stretch their organisations’ resilience to its limits. 

The survey of 200 CISOs across the UK and Europe found that whilst 62% are very confident they’ll have the resources to tackle cyber and privacy threats, most acknowledge that the threat is both imminent and serious, especially against a background of financial and geopolitical instability.

 Topping the list of concerns for the C-Suite are AI-accelerated attacks and AI system abuse (69%), ransomware targeting critical infrastructure (62%), software supply chain compromises (55%), and attacks targeting user identities in cloud and SaaS platforms (55%). 

Whilst business leaders rated board-level understanding of cyber and privacy risks as excellent, there is concern about the broader workforce, with rising employee exposure to social engineering and the potential misuse of AI systems urgent challenges that could define the year ahead.

Mandeep Thandi, Director of Cyber and Privacy at Talan, said: 
 

“Cyber threats are now a top business risk – no longer ‘just’ a tech problem, but a leadership test. Executives now rank cyber alongside financial and geopolitical uncertainty as one of the biggest challenges facing organisations today. 
 

“With AI-driven attacks growing more sophisticated by the month, the next year will test just how resilient organisations really are. Those that combine strong governance with engaged employees and a responsible approach to AI will be best placed to adapt and thrive.”

Solutions and next steps 

Talan recommends strengthening board-level accountability, investing in AI governance, and keeping communication clear between security teams and leadership. With 64% of businesses already developing quantum-readiness plans, investment remains critical as businesses prepare for emerging technologies that could redefine security strategies over the coming decade. 

“While it’s encouraging to see businesses feeling well-prepared, they are only ever as strong as their weakest link,” added Mandeep. 
 

“Recent cyber incidents demonstrate that even mature organisations remain vulnerable. These are not isolated cases – such attacks are becoming increasingly common across sectors. 
 

“Gaps in knowledge, and even discontented individuals, continue to leave entry points open for attackers. 
 

“To stay secure, organisations should make security awareness part of everyday practice, strengthen supplier oversight, and ensure rapid response protocols are tested and understood at every level.”