As cybersecurity leaders look ahead at the threat landscape, one theme is impossible to ignore. While technology continues to evolve at an unprecedented speed, cyber attackers are still finding most success by exploiting people.
Across discussions from leading security experts, threat intelligence specialists and industry practitioners, several trends emerged across Infosecurity Europe 2026.
From AI-powered ransomware operations and deepfake-enabled fraud to the growing importance of cyber resilience and risk quantification, it’s clear that organisations need to combine strong technical controls with a mature approach to managing human risk to succeed in the fight against cybercrime.
Here are our key takeaways from the event.
AI is Supercharging the Cybercrime Economy
Cybercrime has evolved into a sophisticated commercial ecosystem, and AI is only accelerating its growth.
Ransomware operations now resemble fully industrialised supply chains, with specialist groups offering everything from initial access services to negotiation support and data extortion. Attack volumes continue to rise, while the time between initial compromise and impact is shrinking dramatically. In some cases, attackers can now move from initial access to significant network compromise in just a few hours.
The emergence of AI-powered tools on underground forums is also lowering barriers to entry. Weaponised large language models, automated phishing kits, voice-cloning services, and AI-enhanced malware are becoming increasingly accessible through subscription-style models. Like legitimate software providers, cybercriminal groups are increasingly using a “freemium” business model, offering basic tools or limited access for free to attract new users, then charging for more advanced features, greater functionality, technical support, or access to premium attack capabilities.
What’s most concerning is the rise of AI-driven social engineering. Voice cloning technologies can now generate convincing impersonations from just 3 seconds of audio, creating new opportunities for fraud, business email compromise, and executive impersonation attacks.
While AI has transformed attacker capabilities, it hasn’t replaced traditional attack methods, it’s just made them more convincing, scalable and difficult to detect.
Phishing Remains the Primary Entry Point
Despite years of security awareness campaigns and tech investments, phishing remains one of the most effective attack vectors today.
Credential theft, account compromise, and voice phishing dominate initial access techniques across all organisations. Attackers are increasingly combining multiple channels like email, phone calls, messaging platforms and social media to create more convincing, personalised campaigns.
The growing use of deepfakes and synthetic media is also adding an extra layer of complexity. Employees now can’t rely on visual or audio cues to see whether a request is legitimate. As AI-generated content becomes more realistic, verification processes and behavioural awareness become even more important.
This shows that organisations can no longer focus all of their cyber security awareness training on email threats. Employees must be prepared to recognise and respond to deception tactics across every communication channel.
The Human Layer Is the Most Targeted Attack Surface
One of the strongest recurring themes at Infosecurity was the continued importance of human behaviour in cyber risk.
Attackers know that compromising a person is much easier than compromising a system. Whether through phishing, social engineering, insider threats, or identity-based attacks, human behaviour is central to attack success and organisational defence.
The psychology behind these attacks has changed very little. Modern social engineering still relies on many of the same principles used in traditional espionage: exploiting trust, urgency, authority, fear, greed, and curiosity.
To strengthen security, organisations need to understand what’s driving these threats. Technical controls are still essential but are significantly more effective when employees know their role in identifying threats, reporting suspicious activity, and following secure practices.
This change reflects a broader industry recognition that cyber security isn’t just a technology challenge, but a people one too.
Identity Has Become the New Security Perimeter
Cloud services, hybrid working, SaaS platforms and interconnected business ecosystems have changed how organisations operate today. As a result, identity is now emerging as the primary control point for security.
Attackers are more often targeting credentials, authentication systems, and user access pathways because they offer efficient routes into business-critical systems. Even organisations with strong technical controls can be vulnerable if attackers successfully compromise legitimate accounts.
Security leaders are responding by adopting continuous identity verification, stronger authentication controls, behavioural monitoring, and more robust access governance frameworks, but technology alone can’t solve the problem. Employees need to understand the importance of credential security, multi-factor authentication, proper access management, and secure behaviour when interacting with digital systems to protect organisations.
Visibility and Context Are Becoming More Valuable Than Data Volume
Many organisations have access to vast amounts of security data, the challenge they have is turning that data into action.
A recurring concern among security professionals is that organisations still struggle to prioritise threats. When every alert appears critical, teams get overwhelmed, which leads to delayed responses and missed risks.
The most successful organisations are focusing on actionable intelligence rather than just collecting information. Security data is only valuable when it provides clear context, supports decision-making, and identifies specific actions that need to be taken.
The same principle applies to human risk management. By understanding which behaviours create the most risk, security teams can focus their efforts where they will make the biggest difference.
AI Security Must Become a Governance Priority
While attention is focused on how attackers are using AI, organisations also need to consider the risks associated with their own AI usage.
Many businesses are rapidly integrating AI tools into their workflows without understanding the security implications. New risks are emerging across different layers, including prompt injection attacks, data poisoning, compromised AI supply chains, and autonomous AI systems making incorrect decisions at machine speed.
Unlike traditional software, AI systems can behave unpredictably and may confidently generate inaccurate outputs. When connected to automated workflows, these errors can create significant risks.
AI governance is rapidly becoming a board-level issue. Organisations need to establish clear policies, usage guidelines, oversight mechanisms, and employee education to ensure AI is adopted responsibly.
Cyber Security Investment Is Shifting Towards Measurable Outcomes
Economic pressures are forcing organisations to scrutinise cyber security spend more carefully than ever. Rather than investing in standalone technologies, many are adopting scenario-based risk modelling to evaluate their security investments. The focus is shifting from purchasing more tools to identifying which controls provide the greatest reduction in risk.
This approach is particularly relevant when assessing human risk. Security leaders increasingly require evidence that awareness programmes, phishing simulations, and behavioural initiatives are delivering measurable improvements.
Metrics like phishing susceptibility, reporting rates, policy engagement, and behavioural change are important indicators of overall cyber resilience.
Building Resilience for an Uncertain Future
One of the most important takeaways from the event is that uncertainty has become a permanent feature of the cyber security landscape.
Geopolitical instability, AI-driven disruption, increasingly sophisticated attackers, and rapidly evolving technologies mean organisations can’t rely on prevention-focused strategies.
The most resilient organisations are preparing for incidents before they occur, practising response scenarios, strengthening identity controls, improving visibility, and embedding security awareness into everyday operations.
Technology will continue to evolve, but people will always play a central role in business security.
As cyber threats grow in sophistication and AI reshapes attack and defence strategies, organisations that can combine technology, governance, and behavioural resilience will be best placed to navigate the challenges ahead.
For security leaders, the priority should be building cyber resilience and empowering your people to make secure decisions.
Ready to reduce human cyber risk?
MetaCompliance helps organisations transform cyber security awareness into measurable behavioural change through security awareness training, automated phishing simulations, proper policy management, and human risk intelligence.
Discover how MetaCompliance can help your organisation strengthen cyber resilience, reduce human risk, and your prepare employees for the next generation of AI-powered threats.
Book a demo today and see how you can turn your workforce into a stronger line of defence.