Download this article in PDF format.
As cyberattacks increase frequency and sophistication, organizations are rethinking how they safeguard their data. But it seems like every time a new patch, solution or fix is introduced, there’s a bad actor standing by, ready to exploit the next vulnerability. The associated risks don’t seem to be easing up and are in fact putting even more pressure on IT teams to stay ahead of the next threat curve.
According to DeepStrike, the FBI received more than 859,000+ cybercrime complaints in 2024, up 33% from the prior year. This means that a cyber incident occurs roughly every 39 sec. on average. It also says that:
- Globally, organizations face dozens of thousands of attacks per day and breaches in 2024 were up 75% year over year.
- Phishing is now the leading initial attack vector, accounting for 16% of breaches. Close behind is third party/supply chain compromise at 15%, double the prior year’s rate, followed by using stolen or compromised credentials at 10%.
- Ransomware was involved in 44% of breaches in 2025, up from 32% in 2024. The median ransom demand was about $115,000, yet 64% of victim organizations refused to pay attackers, a growing trend of resistance.
- Even without payment, DeepStrike says ransomware incidents still cost organizations an average of $5.08 million in disruption and recovery.
These numbers are sobering and underscore a bigger point: The threat landscape isn’t slowing, which means organizations need security strategies that can adapt and react just as quickly.
3 Threats to Watch in 2026
In its recently-released Cybersecurity Forecast 2026, Google Cloud Security says 2026 will usher in a new era of artificial intelligence (AI) and security for both adversaries and defenders. While threat actors will leverage AI to escalate the speed, scope and effectiveness of attacks, it says, defenders will harness AI agents to supercharge security operations and enhance analyst capabilities.
Google says financially motivated operations like ransomware and data theft extortion will remain a dominant and disruptive force in 2026. It also expects an escalation in geopolitical, nation-state activity from Russia, China, Iran and North Korea. These sources will “continue to pose significant and evolving threats,” it says, driven by distinct strategic interests and employing diverse cyber tactics.
To navigate this complex and rapidly evolving environment, Google says organizations must prioritize proactive, multi-layered defense strategies; invest in AI governance; and “continuously adapt their security postures to safeguard against emerging threats and ensure operational resilience.” Here are three threats that Google says will keep organizations and governments on their toes in 2026:
1) The bad actors go all-in on AI. In 2026 and beyond, threat actor use of AI is expected to transition decisively from the exception to the norm, noticeably transforming the cyber threat landscape. “We anticipate that actors will fully leverage AI to enhance the speed, scope, and effectiveness of operations, building upon the robust evidence and novel use cases observed in 2025,” Google says. This includes social engineering, information operations and malware development. The company also expects threat actors to increasingly adopt agentic systems to streamline and scale attacks by automating steps across the attack lifecycle.
2) AI-enabled social engineering escalates. Google also anticipates sophisticated threat actors like ShinyHunters (UNC6240) to use more highly manipulative AI-enabled social engineering in 2026. It says the key to their success in 2025 was avoiding technical exploits and instead focusing on human weaknesses, particularly through voice phishing (vishing). Vishing is poised to incorporate AI-driven voice cloning to create hyper-realistic impersonations, says Google, notably of executives or IT staff. “Given the huge success of these social engineering campaigns and the difficulty in apprehending the actors at a deterrent scale, the risk-reward ratio will continue to favor the attackers,” Google says. “Consequently, we expect an increased volume of these attacks in 2026. Defenders must urgently implement processes with multiple checks and balances to defend against these tactics.”
3) More ransomware and data theft extortion to come. In 2026, the combination of ransomware, data theft and multifaceted extortion will remain the most financially disruptive category of cybercrime globally, according to Google. This is due to both the sustained quantity of incidents and the “cascading economic fallout that consistently impacts suppliers, customers and communities beyond the initial victim.” For context, Google points to the 2025 breaches targeting critical points in retail and food wholesale supply chains. These attacks resulted in hundreds of millions of dollars in total damages and significantly disrupted consumer supply. “The sheer volume of this activity continues to escalate,” it adds.
