By Bambi Escalante
Every year, the cybersecurity landscape presents new challenges – and 2026 is no exception. Across industries and borders, companies are adapting to AI, emerging technologies, growing geopolitical risks, persistent cybersecurity skills gaps, and regulatory pressures while driving growth and innovation.
The main role of information securityfiCER (CISO) is evolving in response to these challenges. Today, CISOs must focus not on whether an organization will face disruption, but on how prepared it is to respond, recover, and maintain resilience against increasingly complex threats.
To help CISOs, especially those in the Philippines, navigate this environment, we highlight a selection of trends and forces shaping cybersecurity to 2026 and beyond, based on insights from Fortinet's newly inaugurated annual CISO Predictions report:
1. Balancing innovation and risk in AI – Artificial Intelligence is transforming business operations by automating processes and driving better decisions in teams. Yet with rapid adoption comes new risks, including limited visibility into AI decision making, data exposure and threats such as adversarial attacks, data poisoning and instant injection. The increasing use of autonomous AI agents also creates identity and interaction risks that could expose critical systems.
Prediction: Both the frequency and severity of breaches involving AI models will increase in 2026, as organizations entrust more sensitive data to AI and enable autonomous agent interactions without fully addressing identity and security implications.
2. AI in malicious hands – AI is increasingly being used by cyber criminals to increase the accuracy and impact of attacks. Advanced generator models make it easy to create highly credible fake images, audio and video, significantly increasing the effectiveness of social engineering schemes and business e-mail compromise (BEC).
Prediction: In 2026, deepfake technology is expected to take BEC and other targeted attacks to a new level. Organizations may face an increase in AI-generated audio and video content designed to deceive individuals. If text-based attacks have already caused billions in losses, AI-powered voice and video scams could result in even greater financial and reputational damage. Fortinet anticipates a significant increase in both the frequency and impact of these attacks, with many high-value incidents likely to occur throughout the year.
3. Cyberwarfare and geopolitical risks – As cyber has become an integral part of modern warfare, recent conflicts show how digital attacks can disrupt economies, financial systems and critical infrastructure. What once seemed distant geopolitical conflicts now directly impact organizations around the world, as cyber operations have become a standard component of global power plays.
Over the past two years, there has been an increase in state-linked activity focused on data theft and long-term infiltration of networks. These “preparatory strikes” are expected to intensify as nations seek to strengthen their strategic positions in an increasingly volatile global environment. Meanwhile, attacks on critical infrastructure continue – from global Internet systems to the undersea cables linking economies and industries – underscoring how deeply geopolitical tensions and cybersecurity are intertwined.
Prediction: Cyberwarfare is no longer a distant concern. It is reshaping the security landscape for every organization. In 2026, CISOs must anticipate spillover attacks, even from conflicts beyond their borders, and ensure readiness against state-sponsored threats targeting supply chains, networks, and partners.
4. Increasing threats in space – Cyber conflict has extended to space. The increasing reliance on GPS for navigation, logistics and critical systems makes it a prime target for disruption, especially in conflict zones. Jamming and spoofing activities can misdirect drones, aircraft, and even weapons systems, while also damaging IT systems and other critical infrastructure.
Prediction: GPS interference is expected to increase, especially in and around conflict areas. While the risk remains low for most businesses, sectors such as aviation, shipping and defense should take precautions, including fortifying receivers, validating multiple data sources and enabling autopilot lockouts to prevent navigation errors and operational disruptions.
5. Increasing risks in satellite communications – Satellite technology is expanding connectivity across land, sea and air, making the Internet more widespread than ever before – but this growth also brings new challenges. Unencrypted satellite signals can be intercepted with relatively simple equipment, potentially exposing sensitive government, corporate and military communications, including calls, messages and internal data.
Prediction: As the adoption of satellite technology continues to accelerate, organizations must address these vulnerabilities by implementing additional layers of security such as IPsec encryption to prevent data interception and misuse.
6. Closing the cyber security skills gap – Despite progress, the global cybersecurity skills gap remains a serious challenge. Fortinet's 2025 Cybersecurity Skills Gap Report shows that the leading causes of breaches worldwide are inadequate security awareness (56%) and lack of IT security skills and training (54%). Nearly half of IT leaders also believe that their board members are unaware of the risks posed by AI and emerging technologies.
Encouragingly, 89% of organizations now prioritize hiring candidates with certification, highlighting the strategic importance of cybersecurity talent. Complementing this trend, Fortinet offers the Network Security Specialist certification program in the Fortinet Training Institute and is actively training one million people by the end of 2026, equipping organizations with the skilled workforce needed to bridge this critical gap.
Prediction: In 2026, the CISO will play a vital role in the boardroom. Security leaders should clearly communicate both the opportunities and risks of technologies like AI, helping boards determine their appetite for risk. As cybersecurity becomes more important, CISOs themselves are being invited to serve as board members, thereby expanding board expertise and strengthening organizational resiliency.
Bambi Escalante is the Country Manager for Fortinet Philippines.
7. Cultivating the next generation of cyber experts – The cybersecurity workforce is evolving with the entry of Gen Z and the following of Gen Alpha – digital natives accustomed to instant information and interactive learning. Traditional training tools are losing relevance, and as AI automates more entry-level tasks, the paths to creating hands-on experiences are narrowing. Organizations must evolve how they attract, train and retain future experts to prevent even greater skills shortages.
Prediction: AI fluency will become a fundamental skill for cybersecurity professionals. Educational institutions and employers should incorporate the fundamentals of AI literacy and cybersecurity into every curriculum and training program to ensure readiness for an AI-powered workplace. Without this, industries risk losing an entire generation of capable defenders before they even begin their careers.
8. Navigating Rules and Privacy Pressures – Cybersecurity regulations continue to expand around the world, including in the Philippines, where the Data Privacy Act establishes baseline accountability for handling sensitive data. While these frameworks promote trust and stability, they also increase compliance demands, requiring investment in governance, risk management and reporting.
Prediction: Organizations that miss the mark risk fines and reputational damage. Fragmented standards in different countries create additional work, but 2026 could bring greater global collaboration and broader acceptance of existing certifications, helping companies align compliance while maintaining strong security.
9. Facing the quantum challenge – Quantum computing is a complex technology that poses little immediate risk, as machines capable of breaking current encryption are likely to take more than a decade. Nevertheless, the possibility of “harvest now, decrypt later” attacks is real, where adversaries collect sensitive data today to decrypt it in the future. This highlights the need for long-term planning, even if the threat appears remote.
Prediction: Instead of delaying action, organizations should start incorporating quantum readiness into procurement and security strategies now. Preparation today ensures critical systems and data remain secure as quantum capabilities mature.
10. Rise of the Chief Resilience Officer – The role of the CISO goes beyond security. Today, CISOs are business enablers, ensuring operations continue to thrive while supporting innovation and managing risk. Protecting against persistent attacks requires layered security, network segmentation, and tested response plans. Most importantly, CISOs must identify the minimum viable business – the core functions that must continue to operate during a crisis.
Prediction: Attacks on large organizations will continue in 2026, driven by AI, cybercrime-as-a-service, and state-sponsored activity. The CISO needs to plan for worst-case scenarios, strengthen continuity measures, and conduct regular testing, effectively acting as the Chief Resilience Officer to keep the business running under any circumstances.
2026: Year of Resilience
2026 will test how organizations anticipate and respond to disruption. CISOs must put resiliency at the center of their strategy, preparing for inevitable challenges while ensuring business continuity, strong recovery plans, and secure management of both human and AI-powered systems.
It is equally important to promote cooperation in security, operations and leadership. A shared understanding of risk and a coordinated response will determine how effectively organizations respond to emerging threats. Continuous learning, rigorous testing, and proactive planning have become core responsibilities of every security leader.
Ultimately, the CISO's role extends beyond system security. Those who combine technical expertise with strategic vision will transform security into a source of trust, stability and growth – ensuring that their organizations are not only prepared to survive 2026, but emerge stronger and more resilient.
Bambi Escalante is the Country Manager for Fortinet Philippines.