The Top 26 Security Predictions for 2026 (Part 1)

As we close a year that saw cybersecurity cross the artificial intelligence Rubicon, almost everyone is “all in” on AI accelerating even greater change for the technology industry in the year ahead.

And yet, security remains an Achilles’ heel for tech advancement in fields ranging from medicine to finance and from drones delivering your groceries to autonomous taxis delivering you home.

So what will the new year bring for cyber? Will AI dominate both offensive and defensive cybersecurity in the coming year — or are we in an AI bubble that is set to burst?

This report highlights what the best companies, media sources and thought leaders in the world are saying will happen in 2026. Nevertheless, the reports, videos and charts offer far more than wishful thinking or blind predictions for holiday fun. No, these stories connect the dots to clearly articulate trends, forecasts and security themes.

A LOOK BACK AT LAST DECEMBER’S PREDICTIONS FOR 2025

Last year, in “The Top 25 Security Predictions for 2025,” here were the top 10 cybersecurity trends that were highlighted:1. “Agentic AI” Emerges as a Hot New Opportunity for Everyone — and Also a Potential New Cyber Threat Vector (Later)
2. AI-Driven Scams and Social Engineering Will Surge
3. Ransomware Evolves With Automation and AI
4. Supply Chain Attacks on the Rise
5. Democratization of Cyber Crime Tools
6. Geopolitical Cyber Warfare Intensifies
7. Post-Quantum Threats Accelerate
8. IoT and Edge Devices as Growing Attack Vectors
9. AI-Powered Security Operations Centers and Automation Will Redefine Defenses
10. Regulatory Pressures and Compliance Shifts

A QUICK SUMMARY OF THE TOP CYBER TRENDS FOR 2026

Based on the comprehensive cybersecurity vendor reports I’ve included in this predictions blog (and Part 2, coming next week), here are the top 10 cybersecurity forecasts and trends for 2026, as determined by a human review of security industry vendor reports:

Rise of Agentic AI Attacks: Autonomous AI agents will execute multistep operations and interact with real systems, turning compromised agents into powerful, independent attack vectors.
AI-Powered Social Engineering: Deepfake services and hyper-personalized AI will revolutionize business email compromise and extortion scams, making deception nearly impossible to detect.
The Shift to Post-Quantum Security: Organizations must accelerate the transition to post-quantum cryptography to defend against “harvest now, decrypt later” strategies from sophisticated adversaries.
Ransomware Becomes Fully Automated: Ransomware will evolve into AI-driven operations that scan, exploit and extort with minimal human input, focusing on intelligent data exploitation over encryption.
AI “Insider” Threats: Autonomous AI agents with privileged access will become the new “insiders,” requiring specific AI firewalls to prevent them from becoming vulnerabilities.
Convergence of Advanced Persistent Threats (APTs) and Cyber Crime: Nation-state actors and criminal gangs will share infrastructure and payloads, blurring attribution and accelerating the scale of global cyber operations.
Supply Chain and Infrastructure Targeting: Attacks on global logistics, satellite communications and smart transportation systems will increase, turning outages into strategic weapons for geopolitical influence.
Browser-Based Zero-Trust Workspaces: As the browser becomes the primary enterprise operating system, security will shift toward cloud-native models that enforce zero trust directly within the browser.
Atrophy of Critical Thinking: Widespread GenAI usage will cause a “surge of lazy thinking,” leading 50 percent of organizations to implement “AI-free” skills assessments for hiring.
Identity as the New Perimeter: With traditional VPNs collapsing, identity-based security and zero-trust network access (ZTNA) will become the primary defense against automated session hijacking.

HOW CAN YOU BENEFIT FROM SECURITY PREDICTION REPORTS?

Back in 2016, I wrote, “Americans love baseball, hotdogs, apple pie and predictions. In fact, if we really like something a lot, and especially if we have a growing interest in some new area of life, it’s not long before we start thinking about what the future holds within that area.”

And just as in the last few years, there are more cybersecurity predictions for 2026 than ever before — cybersecurity now touches virtually every area of life.

The best security prediction reports do much more than just make educated guesses at what might happen in the next year or two. The top 26 security predictions for 2026 examine the vendors who study global security incident trends, analyze what’s working and what’s not, look at new cyber solution alternatives, and use science and data to gaze into the future and make forecasts.

Here are just a few ways that you can benefit from reading the details in security prediction reports:

Gain industry knowledge, understand overall trends and expand your horizons beyond one stovepipe or topic.
Use the free advice, guidance, insights and annual reports provided by most industry companies.
Use predictions as an opportunity to educate others.

No doubt, some people will say things like, “Nothing will change — 2026 in cyber will be just like 2025, only worse.” But the reality is that everything is changing rapidly. The public and private sectors must adapt faster now more than ever before to evolving cyber threats and new digital risks. Hopefully, this report can help with that education.

TOP SECURITY INDUSTRY PREDICTIONS/TRENDS/FORECASTS FOR 2026

As always, I encourage you to go to each of these reports and read the expert advice, recommended actions to take and many further details. Some of these reports offer references and detailed research on why the trends and predictions are relevant.

Regardless, my intention is to just point you toward the best materials and provide a snapshot of some of the items.

1) Trend Micro: Trend Micro is at the top of the list as the best security prediction report for 2026, and no other company was even a close second. The AI-Fication of Cyberthreats: Trend Micro Security Predictions for 2026 is offered in a 39-page PDF format that includes in-depth predictions, strong references, multiple types of supporting materials, creativity, interactive graphics and everything you want to see in a great annual prediction report.

In addition to the PDF version, check out their interactive version, which contains easy-to-use graphics that highlight key terms and predictions broken into the categories of AI, APTs, enterprise, cloud, ransomware and vulnerabilities. I strongly urge you to read the full report, but here are one or more items in each area:

“AI will become both a transformative force and a top attack vector, driving fully autonomous, adaptive and scalable threats across digital and physical systems.”
“Agentic AI will act with growing autonomy, executing multi-step operations and interacting with real systems, turning compromised agents into operational attack vectors.”
“The growth of vibe coding will accelerate innovation while simultaneously increasing the risk of unsecure code in organizations that do not implement proper review processes.”
“Emerging collaboration models will enable APTs to share access, infrastructure and payloads, obscuring attribution and accelerating global operations.”
“Supply chain and insider threats will converge as state-sponsored operatives infiltrate vendors and enterprises, embedding malicious code or exploiting privileged access from within.”
“Legacy systems, outdated software and hidden IT debt will remain major enterprise risks, providing attackers with persistent entry points beyond the reach of modern defenses.”
“Identity-based and trust-driven attacks will surge as AI automates phishing, session hijacking and social engineering, making deception more convincing and detection harder.”
“Cloud environments will remain prime targets as adoption continues to grow, with attackers exploiting high-value workloads, operational dependencies and hybrid infrastructures.”
“Ransomware will evolve into AI-driven, fully automated operations that scan, exploit and extort with minimal human input.”
“Attackers will shift from pure encryption to intelligent data exploitation, using AI to identify and pressure victims’ most sensitive assets.”
“AI will accelerate both the discovery and exploitation of zero-day vulnerabilities, enabling faster reconnaissance, automated exploitation and broader attack reach.”

2)Google Cloud/Mandiant: Once again, Google Cloud offers a solid forecast for 2026 in multiple formats that can be downloaded here.

They begin with these words: “When sharing our insights on cybersecurity in the year ahead, we never make ‘crystal ball’ predictions. Instead, we focus on the real-world trends and data we are observing right now, to provide clear, realistic expectations on what will likely be the biggest trends and challenges.

“Our Cybersecurity Forecast 2026 report focuses on three key themes: adversary and defender use of artificial intelligence, cybercrime as the most disruptive global threat, and continued operations by nation state actors to achieve their strategic goals.”

Some top predictions include:

“Adversaries Fully Embrace AI”
“Prompt Injection Manipulates AI”
“AI Agent Paradigm Shift”
“Supercharged Security Analysts” — “For an incident responder, this means an alert will come packaged with a full, AI-generated case summary, a decoded view of that obfuscated PowerShell command, and its mapping to the MITRE ATT&CK framework. The analyst’s job shifts from manual data correlation to strategic validation, letting them approve a SOAR containment action in minutes, not hours.”
“Enterprise Virtualization Under Threat” — “While security teams have concentrated on user endpoints and in-guest defenses, the core virtualization fabric — the host of all enterprise applications — remains largely unmonitored.”

[embedded content]

Related Google Security Prediction Videos:
https://www.youtube.com/watch?v=LnJRDWUJn3w
https://www.youtube.com/watch?v=FAqLPf3tWjA

3) Watchguard: Watchguard always pitches above their company size with their annual predictions, and this year is no exception. You can see the details of their 2026 Cybersecurity Predictions here, which also offers easy access to previous year’s predictions.

In addition to their excellent YouTube videos, which include the 2026 Cyber Smack Down, one thing that stands out with WatchGuard is that they actually give specific predictions and not just trends. Here they are (with specific details at the link):

“Crypto-Ransomware Goes Extinct”
“OSS Repositories Turn to AI for Supply Chain Protection”
“CRA Mandates Spark Secure-by-Design Practices”
“Autonomous AI Launches Its First End-to-End Cyberattack”
“ZTNA Emerges as Traditional VPNs Collapse”
“AI Literacy Becomes a Core Cybersecurity Skill”

4) Fortinet offers eight pages of content in their Cyberthreat Predictions for 2026. In their opening executive summary they write: “The global threat environment in 2026 will be defined by speed, automation, and scale. Cybercrime will continue to mature into a structured industry supported by specialized roles, automated toolchains, and AI-driven decision-making. Attack groups will increasingly operate more like enterprises than independent actors, measuring success not by innovation but by throughput, such as the rate at which they can turn access into profit. For defenders, this represents a pivotal shift. Security operations can no longer rely on static configurations or periodic assessments. To address today’s rapidly evolving challenges, they must operate as an adaptive system, continuously learning, adjusting, and responding to real-time conditions.”

Also, check out this excellent Fortinet blog with CISO predictions for 2026.

Top predictions include:

“There have already been multiple breaches of AI LLMs. 2026 will see this increase in both volume and also severity as the use cases grow, AI accesses more and more sensitive data, and agent-to-agent communication is allowed without considering the identity and security implications.”
“Deep-fake services are going to take business email compromise (BEC) and social engineering to a whole new level.”
“Previously, conflicts on the other side of the world may have felt like a distant problem, but cyberwarfare is bringing these conflicts to all of our doorsteps. We expect these issues to continue in 2026, which means more issues CISOs need to be prepared for. The Israel–Palestine war has resulted in organizations supplying equipment to Israel to be targeted regardless of their location. In future conflicts, all organizations will need to be on high alert in case they are pulled into the spotlight. We believe this will become the new norm going forward.”
“[GPS jamming] activity will continue, especially surrounding conflicts, as cyber warfare becomes the standard practice. For the majority of organizations, this risk is very low, except for transport logistics, which rely on this information. For airlines, shipping, and defense manufacturers, however, this will become a significant risk, and precautions need to be taken, such as receiver hardening/signal filtering, requiring multiple corroborating information sources, and autopilot lockout, should position or time suddenly shift unexpectedly, which could impact the navigation and landing capability for planes, or cause other more catastrophic incidents.”
“AI fluency will become a baseline skill, not a specialty. For this to happen, it must be woven into every student’s curriculum if we hope to prepare tomorrow’s workforce for an AI-driven world. As today’s entry-level roles evolve or disappear, those who understand how to apply and secure AI will advance fastest, while organizations and educators that fail to adapt risk losing an entire generation of future cyber talent.”

5) Gartner: Gartner has more free security content than ever this year, and they offer a sizeable chuck of their annual planning guide for cybersecurity for free, with excellent insights. (To get the full report you must be a client.)

Some key insights include:

“Geopolitical tensions and regulatory uncertainty are creating a more volatile and unpredictable risk landscape for chief information security officers (CISOs) and their teams. Protecting data, applications, and corporate resources in such an environment is not just a challenge, but an escalating struggle. The ever-changing cybersecurity vendor landscape only exacerbates the problem.”
“Organizations are focusing too much on sophisticated attacks and not enough on basic cybersecurity hygiene and incident response practices. This oversight leaves them exposed to ransomware and account takeover risks.”
“Disruption from organizationwide adoption of AI continues to put pressure on cybersecurity teams. Lenient organizations may suffer from AI-native risks, such as sensitive data loss through insecure prompts and use of harmful or biased output. By contrast, a strict approach can stifle AI innovation.”
“Managing the various aspects of an incident continues to overwhelm incident responders. This situation exposes organizations to employee turnover, fatigue, overlooked events, and a lack of overall institutional resilience.”

In addition, check out these Gartner security resources, including this excellent diagram with supporting details.

I really like this item, which wins the most creative prediction award for this report:

“A surge of lazy thinking — Prediction: Through 2026, atrophy of critical-thinking skills, due to GenAI use, will push 50 perent of global organizations to require ‘AI-free’ skills assessments. As automation accelerates, the ability to think independently and creatively will become both increasingly rare — and increasingly valuable.”

6) Forrester: Forrester also offers more free prediction content than ever before in December 2025, starting with this free PDF on “2026 Predictions in Technology and Security.”

Here are their top 5 predictions, with more in the report:
1) A quarter of all CIOs will be asked to bail out business-led AI failures in their organizations in 2026.
2) Organizations will delay 25 percent of their AI spend into 2027.
3) “Neoclouds will grab $20 billion in revenue, eroding hyperscaler dominance in GenAI.”
4) “The time to fill developer positions will double.”
5) “Quantum security spending will exceed 5 percent of the overall IT security budget.”

7) Kaspersky: Once again, Kaspersky offers amazing content, which is free but very hard to find.

Starting with their “numbers of the day”: “Kaspersky’s detection systems discovered an average of 500,000 malicious files per day in 2025, marking a 7 percent increase compared to the previous year. Certain types of threats saw growth globally — there was a 59 percent surge in password stealer detections, a 51 percent growth in spyware detections and a 6 percent growth in backdoor detections compared to 2024.”

Their press release is here and says: “2026 will likely bring an escalation of incidents disrupting global logistics and high-tech supply chains, along with more attacks on non-traditional targets such as smart transportation systems, vessels, trains, public transit, smart buildings, and satellite communications. Threat actors — including APTs, regional groups, hacktivists, and ransomware gangs — are expected to increasingly shift activity toward Asia, the Middle East, and Latin America, while AI-agent-based operations and autonomous malicious orchestration frameworks lower the barrier for mass-scale industrial campaigns.”

You can download their free India report here. Their global Financial Threat Prediction Report is here, which forecasts:

“Banking Trojans will be rewritten for WhatsApp distribution”
“Deepfake/AI service growth for social engineering”
“The emergence of regional infostealers”
“More attacks on NFC payments”
“The Emergence Of An AI Agentic malware”
“Classical scams will get a new delivery method”
“Persistence of ‘out of box’ devices that are already infected”

You can also watch their BrightTALK prediction presentation here for 2026 for free with registration.

8) Check Point: Check Point offers 10 in-depth security predictions under the title “The 2026 Tech Tsunami: AI, Quantum and Web 4.0 Collide.”

Here is a sample of their predictions (see details at the link):

“Prediction 1 — The Dawn of Agentic AI: From Assistants to Autonomy”
“Prediction 2 — Web 4.0 Foundations: Immersive, Integrated and Intelligent — Digital twins and XR redefine how humans interact with infrastructure”
“Prediction 4 — Trust Is the New Perimeter: Deepfakes and Conversational Fraud”
“Prediction 5 — LLM-Native Threats: Prompt Injection and Data Poisoning — AI Models Become the New Zero-Day”
“Prediction 6 — The AI Reality Check”: “After two years of near-frantic AI adoption, 2026 will mark the first major recalibration. Many organizations that rushed to integrate generative AI tools will discover ungoverned systems, exposed APIs and compliance blind spots. Shadow AI, employee-initiated tools using corporate data, will proliferate, creating invisible data leaks and inconsistent security standards. This phase of disillusionment is necessary: it will drive the shift from experimentation to accountability.”
“Prediction 10 — Supply Chain and Saas Risk Explodes”

9) BeyondTrust: BeyondTrust released their “BeyondTrust Experts Reveal Top Cybersecurity Predictions for 2026 and Beyond,” which offers perspectives for 2026 and also for “The Next Frontier: 5+ Year Predictions”

Here are some highlights for 2026:

“Agentic AI Becomes the Ultimate Attack Vector”
“AI ‘Veganism’ Emerges”
“Digital Tariffs Redefine Data Sovereignty”
“The Death of VPN”
“Account Poisoning Becomes a Financial Threat”
“MITRE Rises from the Ashes”
“The Nomadic Workforce Challenges Security Boundaries”
“Geolocation Trackers Weaponize”
“Voice-Driven Home Security Takes Hold”

And for “The Next Frontier: 5+ Year Predictions”:

“AI Fractures and Reforms”
“Biological Computing Pushes Beyond Silicon”
“Companion AI Becomes Mainstream”
“You Are the New Cryptographic Key”
“Supply Chain Risk Multiplies”
“Autonomous Cities Rise”

10) SentinelOne: Another excellent report from SentinelOne titled Cybersecurity 2026: The Year Ahead in AI, Adversaries and Global Change.

Here are five of their highlights:

“The Forgiving Internet Is Over” — “The cybersecurity industry has been living on borrowed time, and AI is about to call in the debt. … We are moving to a future where being vulnerable and being hacked are not two separate steps.”
“Attackers will harness AI as a force multiplier long before defenders do. Scrappy resourcefulness, clear financial incentives, and freedom from procurement cycles guarantee it. … If defenders can thank AI for anything, it will be a fundamental reassignment of value, a revamping of capacity, and a necessary reimagining of what’s possible.”
“A realistic 2026 development is the partial exposure of U.S. offensive cyber and information operations targeting Venezuela. … None of this is unprecedented. Great powers all play in this space, but the political salience of Venezuela today means the blowback will be sharper and more public than usual.”
“A new Five-Year Plan from the Chinese Communist Party means a new hit-list for China’s hackers.” — “Contracted hackers looking to pilfer western technology and sell it to the highest bidder in China will consult those documents to identify the technologies their customers are likely to pay good money for. If your industry is on the list of targeted technologies, buckle up.”
Ransomware — “Increasing Attacks Will Offer Defenders Fewer IOCs and Artifacts” — “There are some interesting micro trends within these smaller, more obscure, operations. One such trend is the omission of ransom notes and other noisy filesystem artifacts, and threat actors moving towards more direct follow-ups via emails and phone calls to initiate communications. We have seen groups like ‘Penguin Cartel’ operate in this way, and we expect adversaries to increasingly embrace these alternate methods of first notification in extortive attacks.”

11) Splunk: Splunk offers these “Top Cybersecurity Trends in 2026: 9 Trends to Watch.” But note that this piece came out in May 2025; therefore, their ranking dropped in my predictions roundup this year.

Their trends include (with details at the link above):

“Trend 1: AI is creating new data risks”
“Trend 2: More women in the cybersecurity workforce now”
“Trend 3: Ransomware getting smarter”
“Trend 4: Zero trust becoming the new normal”
“Trend 5: Insider threats accelerating with the rise in remote work”
“Trend 6: Supply chain vulnerabilities getting harder to ignore”
“Trend 7: Fighting back against Deepfakes”
“Trend 8: Preparing for the quantum threat”
“Trend 9: Student-powered SOCs will close cybersecurity gaps in the public sector”

12) Fortra: Once again we have another very good report in “Fortra 2026 Predictions.”

Like most others, they start with AI: “AI is reshaping every layer of offense and defense, collapsing long-standing distinctions between insiders and systems, human attackers and automated ones, corporate risk and personal risk. What used to be edge-case speculation is now operational reality: AI agents acting with system-level privileges, criminal marketplaces running like SaaS platforms, token theft eclipsing phishing, and nation-state tactics bleeding directly into commercial targets.”

Here is what they are saying comes next in 2026:

“Enterprises Will Start Treating AI Systems as Insider Threats”
“The First ‘AI Liability’ Lawsuit”
“AI-Augmented Threats Will Overwhelm Traditional Defenses”
“Hyper-personalized extortion scams driven by AI. For example, someone might receive a highly customized email stating that their Tesla has been hacked. The attacker will send it over a cliff the next time their loved ones are in the car unless the victim pays $X in bitcoin.”
“Augmented SOCs Become the First Line of Defense”
“In 2026, we are likely to witness several high-profile breaches where initial access is achieved through the theft and resale of authentication cookies and cloud tokens.”
“Brand Protection Expands the Attack Surface”
“Attacks on Critical Infrastructure Will Accelerate – Nation-state and criminal actors will target energy, healthcare, and transportation systems with cyber-physical impacts, turning outages and disruptions into strategic weapons.”
“The Line Between APTs and Criminal Gangs Will Disappear”
“With the increased complexity of the cybersecurity threat landscape, 2026 will see added emphasis and reliance on the channel. Specifically the need for Managed Services Providers (MSPs) or Managed Security Services Providers (MSSPs) to meet the needs of resource and overhead constrained customers.”
“Data Becomes the Security Perimeter”
“A Complete End-to-End Fraud-as-a-Service platform.”
“Governments Will Shift From Encouraging AI Innovation to Imposing Guardrails on Corporate Deployment”

13) Palo Alto: Palo Alto offers good details in six areas in this piece entitled 6 Predictions for the AI Economy: 2026’s New Rules of Cybersecurity:

“The New Age of Deception: The Threat of AI Identity” — Identity will emerge as the primary battleground for trust, as deepfakes and real-time impersonations make authenticity a top risk for brands and execs.
“The New Insider Threat: Securing the AI Agent” — As autonomous agents receive privileged access to solve the skills gap, they will become the primary target for adversaries, requiring AI firewall governance to prevent them from becoming “autonomous insiders.”
“The New Opportunity: Solving the Data Trust Problem” — Adversaries will exploit the silo between data science and security via “data poisoning,” necessitating a unified platform to secure the entire pipeline against invisible model corruption.
“The New Gavel: AI Risk and Executive Accountability” — Legal and regulatory pressure will mount as execs face personal accountability for AI-related incidents, driving boards to strengthen governance.
“The New Countdown: The Quantum Imperative” — The “harvest now, decrypt later” threat and shrinking quantum timeline will force a complex migration to post-quantum cryptography, requiring organizations to build long-term “crypto agility” rather than performing a one-time upgrade.
“The New Connection: The Browser as the Novel Workspace” — As the browser evolves into an agentic enterprise OS, it becomes the largest unsecured attack surface, forcing the adoption of cloud-native models that enforce zero-trust security directly inside the browser.

14) Akamai: Akamai offers us The Year in Review 2025: AI, APIs and a Whole Lot of Audacity. This report highlights the thoughts of several top execs regarding what stood out in 2025 and “What notable issues do you foresee in 2026?”

Here is one of those items in-depth from Roger Barranco, vice president of global security operations: “CISOs are under significant pressure to facilitate the rapid adoption of AI and this can negatively impact the prioritization of risk register items by assigning lower risk levels to AI-related initiatives. This further highlights the need for purpose-built technologies that effectively protect AI elements, including large language models (LLMs).

“The rapid adoption of AI also creates a new front in API security. Typically an LLM will need to transit an API at some point, making API protection critical. Now, CISOs are recognizing that API security can be used to identify critical traffic, such as determining whether it’s an LLM or a human trying to access something.

“This generates an alert, enabling security teams to decide whether to allow the traffic or block it. Therefore, there is big value in monitoring APIs to identify where LLMs are or where AI is being used to reach inside the enterprise.

“With an increased focus on AI governance, more organizations are creating rules regarding whether employees are permitted to build their own AIs to assist with their work. This is giving rise to AI control boards to determine what is allowed and to provide oversight so it’s not completely unregulated as in the past; this is vital from a security perspective. …

“In 2026, I expect to see enterprises upgrading their infrastructure and encouraging their customers to upgrade their browsers to ones that support post-quantum–safe certificates.”

15) Proofpoint: The Proofpoint report is titled Cybersecurity in 2026: Agentic AI, Cloud Chaos and the Human Factor. It begins: “As we look ahead to 2026, it’s clear that the cybersecurity landscape will only grow more unpredictable. The past year reshaped how we think about both threats and defense, driven by rapid advances in generative and agentic AI, an increasingly complex cloud ecosystem, and the merging of nation-state and criminal tactics. …”

Here are some of their predictions:

“AI Agents Will Become the New Insider Threat”
“Agentic AI Will Both Dominate and Redefine Security”
“Detection Engineering in the Age of AI-as-a-Service”
“AI Blind Spots Will Become the Next CISO Nightmare”
“AI Will Be Both the Tool and the Target”
“Cloud Security Faces Its ‘FIDO Downgrade’ Moment”
“Espionage Actors Go Dark and Get Personal”

Next week I’ll release the second part of this report, “The Top 25 Security Predictions for 2026 (Part 2),” including:

Reports 16 to 26
Five bonus reports worth a second look
Honorable mention reports and prediction lists
Awards for the best reports and predictions in various categories
My final thoughts on what may be missing from these 2025 security predictions

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts