The cybersecurity landscape is about to get considerably more complex, according to Forrester’s latest predictions report. As artificial intelligence advances and geopolitical tensions intensify, Chief Information Security Officers (CISOs) will face unprecedented challenges in protecting their organizations.
AI Agents Will Cause Major Breaches
The report predicts that autonomous AI systems will cause a significant public data breach in 2026, leading to employee terminations. As companies rush to deploy AI agents that work independently, many are skipping crucial security safeguards. These systems may prioritize speed over accuracy, especially in customer-facing roles, creating vulnerabilities that didn’t exist before. The blame game that follows will likely target individual employees, though these failures typically stem from organizational shortcomings rather than personal mistakes.
Governments Take Control of Telecom
Following massive cyberespionage campaigns like Salt Typhoon—which breached over 600 organizations across 80 countries—governments worldwide will assert unprecedented control over telecommunications infrastructure. Forrester predicts that at least five nations will nationalize or heavily restrict critical telecom assets in 2026. Countries like Australia, Italy, and the United States are already moving in this direction, recognizing that commercial telecom providers have become attractive targets for nation-state hackers who can operate undetected for years.
Europe Builds Its Own Vulnerability Database
The European Union will establish its own database of known exploited vulnerabilities, potentially outpacing America’s CISA KEV system. This move follows disruptions in the U.S.-maintained CVE system and proposed budget cuts to CISA. The EU’s unified cybersecurity regulations will enable faster vulnerability coordination and intelligence sharing across borders, reducing dependence on foreign systems.
Quantum Computing Demands Urgent Action
Security spending on quantum-resistant technologies will exceed 5% of IT security budgets as organizations race against the clock. Commercial quantum computers capable of breaking current encryption methods could arrive within a decade—possibly sooner. With NIST mandating the deprecation of RSA and ECC encryption by 2030, companies must invest now in consulting services, cryptographic discovery tools, and migration planning. This is no longer just a concern for banks and critical infrastructure—every CISO must act.
A Doomed Merger Looms
Finally, Forrester predicts an aging IT services company will acquire a struggling cybersecurity firm in a desperate bid for relevance. Despite marketing spin about AI-enabled security services, the merger will fail due to legacy infrastructure, talent attrition, and misaligned strategies. Customers should prepare to negotiate discounts and plan exit strategies.
