Thales | Security for What Matters Most
More About This Author >
Thales | Security for What Matters Most
More About This Author >
Even as threats become more sophisticated, 2026 presents an opportunity to return to the fundamentals that strengthen and make security more resilient. The organizations that succeed will double down on clear visibility, consistent controls, and disciplined execution, proving that mastering the basics is still the most powerful strategy.
Whether AI-driven attacks, malicious bots, or post-quantum risks, evolving threats still rely on basic security gaps as their easiest entry points. Even the most advanced defenses can’t compensate for overlooked fundamentals. If organizations don’t close these simple gaps, sophisticated threats will continue to exploit them repeatedly. And with attacker capabilities accelerating, that’s a risk no one can afford to take.
Organizations can turn the basics into a powerful force multiplier by approaching them in new, more effective ways. “In 2026, efficiency will become the defining metric of cyber resilience,” states Romain Deslorieux, Associate Vice President, Channel Sales, Global System Integrators. Over the next twelve months, efficiency will depend on how we utilize AI, compliance, and newly informed strategic initiatives to our advantage.
This second and final part of the predictions series offers expert perspectives to guide strategic planning as enterprise security enters a new phase in 2026.
The AI Gold Rush Exposes Old Cracks
“By 2026, security leaders will launch a new wave of initiatives to secure the AI ecosystem, but many will lose focus on the fundamentals. In their fixation on AI-driven threats, organizations will overlook the basic cybersecurity hygiene that still underpins every defense strategy.” - Haider Iqbal, IAM Director
AI use is transforming industries as companies rush to adopt new and time-saving technology. Fueled by both significant potential gains and a fear of being left behind, organizations are rushing to implement and automate while struggling to secure, regulate, and govern. Cybercriminals are targeting areas that security teams overlook, zeroing in on gaps that often go unnoticed.
Neglecting routine patching, failing to identify misconfigurations, and overlooking application security and identity management all fall into this category. The issue at stake, according to Marco Venuti, IAM Enablement & Acceleration Director, is that “Security teams are spending more time managing integrations than managing risk.”
Together, these “basic threats” account for many of the initial access points that attackers use to pivot to other locations, using AI or other means. According to a recent study by the Ponemon Institute, identity-related threats accounted for more than three-quarters of all breaches.
As Iqbal states, “The foundation for a secure AI future isn’t just smarter tools, it’s getting the basics right, consistently.” And to do that, Venuti underscores that “it will require a fundamental change in how security is delivered: moving from manual integration to automated orchestration.”
Cyber Hygiene Failures Become the Biggest Risk Driver
“The hype surrounding AI and quantum is driving billions in new spending, but the most severe breaches in 2025 so far were caused by a failure in fundamentals. As we look forward to 2026, we must recognize that addressing new threats requires expanding, not forgetting, the fundamentals of Zero Trust and Operational Resilience.” - Andy Zollo, SVP Application & Data Security
Simple issues such as weak credentials, misconfigurations, and the continued use of legacy software are to blame. The 2025 Thales Data Threat Report highlights this trend, noting how organizations are increasing risk by allowing AI possibilities to divert their focus from more mundane – but equally important – security tasks.
Continuity of critical business functions isn’t an afterthought. Today, 60% of business leaders view cyber risk as a top strategic priority. This means that Boards will increasingly tie cyber risk to financial metrics to quantify both.
Zollo estimates that “Boards will quantify and govern cyber risk, transforming security from a technology cost into a fundamental business duty. In 2026, CISOs’ primary function will shift from managing technical defenses to quantifying financial risk. Boards will demand Cyber Risk Quantification (CRQ) to measure the potential dollar impact of security gaps.”
Foundational security programs, like Zero Trust and data discovery must be adequately funded and monitored, as executives are now held personally accountable for maintaining basic cyber hygiene.
Zero Trust and Identity Challenges Return to the Spotlight
“In 2026, organizations will prioritize resilience over total prevention, accepting that vendors will fail. CISOs will enforce the Zero Trust principle of least-privilege vendor access and aggressively implement multi-region/multi-cloud redundancy for critical data stores.” - Daniel Toh, Chief Solutions Architect, APJ
The risk of failure in cloud architecture is paramount. When incidents occur, they are rarely complex zero-days; instead, they are caused by internal, foundational failures. According to recent industry analysis, 44% of all security incidents in the cloud can be attributed to identity-related weaknesses, including excessive permissions or misconfigurations.
“In 2026, the conversation around identity will move beyond who you are to what you’re allowed to do,” adds Marco Venuti. “Organizations that can prove not just identity, but intent, will earn greater trust from customers and regulators alike. Expect to see authorization and data protection fuse into a single trust layer.”
2026 will be the year of a reality check with an eye towards Zero-Trust, and as Venuti pointed out, organizations looking to mature their Zero-Trust policies will require an authorization discipline, not only authentication.
Teams will design for failure by avoiding set-it-and-forget-it approaches in favor of continuous testing. At the heart of this is tuning controlled access (via IAM policies) to limit downtime, “[minimize] the business impact of unavoidable third-party failures... and [ensure] continuity of critical business functions.”
Data-Centric Security Becomes Autonomous
“CISOs will be streamlining cybersecurity operations to free up resources for higher-value defense. AI-based, context-aware risk intelligence filters out noise, improving threat detection. Automation reduces detection and response workflows to mere seconds. This evolution transforms cybersecurity from a cost center into a competitive advantage built on trust and innovation.”
- Romain Deslorieux.
As Boards continue to prioritize minimizing risk as a financial imperative, increased scrutiny will be placed on efficiency practices, especially where data-centric security is concerned. Advancing adversarial AI tactics have current data security on the run, forcing a change: automate, or be overrun.
The idea is to move forward with more centralized, lightweight tools that rely on automation, rather than human involvement, to address threats at scale. Ultimately, data-centric security will evolve into centrally managed layers of defense, refining how enterprises view their security strategies.
MSSPs and Partner Ecosystems Evolve
“In 2026, Managed Security Service Providers (MSSPs) will lead partner revenue growth. Partners that build legal, pricing, and operational frameworks for managed services will unlock recurring income and long-term customer retention.” - Charles Lim, Vice President, Channel, APJ
MSSPs are predicted to be the secret weapon of security vendors going forward, serving as the “trusted bridge between vendors and customers” that connects sellers to recurring revenue streams and fosters client loyalty.
Lim notes that Managed Services will mark a definitive shift from products to outcomes, and that as they do, vendors will use them as a key competitive advantage. As “enterprises are shifting from buying technology to buying services,” highly trusted MSSPs can be the conduit that delivers 24/7 protection and operational stability and turns vendor products into valuable “services” enterprises want to buy.
Insider Threats Shift in Nature Due to Democratized AI
“What was once the domain of highly skilled threat actors is becoming increasingly democratized. As a result, organizations should no longer expect predictable spikes in malicious activity. Instead, they face a persistent, all-year-round threat environment driven by AI-enabled opportunism.” - Chris Harris, Associate VP, Sales Engineering
Just as MSSPs act as the bridge between vendors and clients, AI has become an unwelcome bridge between attackers and their victims. AI lowers the barrier for attackers by streamlining their intent into actionable, effective attacks, regardless of skill level. “Script kiddies” can now launch sophisticated AI-generated attacks with ease.
As AI lowers the bar for entry, insider attacks become a higher risk than ever before. Threat actors are continually seeking more creative ways to enter the network, and as technical defenses become stronger, recruiting disgruntled employees – especially those who could be easily taught to launch high-level AI-based attacks – becomes increasingly attractive.
As a result, validating the identity of every employee, particularly remote staff, becomes more critical than ever.
The Future Is Advanced, but the Advantage Still Lies in the Basics
While the AI gold rush and quantum computing loom large, fundamental practices, like identity verification, cyber hygiene, and ongoing testing form the foundation on which more sophisticated tools should run.
A quantum computer can crack a secure password just as fast as a hacker can leverage a stolen one. AI uses its force-multiplying powers to find basic flaws like unpatched vulnerabilities just as often as it creates polymorphic malware (and probably more).
Organizations looking to reassess their security strategies in 2026 should leverage advanced capabilities - but do so like attackers: by focusing on the simple things first.