Cyber risk continues to rise as organisations rely on connected systems for work, communication, and commerce. The average cost of a data breach in the United States reached about USD 10.22 million and CA$6.98 million in Canada in 2025, and identity attacks now account for roughly 30% of all intrusions. Emerging technologies such as artificial intelligence (AI) are reshaping both offensive and defensive capabilities. This blog examines the major cyber threats on the horizon for 2026
Modern identity attacks remain the primary entry point
Modern identity attacks have become the most common way attackers gain access to systems. Identity-based attacks now account for roughly 30% of all intrusions. Instead of breaking in through technical exploits, attackers sign in using stolen credentials, session tokens, or compromised authentication flows. Once inside, they move across systems, escalate privileges, and access sensitive data while appearing as legitimate users.
Several trends are shaping modern identity attack risk heading into 2026:
- Increased use of single sign-on platforms that create high-value identity targets
- Growth in cloud and hybrid environments where identity is the new perimeter
- More attacks on privileged accounts and administrative access
- Use of AI to generate convincing phishing and impersonation attempts
- Credential exposure through third parties and unmanaged devices
Because these attacks rely on valid logins, they often go undetected for longer periods and create greater business impact. This is where Identity Threat Detection and Response plays an important role by monitoring identity behavior, detecting misuse in real time, and helping organizations contain compromised accounts quickly. For a deeper look at how these attacks work and how to reduce exposure, read our recent blog on Identity-Based Attacks.
AI-driven attacks are scaling rapidly
Artificial intelligence is now being used on both sides of cybersecurity. Organizations are adopting AI to improve productivity and decision-making. A recent enterprise AI study found that 75% of workers say AI has improved the speed or quality of their work, with typical savings of 40 to 60 minutes per day. At the same time, attackers are using AI to scale social engineering and automate reconnaissance.
In 2025, 13% of companies reported an AI-related security incident. Among those affected, 97% acknowledged the lack of proper AI access controls. This highlights a growing gap between AI adoption and AI governance.
Threats expected to grow in 2026 include:
- AI-generated phishing emails that mimic writing styles and internal communications
- Deepfake audio and video are used in financial fraud and executive impersonation
- Automated vulnerability discovery and exploitation
- AI-assisted reconnaissance that maps organizational structures and targets
Enterprise adoption of AI is accelerating. 42% of organizations with more than 1,000 employees have already deployed AI in business operations. As adoption expands, so does the attack surface. Many organizations lack clear policies governing how employees use AI tools or where data is stored and processed.
At the same time, analysts expect that more than 40% of agentic AI projects will be cancelled by the end of 2027 because of high costs, unclear value, or weak risk controls. This suggests that organizations are still learning how to deploy AI securely and sustainably.
Hyper-personalized phishing and deepfakes
Phishing remains one of the most effective attack methods, but it is changing. Instead of generic mass emails, expect attackers to craft highly personalized messages based on social media activity, internal documents, and public information.
AI allows attackers to:
- Replicate the writing styles of executives
- Generate realistic voice calls
- Produce convincing video impersonations
- Tailor messages based on industry and role
These techniques increase the success rate of social engineering. Employees are more likely to trust communications that appear authentic and relevant to their work.
Deepfake-driven fraud has already led to financial losses in multiple industries. In many cases, attackers impersonate executives during urgent financial requests or vendor changes. Without strong verification processes, organizations are vulnerable.
Supply chain and third-party risk
Organizations continue to rely on a growing ecosystem of vendors, software providers, and cloud platforms. Each connection introduces potential exposure. Supply chain attacks remain a major concern because they allow attackers to reach multiple organizations through a single compromise.
In many cases, attackers target smaller vendors that lack strong security controls. Once access is gained, they move into larger organizations through trusted connections.
Common supply chain risks include:
- Compromised software updates
- Third-party credential exposure
- Managed service provider breaches
- Data leakage through shared platforms
Organizations are increasingly required to assess vendor security practices and monitor third-party access. Without visibility into partner environments, risk multiplies.
The most targeted industry
Manufacturing remained one of the most targeted sectors in 2025. Attackers focus on industries where downtime directly affects revenue and operations. In manufacturing environments, disruptions can halt production, delay shipments, and create contractual penalties.
Operational technology systems, legacy infrastructure, and complex supply chains make manufacturing environments attractive targets. Ransomware and identity-based attacks are particularly damaging because they can stop production lines and disrupt logistics.
Other industries are not immune. Healthcare and energy remain attractive targets due to the sensitivity of their data. The Canadian National Cyber Threat Assessment notes that cybercrime is increasingly financially driven and that attackers are getting bolder; extortion and data theft continue to dominate the threat landscape. These sector-specific patterns highlight the need for industry-aligned defences and cross-sector collaboration.
Detection and response challenges
Even with growing investment in cybersecurity, many organizations struggle with detection and response. The average breach lifecycle shows how long attackers can remain inside networks. With 204 days to identify and 73 days to contain, attackers have months to move across systems.
Common challenges include:
- Limited visibility across hybrid environments
- Fragmented security tools
- Lack of centralized identity monitoring
- Insufficient incident response planning
Organizations that lack dedicated security resources often rely on reactive approaches. This increases the cost and impact of incidents.
What Organizations Should Prepare for in 2026
Cybersecurity in 2026 requires a shift from perimeter-focused defenses to identity-centric and behavior-based security models. Organizations should focus on:
- Strengthening identity and access management
- Implementing continuous monitoring and detection
- Establishing clear AI usage policies
- Evaluating vendor and supply chain risk
- Preparing for emerging encryption threats
Security awareness and governance are as important as technical controls. Many incidents begin with human error or policy gaps rather than advanced technical exploits.
Looking Ahead
The top cyber threats for 2026 will not be defined by a single technology or attack type. They will be defined by how attackers combine identity compromise, artificial intelligence, and large-scale access to data.
Identity theft, AI-driven attacks, supply chain breaches, and long-term data harvesting are already shaping the next phase of cyber risk. Organizations that invest in identity protection, resilience, and visibility will be better positioned to respond.
Cyber risk in 2026 will move faster, reach further, and rely more heavily on trust and access. The organizations that understand this shift now will be better prepared for what comes next.
