As we begin 2026, the cybersecurity landscape is shifting away from isolated technical threats toward a complex overlap of technology, industry, and society that requires a move beyond traditional controls toward total cyber resilience.
Below are front-line insights from Erik Montcalm, Senior VP of Services & Technologies at SecureOps, as we evaluate what we’ve recently observed, worked with, and heard about in our discussions with customers and buyers over the last year.
The rapid adoption of AI changes the employee-employer relationship. When AI is used to automate tasks, workers often see it as a replacement rather than an assistant, creating job insecurity and resentment. This devaluation of service can turn former defenders into insider threats who exfiltrate data to "even the score" or secure their own financial future before an expected layoff.
Beyond the displacement friction, Montcalm focuses on the growing erosion in loyalty with this observation:
"People feel in general like multinationals don't necessarily have their back anymore. It's not a two-sided street."
Montcalm also notes that modern insider threats are shifting from simple sabotage to financial opportunism.
"I think the potential of insider threats who ‘steal with the intent to resell’ is actually a very big risk factor here. We've seen insider threat data leaks from people who realized they were on the list to get laid off and are actually exfiltrating data."
Market Validation: From 2019 to 2024, the number of organizations reporting insider attacks increased from 66% of organizations to 76%. This corroborates our observation that insider threats are a growing problem.
We’re hearing more about organizations losing expertise as they adopt automation and AI-based tools, which risks a hollowing out of foundational knowledge.
This dynamic hits an industry already struggling with a global workforce gap of 4.8 million unfilled roles, a shortfall that has exploded as demand outpaces the ability to train new talent.
The concern entering 2026 is restricted traditional, entry-level pathways as AI absorbs repetitive detection and triage. This shift threatens to exacerbate the existing talent crisis by preventing new entrants from gaining the hands-on experience required to eventually step into senior leadership.
Montcalm considers it a critical, long-term threat to the industry's survival. He argues that the drive for short-term efficiency destroys the essential environment where future experts are forged.
"The easiest place to start inside a SOC is at the level ones. They do the least complex tasks, but that's also how they learn. I don't know where we're going to get our intermediates and our seniors if nobody's hiring and training juniors."
"This is one of the biggest problems we're going to have with AI... we're breaking the system."
Market Validation: This "mentorship gap" is becoming a critical strategic concern. While AI clears the operational "noise," it often absorbs the foundational work that historically built the technical intuition and "muscle memory" senior leaders rely on during high-stakes crises. Data from ISC2 already shows a trend toward organizations favoring candidates with existing hands-on experience, further raising the barrier for the new talent needed to fill the growing 4.8 million-person gap.
We’re seeing that threat actors are rapidly adopting AI tools to accelerate reconnaissance and target acquisition. By leveraging generative AI to automate common tasks and high-speed analysis, attackers are turning standard intrusions into advanced multi-pronged campaigns. This shift moves AI-driven threats from simple experimentation into a stage of large-scale deployment, increasing the pressure on security teams who must now defend against attacks operating at machine speed.
While the ISF highlights the growing technical complexity, Montcalm looks beyond the growth in technical complexity to focus on the logical economic progression of cybercrime.
"It's the inevitable trajectory of cyber security. From the attacker's point of view, it's just ROI, right? How do I get more value for my human labor?"
Montcalm argues the only viable strategy is a parallel adoption of AI to maintain defensive parity.
"The only proper response is an arms race. AI attacks require AI defense. You need to be able to keep pace."
Market Validation: Attackers have operationalized generative AI as a "force multiplier," using automated systems to scrape data and build detailed target profiles without human intervention. Kela indicates that automated intrusions and AI-driven ransomware are moving into broad deployment, with malicious AI tool mentions on the dark web spiking by 219%.
As organizations pursue digital transformation, they are increasingly connecting formerly isolated production hardware to corporate IT networks. While this enables better data gathering and remote management, it also exposes older operational ICS equipment to external threats, turning once-secure industrial environments into targets for disruption and takeover. This integration is no longer a choice for many; it is a prerequisite for modernizing security and resilience in a landscape where air-gapped systems have become a liability.
In addition to the rising risk to production schedules, Montcalm frames this convergence as a calculated tradeoff.
"The old trend for ICS/PT was really to segment it off and leave it alone. That's changed with a lot of incidents and cyber insurance. We now have no choice but to patch and/or securely connect these environments to enable new features, automation, and the savings gained from remote maintenance. The risk of something terrible happening because it hasn't been patched in years outweighs the small risk that it'll be easier for attackers to get in. It’s a necessary evil.”
Market Validation: The shift in attacker focus is already measurable. Many cybercrime ransomware groups have pivoted toward operational and production hardware, with one industry expert noting that attacks on these systems grew by 87% in 2024.
Threat actors are finding it increasingly easy to create fake personas or mimic real people, using generative AI to fool hiring and authentication systems. This industrialized deception is rapidly eroding the out-of-band trust models that organizations have relied on for decades. As deepfakes become more convincing, traditional verification methods—such as a help desk technician recognizing an employee's voice—are failing, forcing a total reassessment of how to prove identity in a digital environment.
Montcalm believes that many established biometric and remote trust systems are already obsolete.
"There's a lot of authentication systems that I wouldn't trust anymore. I’ve seen evidence that they're removing voice prints now. It's pretty easy to record someone's voice to feed it to an AI and get it to say whatever you want."
Montcalm predicts that the only reliable solution is a return to physical, hardware-based verification and in-person procedures.
"You're going to see more and more hardware tokens and fingerprints. Finding out-of-band ways to authenticate outside of SMS or voice will depend on the degree of access of the user. A call center agent with little access can probably still rely on the old methods. But a sysadmin may be asked to pick up equipment at the nearest corp location. Help desk calling the user is probably not good practice anymore."
Market Validation: Gartner estimates that by 2026, 30% of enterprises will no longer consider identity verification and authentication to be reliable in isolation.
As we enter 2026, survival depends on resilience that delivers business continuity rather than just prevention. This evolution of cyber threats requires a strategy that manages the overlap of physical, geopolitical, and human factors. Montcalm warns that this is a systemic labor pool problem that technology alone cannot fix.
To build a resilient posture, leaders should focus on:
By protecting the "human bench" while adopting autonomous defenses, CISOs can stop reacting to the horizon and start mastering it.
To learn more about how security teams are maturing their tactics, read: AI Grows Up: The 2026 Shift to Standardized Enterprise Defense.