As global economic pressures increase and budgets across both public and private sectors are cut, Anthony Young, CEO at Bridewell, a company that provides cybersecurity services to CNI organisations, is warning of a critical inflection point for 2026, where organisations are facing more cyber threats with fewer resources to defend against them.
According to Young, the cumulative effect of years of belt-tightening across cybersecurity teams and agencies is beginning to surface in major breaches and systemic failures. “Many organisations have been forced to delay modernisation, freeze hiring and reduce investment in defensive capabilities,” said Young. “The result is fewer defenders, slower detection, and weakened resilience, just as adversaries become more aggressive and technologically advanced.”
This year alone has already painted a stark picture. Major supply chain attacks, including a massive compromise of Oracle Cloud affecting over 140,000 tenants and the Salesloft/Drift breach, have demonstrated how underinvestment in cyber resilience can cascade across entire digital ecosystems. Even industrial sectors have been hit hard; for instance, Jaguar Land Rover’s factory shutdown following a cyberattack disrupted production for weeks and exposed the fragility of global supply chains.
Young warned that these incidents are not isolated events, but symptomatic of a deeper issue. “Unfortunately, it’s unlikely that 2025’s headline breaches are not the peak, they’re the warning signs. As we move into 2026, the legacy of these cuts will continue to degrade organisations’ defensive posture. We’ll likely see fewer, but far more impactful, attacks focused on shared platforms, third-party suppliers and critical infrastructure.”
He also acknowledged the societal aspect of the problem at large. Alongside highly coordinated campaigns by criminal and state-backed groups, Bridewell has observed a sharp rise in so-called ‘casual’ cyber aggression. Increasingly, attacks are being launched by loosely connected individuals, often teenagers, using freely available tools or AI-assisted exploit kits.
“This new wave of attackers doesn’t always fit the traditional profile,” explained Young. “We’re seeing a generation that grew up online, with access to open-source data, leaked credentials and automated tools that make disruption easy. What’s changed is the lack of deterrence. In online communities, the reputational rewards of causing chaos often outweigh the perceived risk by these individuals of getting caught.”
Bridewell believes this blend of economic strain, social disaffection and accessible hacking technology is fuelling a dangerous convergence. With reduced resources for defenders and a surge in opportunistic threat actors, organisations face a double blow between complex, targeted attacks on one hand and erratic, highly visible disruptions on the other.
“Cybersecurity is now facing the same kind of social and economic pressures that drive crime in the physical world,” said Young. “When times get tough and oversight weakens, the barrier to entry for malicious activity falls. If we continue underinvesting in resilience and accountability, we risk normalising cyber aggression as a form of expression or protest.”
Looking ahead to 2026, Bridewell predicts that cyber incidents will become less frequent but far more destructive, with greater operational, reputational and regulatory fallout for unprepared organisations. To mitigate this, Young stressed that technical measures must be matched with broader efforts to rebuild digital accountability, shared defence mechanisms and societal norms around online harm.
The post Bridewell CEO gives cyber predictions for 2026 appeared first on IT Security Guru.
The original article found on IT Security Guru Read More
