Black Arrow Cyber: 5 Cyber Predictions for Business Leaders in 2026, and What You Need to Do
Throughout the year in our weekly Cyber Threat Intelligence Briefing, we bring you insights into the evolving cyber risks that your business faces and importantly, what you can do about them. As a business leader, you are not expected to be a cyber expert; you just need a sound grasp of the fundamentals, and an objective assessment of your risks and controls from an impartial expert so you can appropriately challenge your control providers. Proportionality and impartiality are key, and so too is keeping up to date with how the ground is shifting.
Here are five of our focus areas for this year, to help keep your business running in a more secure environment. Other risks such as ransomware and business email compromise remain high on the list too. We discuss these and many others in our weekly threat intelligence email; subscribe today and contact us for impartial expertise on how to address your risks through proportionate security.
1. Tailored Attacks Using Agentic AI
Agentic AI tools can autonomously design and execute attacks, leveraging resources they identify. We already saw examples in 2025, and this will ramp up in 2026. The result is faster and more potent attacks, tailored to the victim.
What to do: review your controls including vulnerability management, access management, and monitoring and detection. And keep your finger on the pulse through good governance; this includes discussing reports and knowing how to challenge what you see, and keeping abreast of evolving risks through threat intelligence.
2. Deepfake and Voice AI Become Commonplace
What was considered sophisticated deepfake in 2025 will be commonplace in 2026. Technology has advanced and is more widely used since the infamous $25m deepfake payment fraud in Hong Kong. AI deepfake video and voice will be used increasingly in social engineering attacks for fraudulent payment callbacks, malicious employee recruitment, and other attacks.
What to do: assess your security across your people, operations and technology, because that is what the attacker is doing. Review your controls and processes, including the use of purchase orders and outbound callback checks. Train your people on why the controls exist, how to stick to them, and how to raise a flag if something is unusual such as someone scheduling a work call via WhatsApp.
3. Break In Through the Supply Chain
When attackers compromise a service provider, such as an MSP or payroll provider, they can access the systems and data of all its customers, including yours. Remember also, it’s about your supply chain, not just your suppliers. For example, consider how readily you click on a SharePoint link in a client email, and whether that email could be sent by an attacker lurking in your client’s systems.
What to do: Check how your third parties identify and mitigate the risk of attacker access. Do this by asking targeted questions, and evaluating the responses including with support from impartial experts. From this, assess what controls you need to have to manage any resulting risks to you.
4. Regulatory Consequences
Regulators are taking a harder line on penalties after a cyber or data breach. Looking at the published reports by authorities in different countries, they appear increasingly frustrated when breaches harm the public due to organisations failing to implement proportionate security measures. Regulations are tightening, from the EU’s DORA in 2025 to new laws anticipated in countries such as the UK.
What to do: implement proportionate and credible governance over your cyber security; the UK’s Cyber Governance Code of Practice is a good starting point, and note its repeated use of “Gain assurance that…”. This means avoiding ‘compliance theatre’, instead recognising that the true objective is to defend yourself against the attacker, not just the regulator.
5. Resilience and Security
We see a greater focus on cyber resilience, building on and going beyond the foundations of cyber security. Good security can reduce the frequency and impact of a cyber incident, while cyber resilience requires business leaders to acknowledge evolving attacker tactics and ask ‘Yes, we have some good security, but what do we do if someone still gets through?’. In late 2025 for example, the UK Government wrote to business leaders urging them to prepare for managing a cyber incident.
What to do: get your leadership team together in a workshop, assume an attacker has breached your security, and work through your responses across people, operations and technology. The conversation needs to be run by a skilled cyber specialist who is not a control provider, to freely explore the possibilities. Consider also the paper-and-pen operational processes you will use during an incident, and challenge every assumption by creating an open and collaborative workshop environment.
Subscribe to our weekly Cyber Threat Intelligence Briefing via our website www.blackarrowcyber.com, and contact us to hear how we are supporting clients in various countries and sectors to manage their cyber security risks in a proportionate way.