Organizations must confront the trust crisis
Differentiating reliable information from misinformation is a huge challenge today. With the rise of AI-generated content, personas, and threats, organizations can no longer implicitly rely on outdated security infrastructures.
A zero trust approach helps IT teams create trust among authorized entities. However, as that trust diminishes under the influence of AI, organizations will need to move away from predictable security models. Zero trust is expected to evolve into asymmetric trust by 2026. This strategy, which revolves around the use of decoys and deception technologies, will create 'negative trust' for fake assets among attackers, keeping real assets safe.
AI changes security risks
The rise of agentic AI presents numerous opportunities but also introduces many new vulnerabilities. The complexity of these AI-driven connections means that mistakes or oversights can have far-reaching consequences. Even small errors can have a significant impact. One of the biggest risks for nearly all organizations is 'shadow AI' - the unauthorized or uncontrolled use of AI tools by employees. This unofficial use can lead to data breaches, policy violations, or the circumvention of security protocols.
As AI tools become increasingly accessible in various forms, organizations must strengthen their ability to detect and regulate AI usage. Part of this involves developing zero trust principles for identity, segmentation, and DLP (Data Loss Prevention). Expanding a zero trust approach to AI and treating it as part of the human workforce helps cybersecurity professionals adapt to the new reality.
Zero trust shifts from minimal privileges to minimal information
Zero trust security models traditionally focus on enforcing the 'least privilege' principle. Here, users and devices only have the access they need to perform their function. The next phase focuses on 'minimal information'. Organizations will pay more attention to where information resides and minimize the amount and sensitivity of data accessible to APIs, third parties, and internal stakeholders.
This requires a fundamental reconsideration of how information is managed. By applying zero trust principles directly to data flows - and not just to user and device access - the risk of data breaches and unauthorized access is reduced. As more companies seek to support distributed devices and mobile connectivity, data minimization strategies become essential for security and compliance.
Third-party risks in the supply chain are increasing
The digital supply chain is becoming an increasingly attractive target. Technology companies are now heavily reliant on third-party software and open-source packages. These dependencies introduce vulnerabilities that attackers can exploit. For example, attackers can compromise open-source libraries and OAuth tokens. These can then serve as gateways to broader systems.
As digital ecosystems become more complex and interconnected, CISOs must strategically prioritize supply chain security. This involves thoroughly screening suppliers, continuously monitoring dependencies, and implementing robust incident response plans to mitigate the impact of supply chain breaches. Proactive collaboration with partners across the supply chain is essential to reduce collective risk.
Data sovereignty vs. business flexibility
It is becoming increasingly complex to find the balance between regulatory compliance, operational flexibility, and sovereignty. Legal requirements force organizations to bring their data back to European jurisdictions to enhance resilience and comply with local regulations. Furthermore, the demand for privacy-enhancing technologies (PET) will increase due to concerns about data privacy.
Many technology leaders will realize that these approaches to data localization are not sustainable in the long term. The constraints imposed by sovereignty solutions can hinder productivity and innovation. This forces organizations to reevaluate their data strategies. Progressive companies will need to find ways to reconcile the need for sovereignty with operational efficiency by implementing technologies (such as PET) that provide true digital sovereignty without compromising performance.
Security leadership: expanding roles and skills
The role of the CISO is rapidly expanding beyond traditional IT security. CISOs are increasingly well-positioned to take on the responsibilities of AI. The merging of the roles of CISO, Chief Data Officer (CDO), and Chief Business Information Officer (CBIO) creates hybrid leadership positions with a broader mandate.
This also reflects the growing complexity of the security function. Technology leaders are now expected to oversee not only IT but also physical security, business strategy, HR, and ethical considerations related to AI. The rise of Chief Security Officers (CSO), who are responsible for people, buildings, and data, underscores the need for multidisciplinary expertise and adaptability in security leadership.
Regulatory changes and increased collaboration
Regulation is set to undergo significant changes, with initiatives such as the EU Digital Omnibus Act and updates to the GDPR on the horizon. While these reforms are primarily aimed at streamlining compliance and strengthening digital sovereignty, they also bring new costs and operational complexity. This regulatory complexity requires closer collaboration between technology companies, regulators, and industry peers.
To navigate this changing landscape, organizations must invest in their compliance capabilities and maintain open communication with policymakers. Critically assessing suppliers for sovereignty is also important. Only companies that provide real, transparent solutions will succeed in building trust and market share.
Read also: IT security 2026: three trends in transition
Connectivity: the backbone of accurate AI insights
As organizations strive to deliver accurate, AI-driven insights, the need for robust, high-quality data is essential. This growing demand will drive companies to invest in resilient, secure, and always-available connectivity services. The widespread use of distributed devices - from IoT sensors to edge computing nodes - will further accelerate the shift to mobile network-based connectivity solutions.
These technologies play a crucial role in supporting real-time data transfer, seamless integration across distributed networks, and the secure flow of information needed to unlock the full potential of AI. By investing in robust mobile connectivity, organizations can maintain their agility, security, and scalability while addressing the complexity of the AI future. A zero trust security approach, including the ability to monitor mobile data flows, becomes essential for managing these previously neglected systems.
Resilience becomes a top priority at the board level
Organizations are striving for greater resilience, partly because awareness of disruptions from cyber incidents or physical incidents such as cable breaks has increased. One aspect of data resilience focuses on continuous access to data. CISOs must develop strategies to mitigate the impact of incidents and quickly regain access after an incident on critical infrastructures.
Understanding all data flows and locations is a key factor for board-level discussions. For this audience, IT leaders must focus on mapping business risks to free up resources for developing security strategies that are resilient from the outset.
Read also: FireMon introduces Policy Workbench for Network Security Automation
Adoption and regulation of post-quantum key exchange
Post-quantum key exchange is expected to become a standard feature within business environments by 2026. This development extends beyond just web browsers and also encompasses client applications, software-as-a-service (SaaS) tools, infrastructure-as-a-service (IaaS) platforms, and content delivery networks (CDNs). What was once considered a technical novelty is now becoming a basic requirement for digital business operations. Proactive software vendors are taking the lead by updating their products for post-quantum cryptography even before widespread demand arises.
Regulation will also play a crucial role in this evolution. Various government agencies have already published detailed guidelines on post-quantum security. Especially in the financial sector, regulators will require organizations to transition to post-quantum solutions. As these guidelines gain traction, similar regulations are expected for other sectors and regions.
Conclusion
As organizations embrace digital innovation, the urgency to balance agility and compliance will grow, and the call for collaboration in the industry will increase. Proactive strategies - ranging from robust management of AI and third-party dependencies to future-oriented data management - become essential for protecting assets and maintaining customer trust.
Technology leaders must remain flexible and invest in multidisciplinary skills, resilient connectivity, and transparent partnerships to ensure their organizations thrive amid changing technological and regulatory developments. By anticipating and responding flexibly to these trends, companies can secure their digital future while driving innovation and growth.
