Cyber attacks skyrocketed for businesses in 2025, with a 50% rise on 2024. According to the Cyber Breaches Survey 2025, this affected 43% of UK businesses.

As businesses become increasingly digital, the likelihood of them being targeted by criminals increases. This is exacerbated by the rise of AI, which threat actors can utilise to drive smarter, faster attack attempts at scale. And this brings significant repercussions for businesses.

Data from the UK government estimates a breach costs a business, regardless of any size, an average of approximately £1,600. That isn’t to mention the reputational and operational damage a successful attack can bring to your business.

On top of this, many businesses are feeling the pressure to protect themselves. More than two-thirds of SMBs lack ‘fully actionable’ cyber security strategies. And as threat levels rise, this strategy is key to falling victim or being resilient.

The best way to prepare your strategy and protect your organisation is to know the risks you’re facing. And these have evolved rapidly in the last 12 months, and will continue to do so. With this in mind, we’ve listed to the biggest threats to be aware of in 2026, with tips to safeguard against them.

What are the biggest cyber threats of 2026?

1. AI-powered phishing and impersonation fraud

This threat preys on your most vulnerable asset: your staff. Phishing used to be easy to spot, thanks to poor grammar, unknown sender names and obvious urgency. Those days are gone. Phishing has evolved, due to:

• AI scalability: Generative AI tools allow criminals to produce thousands of perfectly worded, highly contextualized scam emails every hour. What was once a slow, manual spear phishing attack is now done en masse, increasing the volume and quality of threats exponentially.

• Voice and video deepfakes: The cost and complexity of creating realistic cloned voices (vishing) of your CEO or CFO have dropped to near zero. A criminal needs just seconds of recorded audio to convincingly impersonate a senior leader, bypassing all the technical safeguards designed to protect your network.

• Human trust is weaponised: The attack is no longer a technical intrusion; it’s a social hack that weaponises the trust, respect and urgency employees feel toward their superiors, making the human element the weakest point in your entire security chain.

The risk is immediate, catastrophic financial loss via wire transfer fraud that is nearly impossible to recover, coupled with a deep erosion of confidence in all digital communications.

Safeguarding tips

• Mandate strong verification: Implement a strict, non-negotiable policy that requires two people to approve all large payments or data transfers. This verification must be done outside of the email or phone call (e.g. using a secure internal chat or a known, pre-verified phone number).

• Invest in training: Conduct regular, realistic security training that teaches employees how to spot AI-generated fakes, not just old-school typos.

• Enforce MFA: Ensure multi-factor authentication (MFA) is mandatory for every employee account, especially email and financial logins.

2. Ransomware and triple extortion

Ransomware is no longer just a digital hostage situation; it’s a guaranteed crisis designed to extract payment through maximum pain. The technical sophistication of these attacks has plateaued, but the business cruelty has escalated dramatically. This is due to a number of factors:

1. The RaaS model: The barrier to entry has plummeted thanks to Ransomware-as-a-Service (RaaS). This business model provides the tools and infrastructure to low-skill criminals, making sophisticated attacks accessible to virtually anyone who wants to pay a cut of the ransom.

2. Triple extortion: The pressure point has shifted. It’s no longer just about encryption. Criminals now steal your data and threaten to leak it publicly and report the breach to your customers, partners and regulators (like the ICO), creating massive PR and legal fallout.

3. Targeted speed: Attackers no longer spray-and-pray. They use AI tools to quickly identify and target weaknesses in high-value businesses, ensuring the attack is launched within hours of gaining initial access, before your security teams can react.

This can lead to complete business shutdown, massive regulatory fines (GDPR, CCPA) and potential class-action lawsuits stemming from leaked client data.

Safeguarding tips

• Offline backups: Ensure your critical data is backed up and that at least one copy is kept offline or air-gapped (untouchable by your main network). This is your ultimate insurance policy.

• Prioritise updates: Ensure your IT team has a formal process to immediately install security updates and patches, especially on public-facing systems.

• Test your plan: Have an updated, tested incident response plan. You need to know exactly who to call (legal, PR, technical teams) the moment an attack starts.

3. Autonomous AI attack agents

This represents the next quantum leap in cyber crime, moving from human-led attacks to machine-led warfare. These are sophisticated systems that can operate entirely on their own, making decisions and adapting in real-time.

This method brings:

1. Speed of compromise: Human security teams are used to responding to threats in hours or days. Autonomous agents operate in minutes or seconds. They can automatically scan for weaknesses, develop a custom exploit and gain a foothold before your security logs even flag the initial probe.

2. Adaptive and evasive: These agents don’t rely on pre-written code that security software can easily recognise. They use AI to generate adaptive malware that changes its code signature and behaviour instantly to slip past detection tools.

3. Resource multiplier: A small group of highly skilled criminal developers can deploy a massive fleet of autonomous agents, allowing them to attack thousands of organisations simultaneously with minimal human effort.

The leaves zero warning time against sophisticated breaches, rendering traditional human-staffed defences ineffective and pushing incident response into the realm of automation.

Safeguarding tips

• Embrace Zero Trust: Adopt a Zero Trust security model. This means no user or device is trusted by default. Access must be verified constantly, reducing the chance of an attacker moving freely once they get inside.

• Automate defence: Invest in modern security systems that use their own AI capabilities to automatically detect and block attacks. You must fight machine speed with machine speed.

• Limit privileges: Ensure employees only have the minimum system access (privileges) required to do their job. If an account is compromised, the damage is minimised.

4. Software supply chain and API exploitation

We live in a deeply connected digital world where your security perimeter now extends to every vendor, software library and cloud service you use. Attackers target this interconnectivity for maximum leverage. This causes:

1. The domino effect: A successful supply chain attack (like injecting malware into a trusted software update) allows criminals to breach thousands of organisations simultaneously via a single entry point. The collateral damage is exponential and difficult to predict.

2. The API blind spot: APIs (Application Programming Interfaces) are the pipes that connect your internal systems, partners and customers. Because they are often built quickly and are rarely monitored like traditional firewalls, they are full of security flaws, like broken authentication, excessive data exposure and undocumented shadow APIs. Gartner predicts that insecure APIs will soon be the top attack vector for web-enabled applications.

3. Cloud identity hijack: Your company relies on third-party cloud tools (SaaS). If a cyber criminal compromises a trusted vendor’s identity or configuration, they can bypass your entire security stack and access your data directly in the cloud.

This leads to massive, system-wide data breaches that originate outside your own network and are therefore harder to prevent and detect. It can also erode relationships and trust across the supply chain.

Safeguarding tips

• Vet your vendors: Institute a formal vendor risk management process. Require all critical third-party software and service providers to meet your security standards before you partner with them.

• Inventory all data flows: Get a clear picture of all the APIs your business uses and ensure the IT team is treating them as critical security assets, not just programming tools.

• Cloud configuration check-ups: If you use cloud services (like Microsoft Azure or AWS), ensure there are automated tools running constantly to check that settings are correct and secure.

5. Attacks on physical systems (OT/IoT)

This is the most terrifying type of cyber threat because the attack moves beyond data theft and causes physical harm or catastrophic operational failure.

This issue has grown, thanks to:

1. IT/OT convergence: The divide between your office network (IT) and your production environment (Operational Technology or OT – think factory controls, building management, utilities) is dissolving. Attackers exploit weak IoT devices (smart cameras and cheap sensors) attached to the office network to jump into the sensitive OT systems.

2. Increased sophistication: Cyber criminals and state-sponsored groups are moving away from simple denial-of-service attacks to highly sophisticated, custom-built malware designed specifically to destroy or sabotage industrial control systems.

3. The safety risk: A breach in this area is not just a financial loss; it can lead to dangerous shutdowns, explosions, facility damage or contamination, putting employee and public safety at risk.

The risk is direct threats to human life, massive environmental and facility damage, and the inability to produce goods or deliver services (e.g. stopping a manufacturing line or shutting down a distribution centre).

Safeguarding tips

• Separate networks: Mandate that your production systems (OT) are completely separated and isolated from your regular corporate network (laptops, email). This prevents a ransomware attack on an office computer from reaching the factory floor.

• Inventory and secure connected devices: Your IT team must have a full, up-to-date list of every connected device. All default passwords must be changed immediately and unnecessary external access must be blocked.

• Monitor physical systems: Invest in specialised monitoring tools that can detect unusual activity within your OT environment before it leads to a physical incident.

Don’t wait for the next breach: winning the fight with Zero Trust

With the threat landscape defined by AI-powered speed and triple-extortion pressure, attacks against businesses are no longer a matter of if, but when. It is crucial to solidify your defences before you face the significant financial, reputational and operational consequences that a modern breach guarantees.

Fortunately, the strategy to overcome these sophisticated threats is available. The world’s leading security experts (including Microsoft) have invested substantial sums into creating innovative solutions centred on a proven strategy: Zero Trust.

In this free, expert-led session, security specialists from Infinity Group, joined by leading Microsoft experts, will give you practical, actionable advice tailored for the current threat landscape facing modern businesses. You will gain the guidance needed to implement a Zero Trust strategy that truly protects your operations, even as cyber threats evolve.

Access the webinar today.