The threat model has changed as artificial intelligence lowers the barrier to entry for cybercrime. Attack velocity and threat veracity have increased exponentially. Impersonation and automation are weaponised, and trust has become a commoditised rarity. According to the World Economic Forum Global Cybersecurity Outlook 2026, cybersecurity sits ‘at the heart of trust’, which means that intelligence, skills, systems and solutions have to work collaboratively to mitigate the risks. There has been a structural pivot in how attacks are executed and how trust is being exploited.
The most obvious and talked about cause of the threat explosion is AI. It has lowered the barrier to entry for cybercrime by providing access to easy-to-use tools that handle reconnaissance, content creation, and automation. The technology, says Moodys, has made it possible for cybercriminals to create platforms capable of creating, managing and launching large-scale attacks.
The INTERPOL Africa Cyberthreat Assessment Report 2025 has found that Africa is losing around $3 billion annually to cybercrime. This figure is a spotlight on a criminal economy that’s organised, industrialised and well funded. And for business leaders, the implications are clear – smart application of security budgets towards identity protection, intelligent automation and pre-emptive defence.
Identity is key, it has become the new perimeter and an operational necessity. As synthetic identities, non-human accounts and AI-generated impersonation increase, traditional credential-based access controls are insufficient. Deepfake enabled fraud is already affecting the threat ecosystem significantly. Arecent report by the Entrust Cybersecurity Institute found that a deepfake attack took place every five minutes in 2024, with digital forgeries rising by 244% year-on-year. These attacks are targeting boardrooms, suppliers, third-party service providers, employees and workflows.
This impersonation risk has moved into the executive decision-making environment with smart threats that are difficult to detect, Compromised Teams meetings, a spoofed supplier interaction or a fake executive authorisation can result in people making financial transactions or contractual commitments that cost the business hefty sums before the fraud is detected. And money isn’t the only fallout of the crime, reputation and operational damage almost always go hand in hand with a successful crime.
AI-driven identity and access management must therefore become a core investment priority. Systems need to distinguish between human and synthetic identities, continuously validate behaviour and apply risk-based authentication controls. Zero trust must extend across the entire business ecosystem.
Another priority area is automation which has to be intelligently implemented to ensure AI doesn’t grant access to AI, and that systems are realistically leveraging AI solutions. AI-powered tools are rapidly entering the market making very impressive promises, but the reality is more complex. As security operations centres (SOCs) grow increasingly overwhelmed with alert fatigue and thousands of daily events, AI-driven triage, contextual investigation and automation are essential. They provide much-needed support and can fundamentally improve productivity and response times.
However, full automation without governance is a risk. Automatically blocking executive communications or disabling systems based on misinterpreted signals can disrupt operations and erode trust in the security function. The correct approach is blended intelligence: AI to accelerate detection and investigation, human oversight to manage business impact.
Then there is the supply chain risk that’s gaining momentum. It is one of the leading ecosystem risks affecting cyber-resilience, with many successful zero day exploits and ransomware campaigns originating through third-party compromise. In Africa and globally, smaller suppliers often lack the resources to implement advanced security controls and this imbalance creates exposure for larger enterprises. A compromised supplier with remote access to financial or operational systems runs the risk of becoming a direct pathway to a breach.
Third-party risk management needs to evolve from compliance checklists to active monitoring. Threat modelling, continuous assessment and behavioural analytics are required to identify anomalous activity before damage occurs.
Finally, there’s quantum. Advances in quantum computing are challenging long-standing assumptions about cryptographic strength and while large-scale commoditised quantum capability is not yet widespread, research breakthroughs have demonstrated the potential to break sophisticated encryption algorithms. Organisations should begin evaluating post-quantum cryptographic strategies and ensure that infrastructure upgrades over the next two to three years consider long-term resilience.
This year, security is under pressure to become anticipatory as opposed to reactive. Instead of alert>>response>>remediation, security needs to become agile and engaged, identifying pre-attack reconnaissance patterns, anomalous lateral movement or early stage command-and-control communication before ransomware deployment or data exfiltration even happens. While no system can predict every attack, the next phase of cyber-defence will come down to strategy, resilience and agility to ensure companies can minimise both the risk and impact of an attack.
