Geopolitics is set to become the dominant cybersecurity risk of 2026, the Information Security Forum warns, as nation states intensify digital espionage and pressure on critical infrastructure — and even paper back-ups regain importance as a last line of defence when systems fail
Cybersecurity risk in 2026 will be shaped less by opportunistic criminals than by geopolitics, as nation states increasingly weaponise technology, information and infrastructure, according to the Information Security Forum (ISF).
Speaking in a new broadcast interview, Steve Durbin, CEO, ISF, said the convergence of political tension, digital dependency and state-backed capability is pushing organisations into a far more volatile threat environment.
“If 2026 is anything like 2025, we’re going to have a bumpy year,” Durbin said. “Society has become very dependent on technology and nation states have understood that there is a lot of value in the information that is out there.”
Durbin warned that espionage has undergone a fundamental transformation. Activity that once required physical presence, risk and human networks can now be conducted remotely, at scale and with far lower cost.
“Espionage has been around for centuries but today there’s no need for spies to do things the hard way like they did in the past,” he said. “They can work from home very easily, so espionage has changed completely.”
That change, he argued, places businesses, public bodies and critical infrastructure directly in the firing line of geopolitical conflict, whether they see themselves as political actors or not.
“We have to come back to critical infrastructure,” Durbin said. “If you’re a key player in that space, you will be under significant attack at some point in time, if not already.”
The ISF believes governments have become increasingly aware that political leverage can be exercised through digital disruption as well as diplomacy.
“Some governments have woken up to the fact that politics itself can be weaponised,” Durbin said. “Others have understood they need to be playing a very strong defensive game, depending on where they happen to be in the world.”
He stressed that governments rarely operate alone; and that the security of national systems is deeply entwined with the private sector.
“Governments rarely work in isolation and work alongside large corporates,” he said. “It is this public–private partnership that we need to be focusing on in a geopolitical context.”
Durbin also raised concerns that many of the world’s largest organisations are failing to prepare for the long-term implications of quantum computing, despite the sensitivity of the data they hold.
Some sectors, he warned, will face particularly severe consequences if encrypted records become vulnerable.
On regulation, Durbin reiterated the ISF’s long-held position that compliance alone does not deliver security, while acknowledging that voluntary action may no longer be sufficient.
Looking ahead, Durbin argued that no single organisation or sector can address geopolitically driven cyber risk alone.
“From now on, I think there is a need for us to embrace a cross-industry approach to sharing information,” he added.
Source - C Nugent-Isitt, CP Media Global
Disclaimer – The details expressed in this post are from the organisations responsible for circulating this post for publication and the views are of the spokespersons. This website doesn’t endorse the details published here. Readers are urged to use their own discretion while making a decision about using this information in any way. There has been no monetary benefit to the Publisher/Editor/Website Owner for publishing this post and the Website Owner takes no responsibility for the impacts of using this information in any way.