Insights

As 2026 approaches its halfway point, cyber attackers have caused major disruption, exposed sensitive data and targeted some of the systems organisations depend on most. This year has seen high-profile attacks affecting government data, critical infrastructure, healthcare technology, education platforms and software supply chains. From destructive cyber activity and cloud-based breaches to attacks on OT and open source tools, the trend is clear: cyber risk is here to stay and is constantly evolving.

NIS2 is in force, and organisations across Europe now face higher expectations around cybersecurity risk management, resilience, incident handling and supply chain security.

For many organisations, the default answer to “how often should we run a penetration test?” has traditionally been simple: once a year. In 2026, that answer is no longer enough.

The arrival of Mythos AI has sparked intense debate across the cybersecurity industry. From security researchers to mainstream media, the conversation has swung between fascination and fear to indifference with some stating that we’ve all seen such hype before.

For many organisations, MDR is one of the most important cybersecurity investments they can make. The promise is compelling: continuous monitoring, faster threat detection, expert-led investigations and around-the-clock response capabilities without the cost and complexity of building a large in-house SOC.

Artificial intelligence is increasingly being embedded across business operations, decision-making processes, and customer interactions. While this presents clear opportunities for efficiency and innovation, it also introduces a new layer of complexity, particularly around governance, security, and compliance.

Organisations across every industry and sector are racing to adopt AI agents. They’re told that they can work faster, automate and reduce costs. Vendors are pushing the idea of intelligent digital workers that can make decisions and complete tasks at pace and with very little human intervention.

Managed Detection and Response is one of the largest and most critical cybersecurity investments an organisation can make.

For many organisations across Europe, NIS2 preparation has remained a strategic discussion rather than an operational priority. That is about to change.

The recent cyberattack targeting Canvas, the learning management system used by thousands of schools and universities worldwide, is another stark reminder that the education sector is one of the most attractive targets for cybercriminals. The attack, linked to the ShinyHunters extortion group, reportedly affected institutions across multiple countries and exposed potentially vast amounts of student and staff data.

Legacy Operational Technology (OT) and Industrial Control System (ICS) infrastructure continues to create major security challenges for industrial organisations. Many ageing systems were never designed for today’s connected environments, yet they still support critical operations across manufacturing, utilities, transport and energy.

The cybersecurity skills gap has long been a concern for organisations, and new data suggests the challenge is becoming more acute in 2026.