The digitalization of companies has led to the emergence of a new, complex and volatile risk: cyber risk. Threats like Ransomware affect companies of all sizes and sectors, and the financial, operational and reputational consequences can be disastrous. 2025 has been a year marked by the use of artificial intelligence in all areas, also in cybercrime, exceeding a hitherto unimaginable threshold, making the threat increasingly severe for companies.

Given this situation, Vincent Nguyen, director of cybersecurity at Stoïk, Europe’s first insurtech specialized in cyber risks for companies with revenues of up to 1,000M euros, shares his vision about the 8 trends that will mark the cybersecurity sector in companies in 2026:

  • Ransomware, the silent threat

Ransomware has been the great enemy of companies for a long time, however, it has never been so silent or undetectable as now. Cybercriminals are using AI tools to steal credentials through infostealers, API abuse, or even by hijacking SaaS tools. This has made the line between technical intrusion and operational fraud increasingly blurred, so that the same incident can now be classified as an intrusion, leak and manipulation, all in a single attack. Furthermore, large platforms such as Microsoft 365, Google Workspace or ERP SaaS have become favorite targets to attack, a situation that occurs not due to technical inefficiencies, but due to excess access and permissions to the teams, which makes the platforms increasingly vulnerable.

  • A Europe divided in two before the arrival of the NIS2 directive

With this new European regulation, the authorities want to reinforce the computer security of the most critical sectors to guarantee greater protection of their networks and data against possible cyber attacks. Its objective is that key services such as energy, transportation, banking and health can continue to function even if they suffer an attack, quickly notifying the authorities of what happened and working with increasingly higher quality standards, which will allow greater prevention and response to digital threats. However, the NIS2 directive is causing a clash in compliance between critical sectors that may have the necessary resources to carry it out and smaller suppliers and SMEs that are having difficulty meeting these requirements, which is causing Europe to go at two speeds. In addition, companies are allocating most of their budgets to obtaining certifications that guarantee compliance with regulations, instead of being able to invest it in greater protection against threats, which is causing greater fatigue in the sector.

Artificial intelligence has triggered cases of executive impersonation through deepfakes and voice cloning, allowing attackers to precisely imitate senior management profiles with the intention of using it in financial fraud, blackmail or to generate disinformation. In this way, vishing, which previously occurred occasionally, has now become an increasingly common form of attack thanks to these technologies.

  • The supply chain, the weakest link

In 2025 we have seen several attacks targeting widely used software programs such as open source libraries or browser extensions, a situation that leaves not only these companies vulnerable but also those companies they provide services to, leaving them completely exposed. To avoid this, it is important that companies audit all supplier systems and prioritize solutions that appear safer in their design from the beginning.

  • Sports events, target of cybercrime

Sports events such as the 2026 Soccer World Cup or the Winter Olympic Games have recently become the number one target for cybercriminals as they are events that have a large influx of followers and are totally dependent on digital infrastructures. In this way, ticketing systems and streaming platforms to public WiFi and technical infrastructures can be attacked by hackers. Therefore, coordination and cooperation between organizers and institutions is increasingly important to try to avoid any security breach that could compromise the event and its security.

Cybercriminals are using AI tools for credential theft, API abuse, or by hijacking SaaS tools

  • Disinformation enters the electoral campaign

During 2026, there will be new elections in different countries and regions of Europe. Outside our borders, it will be time to vote in France while, in our country, in June the elections will be held in Andalusia. However, in recent times we have seen how electoral periods have become fertile ground for digital manipulation: deepfakes, disinformation campaigns driven by bots, orchestrated leaks and attacks on results information websites are some of the issues that cybercriminals pursue in politics. The objective remains the same: to undermine confidence in the electoral process. In this way, the periods before and after the elections are always especially delicate, becoming a target for attackers of local governments, electoral databases and vote counting infrastructures, often being carried out as distraction maneuvers.

  • A much more mature generation of cybercriminals

The hackers who began their criminal career back in 2010 and 2015 have achieved a degree of technical and organizational maturity that has allowed them to experiment with new technologies and tools such as artificial intelligence, IoT, robotics or industrial systems, making their activity much more severe. On the other hand, new cybercriminals seek to earn more quickly, so companies are shielding themselves and strengthening their defenses to avoid these attacks. In this way, while some become professional, others begin to commit crimes in a much more amateur way, coexisting more complex and fully directed attacks with clumsier and simpler actions.

  • 360º Cybersecurity, the new paradigm for the protection of companies in the age of AI

In order to defend companies from increasingly sophisticated attacks, there are integrated solutions that protect from all points, such as Stoïk, which carries out rapid and efficient management of any incident through the prevention, detection and neutralization of threats, response to incidents with an internal CERT and cyber insurance in the event of an accident. “At Stoïk, we not only have the promise to pay in the event of an incident, but we also become a proactive agent helping the client with their cybersecurity,” declares Juan Ignacio Ramallo, Country Manager Iberia at Stoïk.

Vincent Nguyen, director of cybersecurity at Stoïk

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.