What’s coming next – and how to prepare now
As FullProxy marks 10 years on the cyber front line, one thing is clear: the pace, professionalism and impact of cyber attacks have accelerated dramatically, and 2026 will be another step-change year.
We asked directors Ewan Ferguson and Chris Templeton to look into their crystal balls and suggest what challenges might be facing the cyber security community in 2026. Here are their predictions based on what we’re seeing across enterprise, public sector and critical infrastructure environments – and what cyber professionals can and should be doing now to stay ahead of them.
1. Chris: An LLM will be breached – triggering a reckoning for AI data security
“Someone will breach a major AI large language model, which will create a major inflection point around data security in AI tools.”
Why this matters
The world is rapidly embedding AI into business processes, from customer support and developer tooling to SOC augmentation. Many people and organisations are doing so without fully understanding how data is stored, trained, shared or retained.
A high-profile breach of a commercial or enterprise LLM will expose:
- Poor data segregation between tenants
- Weak API security and identity controls
- Over-privileged integrations
- Inadequate encryption and key management
This is fundamentally about encrypted traffic visibility, strong identity controls, and disciplined certificate/key management – areas many organisations underestimate in “fast-moving” AI projects.
What cyber leaders should do now:
- Treat AI platforms like all critical applications: subject them to the same security architecture reviews, threat modelling and access controls.
- Inventory AI data flows: understand what data is sent to AI tools, where it’s processed, and how it’s protected.
- Encrypt aggressively and consistently: particularly API traffic, training data and prompts containing sensitive information.
- Apply zero trust principles to AI access: identity-based access, least privilege, continuous verification.
2. Ewan: The rate and impact of breaches will continue to rise sharply
“There will be a step-change in the rate of hacks. Breaches will become more prominent and more disruptive, as we saw throughout 2025.”
Why this matters
The combination of:
- Expanded attack surfaces
- Cloud and hybrid complexity
- Skills shortages
- Faster attacker tooling
…means organisations are exposed for longer, and recover more slowly. Automation and visibility are now survival requirements, not “nice to haves”.
What cyber leaders should do now:
- Automate wherever possible: manual security operations don’t scale against automated attackers.
- Prioritise resilience over perfection: fast detection, response and recovery matter more than trying to block everything.
- Improve certificate and crypto hygiene: expired or misconfigured certificates increasingly cause outages that attackers exploit.
- Consolidate tooling where feasible: fewer platforms, better integration, clearer ownership.
3. Ewan: Certificate expiries will cause a major outage
“Reduced certificate lifespans will hit hard. I expect a major website to go down in 2026.”
Why this matters
Shorter TLS certificate lifetimes (now measured in weeks, not years) dramatically increase operational risk. Many organisations still:
- Track certificates manually
- Lack full visibility of what’s deployed
- Rely on individuals rather than automation
The result? Expired certs, broken transactions, customer-visible outages. This is one of the most solvable risks organisations face – and one of the most damaging if ignored.
What cyber leaders should do now:
- Create a complete certificate inventory – including cloud, on-prem, APIs and third-party services.
- Automate certificate issuance, renewal and revocation.
- Centralise visibility and policy control.
- Test failure scenarios: know what breaks when a cert expires.
“Reduced certificate lifespans will hit hard. I expect a major website to go down in 2026.”
4. Chris: Hacking will continue to professionalise – fewer attacks, far bigger impact
“Hacking will continue to become more professional, targeting larger organisations with serious financial objectives.”
Why this matters
Cyber crime is no longer opportunistic. We’re seeing:
- Well-funded groups operating like consultancies
- Long dwell times and careful reconnaissance
- Coordinated attacks across applications, identity and infrastructure
- Increasing focus on maximum disruption, not just data theft
This raises the stakes: one successful breach can halt operations, damage brand trust, and trigger regulatory and insurance consequences.
Professional attackers exploit complexity and blind spots. Simplifying control planes and improving encrypted traffic insight dramatically reduces impact.
What cyber leaders should do now:
- Assume breach and design for containment: segment networks, applications and identities so compromise doesn’t equal catastrophe.
- Gain visibility into encrypted traffic: attackers increasingly hide inside TLS-encrypted flows.
- Harden internet-facing services first: WAFs, application delivery, certificate hygiene, and API security.
- Continuously test resilience: tabletop exercises, red teaming, and recovery drills.
5. Chris: AI-driven fraud will become frighteningly personal
“AI will be used to fine-tune and personalise fraud – particularly spear phishing.”
Why this matters
Generative AI allows attackers to:
- Mimic writing styles of senior leaders
- Reference real projects, suppliers or colleagues
- Generate believable voice or video content
- Launch campaigns at scale with minimal effort
Traditional “spot the spelling mistake” training is no longer enough.
Fraud prevention is now deeply linked to identity assurance, certificate trust, and secure application delivery – not just user awareness.
What cyber leaders should do now:
- Strengthen identity and email controls: DMARC, DKIM, SPF, MFA everywhere.
- Reduce reliance on email trust alone: out-of-band verification for payments and sensitive requests.
- Educate staff on behavioural red flags, not just technical ones.
- Monitor certificate misuse and impersonation risks: fake domains and certificates increasingly underpin fraud campaigns.
6. Ewan: Cyber insurance will become unavoidable – and far more expensive
“Government bailouts will prove unsustainable. Cyber insurance will become more critical – and more costly.”
Why this matters
Insurers are tightening cyber cover requirements rapidly. In 2026, expect:
- Higher premiums
- More exclusions
- Tougher security controls as prerequisites
- Evidence-based underwriting, not tick-box questionnaires
Organisations that can’t prove their cyber maturity will either pay heavily or struggle to get cover at all.
Strong certificate lifecycle management and encrypted traffic control increasingly show up as insurance differentiators, not just technical hygiene.
What cyber leaders should do now:
- Document your security posture: architecture, controls, incident response and recovery plans.
- Demonstrate control over encryption and certificates: insurers increasingly ask about outage risks and crypto hygiene.
- Reduce systemic risk: single points of failure, unmanaged certificates, legacy crypto.
- Align security investment with insurability, not just compliance.
“AI will be used to fine-tune and personalise fraud – particularly spear phishing.”
Final thought: 2026 will reward the prepared
The organisations that thrive in 2026 won’t be those chasing every new threat headline – but those that have:
- Clear visibility
- Strong automation
- Control over encryption and identity
- Architectures designed for change, not stability
At FullProxy, our experience over the last decade shows that the fundamentals done well consistently outperform reactive security spending. No-one wants the next high profile breach to be in their network. Invest in the best solutions and advice you can afford now; the ROI will prove itself not just in time and effort, but in keeping you proactively ahead of the challenges 2026 will undoubtedly bring.
